From 300ab7da633159017dcc71c8141de4cb5ec86529 Mon Sep 17 00:00:00 2001 From: Cisco Talos CNA Date: Fri, 2 Dec 2022 04:01:45 -0500 Subject: [PATCH 001/754] Submitting published CVEs --- 2022/27xxx/CVE-2022-27498.json | 62 +++++++++++++++++++++++++++++++--- 2022/28xxx/CVE-2022-28703.json | 62 +++++++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29511.json | 62 +++++++++++++++++++++++++++++++--- 2022/29xxx/CVE-2022-29517.json | 62 +++++++++++++++++++++++++++++++--- 2022/32xxx/CVE-2022-32573.json | 62 +++++++++++++++++++++++++++++++--- 2022/32xxx/CVE-2022-32763.json | 62 +++++++++++++++++++++++++++++++--- 6 files changed, 348 insertions(+), 24 deletions(-) diff --git a/2022/27xxx/CVE-2022-27498.json b/2022/27xxx/CVE-2022-27498.json index 509d02751e8c..eee0ff564662 100644 --- a/2022/27xxx/CVE-2022-27498.json +++ b/2022/27xxx/CVE-2022-27498.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-12-01", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1531", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1531" } ] + }, + "impact": { + "cvss": { + "baseScore": 9.1, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lansweeper", + "product": { + "product_data": [ + { + "product_name": "lansweeper", + "version": { + "version_data": [ + { + "version_value": "10.1.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/28xxx/CVE-2022-28703.json b/2022/28xxx/CVE-2022-28703.json index b8b9e0c3188e..afecacb067de 100644 --- a/2022/28xxx/CVE-2022-28703.json +++ b/2022/28xxx/CVE-2022-28703.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-28703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-12-01", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1532", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1532" } ] + }, + "impact": { + "cvss": { + "baseScore": 9.1, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lansweeper", + "product": { + "product_data": [ + { + "product_name": "lansweeper", + "version": { + "version_data": [ + { + "version_value": "10.1.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29511.json b/2022/29xxx/CVE-2022-29511.json index f4152fa5ad77..cfc339441299 100644 --- a/2022/29xxx/CVE-2022-29511.json +++ b/2022/29xxx/CVE-2022-29511.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-29511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-12-01", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1530", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1530" } ] + }, + "impact": { + "cvss": { + "baseScore": 9.1, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lansweeper", + "product": { + "product_data": [ + { + "product_name": "lansweeper", + "version": { + "version_data": [ + { + "version_value": "10.1.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29517.json b/2022/29xxx/CVE-2022-29517.json index 5e9cfbe136de..a4a45e707ac1 100644 --- a/2022/29xxx/CVE-2022-29517.json +++ b/2022/29xxx/CVE-2022-29517.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-29517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-12-01", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1529", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1529" } ] + }, + "impact": { + "cvss": { + "baseScore": 9.9, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lansweeper", + "product": { + "product_data": [ + { + "product_name": "lansweeper", + "version": { + "version_data": [ + { + "version_value": "10.1.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32573.json b/2022/32xxx/CVE-2022-32573.json index 5c3125ed3618..51e9d495148e 100644 --- a/2022/32xxx/CVE-2022-32573.json +++ b/2022/32xxx/CVE-2022-32573.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32573", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-12-01", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1528", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1528" } ] + }, + "impact": { + "cvss": { + "baseScore": 9.9, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lansweeper", + "product": { + "product_data": [ + { + "product_name": "lansweeper", + "version": { + "version_data": [ + { + "version_value": "10.1.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32763.json b/2022/32xxx/CVE-2022-32763.json index 0c2cec9ee961..02476fd3ab6d 100644 --- a/2022/32xxx/CVE-2022-32763.json +++ b/2022/32xxx/CVE-2022-32763.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-12-01", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1541", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1541" } ] + }, + "impact": { + "cvss": { + "baseScore": 9.1, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-184: Incomplete Blacklist" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lansweeper", + "product": { + "product_data": [ + { + "product_name": "lansweeper", + "version": { + "version_data": [ + { + "version_value": "10.1.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file From 33d51bf9c34704f69cc0356daa2700a8585be180 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Dec 2022 17:00:37 +0000 Subject: [PATCH 002/754] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23517.json | 86 ++++++++++++++++++++++++++++++++-- 2022/23xxx/CVE-2022-23518.json | 86 ++++++++++++++++++++++++++++++++-- 2022/23xxx/CVE-2022-23519.json | 81 ++++++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46073.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46074.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46117.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46118.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46119.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46120.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46121.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46122.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46123.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46124.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46125.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46126.json | 56 +++++++++++++++++++--- 2022/46xxx/CVE-2022-46127.json | 56 +++++++++++++++++++--- 16 files changed, 891 insertions(+), 90 deletions(-) diff --git a/2022/23xxx/CVE-2022-23517.json b/2022/23xxx/CVE-2022-23517.json index 0cd8ad65ad89..f7168cc9259b 100644 --- a/2022/23xxx/CVE-2022-23517.json +++ b/2022/23xxx/CVE-2022-23517.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": "< 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1684163", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1684163" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979" + } + ] + }, + "source": { + "advisory": "GHSA-5x79-w82f-gw8w", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23518.json b/2022/23xxx/CVE-2022-23518.json index 180ee7ec7d36..879733df3876 100644 --- a/2022/23xxx/CVE-2022-23518.json +++ b/2022/23xxx/CVE-2022-23518.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": ">= 1.0.3, < 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1694173", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1694173" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/issues/135", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/issues/135" + } + ] + }, + "source": { + "advisory": "GHSA-mcvf-2q2m-x72m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" } ] } diff --git a/2022/23xxx/CVE-2022-23519.json b/2022/23xxx/CVE-2022-23519.json index ad445e8a915c..dc3e83f635e9 100644 --- a/2022/23xxx/CVE-2022-23519.json +++ b/2022/23xxx/CVE-2022-23519.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": "< 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h" + }, + { + "url": "https://hackerone.com/reports/1656627", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1656627" + } + ] + }, + "source": { + "advisory": "GHSA-9h9g-93gc-623h", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46073.json b/2022/46xxx/CVE-2022-46073.json index 93e39f05b89b..59c8ea98b8a0 100644 --- a/2022/46xxx/CVE-2022-46073.json +++ b/2022/46xxx/CVE-2022-46073.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=jT09Uiwl0Jo&ab_channel=IkariShinji", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=jT09Uiwl0Jo&ab_channel=IkariShinji" } ] } diff --git a/2022/46xxx/CVE-2022-46074.json b/2022/46xxx/CVE-2022-46074.json index fad1a0f1392e..9ac374b956de 100644 --- a/2022/46xxx/CVE-2022-46074.json +++ b/2022/46xxx/CVE-2022-46074.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46074", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=5Q3vyTo02bc&ab_channel=IkariShinji", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=5Q3vyTo02bc&ab_channel=IkariShinji" } ] } diff --git a/2022/46xxx/CVE-2022-46117.json b/2022/46xxx/CVE-2022-46117.json index 07f95b37fed0..e4cee1ef561a 100644 --- a/2022/46xxx/CVE-2022-46117.json +++ b/2022/46xxx/CVE-2022-46117.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46117", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46117", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-1.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-1.md" } ] } diff --git a/2022/46xxx/CVE-2022-46118.json b/2022/46xxx/CVE-2022-46118.json index 1de0e47e2243..b0a40c9e225d 100644 --- a/2022/46xxx/CVE-2022-46118.json +++ b/2022/46xxx/CVE-2022-46118.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46118", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46118", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-2.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-2.md" } ] } diff --git a/2022/46xxx/CVE-2022-46119.json b/2022/46xxx/CVE-2022-46119.json index e9f7f332fe13..a91d02181a0f 100644 --- a/2022/46xxx/CVE-2022-46119.json +++ b/2022/46xxx/CVE-2022-46119.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46119", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46119", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-3.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-3.md" } ] } diff --git a/2022/46xxx/CVE-2022-46120.json b/2022/46xxx/CVE-2022-46120.json index ab5538fa1e4f..34aa5980bea5 100644 --- a/2022/46xxx/CVE-2022-46120.json +++ b/2022/46xxx/CVE-2022-46120.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46120", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46120", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-4.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-4.md" } ] } diff --git a/2022/46xxx/CVE-2022-46121.json b/2022/46xxx/CVE-2022-46121.json index 8ffdd4263cb5..d3f9e38759ec 100644 --- a/2022/46xxx/CVE-2022-46121.json +++ b/2022/46xxx/CVE-2022-46121.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46121", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46121", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-5.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-5.md" } ] } diff --git a/2022/46xxx/CVE-2022-46122.json b/2022/46xxx/CVE-2022-46122.json index 1fb2ab424aab..6a6ea1681736 100644 --- a/2022/46xxx/CVE-2022-46122.json +++ b/2022/46xxx/CVE-2022-46122.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46122", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46122", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-6.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-6.md" } ] } diff --git a/2022/46xxx/CVE-2022-46123.json b/2022/46xxx/CVE-2022-46123.json index 197b1b634421..5f270dc4d051 100644 --- a/2022/46xxx/CVE-2022-46123.json +++ b/2022/46xxx/CVE-2022-46123.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46123", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46123", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-7.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-7.md" } ] } diff --git a/2022/46xxx/CVE-2022-46124.json b/2022/46xxx/CVE-2022-46124.json index ba7294840aca..2b7d0721fa37 100644 --- a/2022/46xxx/CVE-2022-46124.json +++ b/2022/46xxx/CVE-2022-46124.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-9.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-9.md" } ] } diff --git a/2022/46xxx/CVE-2022-46125.json b/2022/46xxx/CVE-2022-46125.json index 431058c1437f..1b4dead02839 100644 --- a/2022/46xxx/CVE-2022-46125.json +++ b/2022/46xxx/CVE-2022-46125.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46125", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46125", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-10.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-10.md" } ] } diff --git a/2022/46xxx/CVE-2022-46126.json b/2022/46xxx/CVE-2022-46126.json index ecf87992c727..89db74cae4a6 100644 --- a/2022/46xxx/CVE-2022-46126.json +++ b/2022/46xxx/CVE-2022-46126.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46126", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46126", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-8.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-8.md" } ] } diff --git a/2022/46xxx/CVE-2022-46127.json b/2022/46xxx/CVE-2022-46127.json index bbf36fbd0b6b..fa87729ac2d7 100644 --- a/2022/46xxx/CVE-2022-46127.json +++ b/2022/46xxx/CVE-2022-46127.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46127", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46127", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-11.md", + "url": "https://github.com/HMHYHM/bug_report/blob/main/vendors/oretnom23/helmet-store-showroom-site/SQLi-11.md" } ] } From be0d4583dc65fadeeee635480ebf38760dc61a0d Mon Sep 17 00:00:00 2001 From: Mike Bailey Date: Wed, 14 Dec 2022 12:12:30 -0500 Subject: [PATCH 003/754] add CVE-2022-46255 --- 2022/46xxx/CVE-2022-46255.json | 85 ++++++++++++++++++++++++++++------ 1 file changed, 70 insertions(+), 15 deletions(-) diff --git a/2022/46xxx/CVE-2022-46255.json b/2022/46xxx/CVE-2022-46255.json index c1ea61d5c6a8..12adef278dcd 100644 --- a/2022/46xxx/CVE-2022-46255.json +++ b/2022/46xxx/CVE-2022-46255.json @@ -1,18 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-46255", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-46255", + "STATE": "PUBLIC", + "TITLE": "Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.7", + "version_value": "3.7.1" + } + ] + } + } + ] + }, + "vendor_name": "GitHub" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "yvvdwf" } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. \nA check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug.\nThis vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. \nThis vulnerability was reported via the GitHub Bug Bounty program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file From 2763e85d8ee19a8670b24e206e322e6edd16790b Mon Sep 17 00:00:00 2001 From: Mike Bailey Date: Wed, 14 Dec 2022 12:28:04 -0500 Subject: [PATCH 004/754] add CVE-2022-46256 --- 2022/46xxx/CVE-2022-46256.json | 121 +++++++++++++++++++++++++++++---- 1 file changed, 106 insertions(+), 15 deletions(-) diff --git a/2022/46xxx/CVE-2022-46256.json b/2022/46xxx/CVE-2022-46256.json index c1ddef00caf0..0d299e2e866c 100644 --- a/2022/46xxx/CVE-2022-46256.json +++ b/2022/46xxx/CVE-2022-46256.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-46256", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-46256", + "STATE": "PUBLIC", + "TITLE": "Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3", + "version_value": "3.3.17" + }, + { + "version_affected": "<", + "version_name": "3.4", + "version_value": "3.4.12" + }, + { + "version_affected": "<", + "version_name": "3.5", + "version_value": "3.5.9" + }, + { + "version_affected": "<", + "version_name": "3.6", + "version_value": "3.6.5" + }, + { + "version_affected": "<", + "version_name": "3.7", + "version_value": "3.7.2" + } + ] + } + } + ] + }, + "vendor_name": "GitHub" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "yvvdwf" } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.2" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file From c55a36fd611079f20c1d28aff3030b37b5ec0423 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Dec 2022 18:00:39 +0000 Subject: [PATCH 005/754] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23520.json | 81 ++++++++++++- 2022/23xxx/CVE-2022-23527.json | 81 ++++++++++++- 2022/35xxx/CVE-2022-35295.json | 5 + 2022/44xxx/CVE-2022-44910.json | 56 ++++++++- 2022/46xxx/CVE-2022-46071.json | 56 ++++++++- 2022/46xxx/CVE-2022-46072.json | 56 ++++++++- 2022/46xxx/CVE-2022-46255.json | 133 ++++++++++----------- 2022/46xxx/CVE-2022-46256.json | 207 +++++++++++++++++---------------- 2022/46xxx/CVE-2022-46443.json | 56 ++++++++- 2022/4xxx/CVE-2022-4497.json | 18 +++ 2022/4xxx/CVE-2022-4498.json | 18 +++ 11 files changed, 568 insertions(+), 199 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4497.json create mode 100644 2022/4xxx/CVE-2022-4498.json diff --git a/2022/23xxx/CVE-2022-23520.json b/2022/23xxx/CVE-2022-23520.json index 6767978b7d2f..b46625fb4f73 100644 --- a/2022/23xxx/CVE-2022-23520.json +++ b/2022/23xxx/CVE-2022-23520.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": "< 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8" + }, + { + "url": "https://hackerone.com/reports/1654310", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1654310" + } + ] + }, + "source": { + "advisory": "GHSA-rrfc-7g8p-99q8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23527.json b/2022/23xxx/CVE-2022-23527.json index 7deaf1117fe7..218434dd9f20 100644 --- a/2022/23xxx/CVE-2022-23527.json +++ b/2022/23xxx/CVE-2022-23527.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mod_auth_openidc is an OpenID Certified\u2122 authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zmartzone", + "product": { + "product_data": [ + { + "product_name": "mod_auth_openidc", + "version": { + "version_data": [ + { + "version_value": "< 2.4.12.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53", + "refsource": "MISC", + "name": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53" + }, + { + "url": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984", + "refsource": "MISC", + "name": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984" + } + ] + }, + "source": { + "advisory": "GHSA-q6f2-285m-gr53", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/35xxx/CVE-2022-35295.json b/2022/35xxx/CVE-2022-35295.json index 4ea30f3bcd27..c3cdbdb5b3fd 100644 --- a/2022/35xxx/CVE-2022-35295.json +++ b/2022/35xxx/CVE-2022-35295.json @@ -74,6 +74,11 @@ "refsource": "FULLDISC", "name": "20221213 SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)", "url": "http://seclists.org/fulldisclosure/2022/Dec/12" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html" } ] } diff --git a/2022/44xxx/CVE-2022-44910.json b/2022/44xxx/CVE-2022-44910.json index b657c64740ad..9680b3a5e64d 100644 --- a/2022/44xxx/CVE-2022-44910.json +++ b/2022/44xxx/CVE-2022-44910.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44910", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44910", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yangfar/CVE/blob/main/Reference%20of%20Binbloom.md", + "refsource": "MISC", + "name": "https://github.com/yangfar/CVE/blob/main/Reference%20of%20Binbloom.md" } ] } diff --git a/2022/46xxx/CVE-2022-46071.json b/2022/46xxx/CVE-2022-46071.json index 022ad9ff00da..be14f9040f11 100644 --- a/2022/46xxx/CVE-2022-46071.json +++ b/2022/46xxx/CVE-2022-46071.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46071", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=5wit1Arzwxs&feature=youtu.be", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=5wit1Arzwxs&feature=youtu.be" } ] } diff --git a/2022/46xxx/CVE-2022-46072.json b/2022/46xxx/CVE-2022-46072.json index b65cea2615b1..a185efcb1d93 100644 --- a/2022/46xxx/CVE-2022-46072.json +++ b/2022/46xxx/CVE-2022-46072.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46072", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=jBAVUSzBL_M&ab_channel=IkariShinji", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=jBAVUSzBL_M&ab_channel=IkariShinji" } ] } diff --git a/2022/46xxx/CVE-2022-46255.json b/2022/46xxx/CVE-2022-46255.json index 12adef278dcd..726cb1dab423 100644 --- a/2022/46xxx/CVE-2022-46255.json +++ b/2022/46xxx/CVE-2022-46255.json @@ -1,73 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-cna@github.com", - "ID": "CVE-2022-46255", - "STATE": "PUBLIC", - "TITLE": "Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "GitHub Enterprise Server", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.7", - "version_value": "3.7.1" - } - ] + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-46255", + "STATE": "PUBLIC", + "TITLE": "Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.7", + "version_value": "3.7.1" + } + ] + } + } + ] + }, + "vendor_name": "GitHub" } - } ] - }, - "vendor_name": "GitHub" } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "yvvdwf" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. \nA check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug.\nThis vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. \nThis vulnerability was reported via the GitHub Bug Bounty program." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { + }, + "credit": [ + { "lang": "eng", - "value": "CWE-22" - } + "value": "yvvdwf" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1", + "name": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1" - } - ] - }, - "source": { - "discovery": "EXTERNAL" - } + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46256.json b/2022/46xxx/CVE-2022-46256.json index 0d299e2e866c..da2a3e571016 100644 --- a/2022/46xxx/CVE-2022-46256.json +++ b/2022/46xxx/CVE-2022-46256.json @@ -1,109 +1,114 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-cna@github.com", - "ID": "CVE-2022-46256", - "STATE": "PUBLIC", - "TITLE": "Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "GitHub Enterprise Server", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.3", - "version_value": "3.3.17" - }, - { - "version_affected": "<", - "version_name": "3.4", - "version_value": "3.4.12" - }, - { - "version_affected": "<", - "version_name": "3.5", - "version_value": "3.5.9" - }, - { - "version_affected": "<", - "version_name": "3.6", - "version_value": "3.6.5" + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-46256", + "STATE": "PUBLIC", + "TITLE": "Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3", + "version_value": "3.3.17" + }, + { + "version_affected": "<", + "version_name": "3.4", + "version_value": "3.4.12" + }, + { + "version_affected": "<", + "version_name": "3.5", + "version_value": "3.5.9" + }, + { + "version_affected": "<", + "version_name": "3.6", + "version_value": "3.6.5" + }, + { + "version_affected": "<", + "version_name": "3.7", + "version_value": "3.7.2" + } + ] + } + } + ] }, - { - "version_affected": "<", - "version_name": "3.7", - "version_value": "3.7.2" - } - ] + "vendor_name": "GitHub" } - } ] - }, - "vendor_name": "GitHub" } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "yvvdwf" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { + }, + "credit": [ + { "lang": "eng", - "value": "CWE-22" - } + "value": "yvvdwf" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.2" - } - ] - }, - "source": { - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17", + "name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12", + "name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9", + "name": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5", + "name": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.2", + "name": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.2" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46443.json b/2022/46xxx/CVE-2022-46443.json index fe29917510f4..27add459b16d 100644 --- a/2022/46xxx/CVE-2022-46443.json +++ b/2022/46xxx/CVE-2022-46443.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46443", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46443", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=Dmjk6uOU8vY", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=Dmjk6uOU8vY" } ] } diff --git a/2022/4xxx/CVE-2022-4497.json b/2022/4xxx/CVE-2022-4497.json new file mode 100644 index 000000000000..b1bfb964c1e3 --- /dev/null +++ b/2022/4xxx/CVE-2022-4497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4498.json b/2022/4xxx/CVE-2022-4498.json new file mode 100644 index 000000000000..3b3f2912077a --- /dev/null +++ b/2022/4xxx/CVE-2022-4498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From fe66677ccad343b4af22d37cc7d3ca4713b64fca Mon Sep 17 00:00:00 2001 From: Mike Bailey Date: Wed, 14 Dec 2022 13:17:20 -0500 Subject: [PATCH 006/754] Add CVE-2022-23741 --- 2022/23xxx/CVE-2022-23741.json | 112 ++++++++++++++++++++++++++++----- 1 file changed, 97 insertions(+), 15 deletions(-) diff --git a/2022/23xxx/CVE-2022-23741.json b/2022/23xxx/CVE-2022-23741.json index d11609c74000..baab8be58f0b 100644 --- a/2022/23xxx/CVE-2022-23741.json +++ b/2022/23xxx/CVE-2022-23741.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-23741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-23741", + "STATE": "PUBLIC", + "TITLE": "Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3", + "version_value": "3.3.17" + }, + { + "version_affected": "<", + "version_name": "3.4", + "version_value": "3.4.12" + }, + { + "version_affected": "<", + "version_name": "3.5", + "version_value": "3.5.9" + }, + { + "version_affected": "<", + "version_name": "3.6", + "version_value": "3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "GitHub" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vaibhav Singh (@vaib25vicky)" } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.0 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9" + }, + { + "refsource": "CONFIRM", + "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file From e169b61aa640372f8d157d6676cc0ffbd4a16698 Mon Sep 17 00:00:00 2001 From: Mike Bailey Date: Wed, 14 Dec 2022 13:23:30 -0500 Subject: [PATCH 007/754] Add CVE-2022-23741.json --- 2022/23xxx/CVE-2022-23741.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2022/23xxx/CVE-2022-23741.json b/2022/23xxx/CVE-2022-23741.json index baab8be58f0b..6d446a2f9da4 100644 --- a/2022/23xxx/CVE-2022-23741.json +++ b/2022/23xxx/CVE-2022-23741.json @@ -58,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.0 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program." + "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, From 55abef5a5f6dd0c0955aa39b27802502862200a3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Dec 2022 19:00:38 +0000 Subject: [PATCH 008/754] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23741.json | 188 +++++++++++++++++---------------- 2022/23xxx/CVE-2022-23748.json | 13 ++- 2022/31xxx/CVE-2022-31700.json | 50 ++++++++- 2022/31xxx/CVE-2022-31701.json | 50 ++++++++- 2022/31xxx/CVE-2022-31702.json | 50 ++++++++- 2022/31xxx/CVE-2022-31703.json | 50 ++++++++- 2022/31xxx/CVE-2022-31705.json | 50 ++++++++- 2022/36xxx/CVE-2022-36227.json | 12 ++- 2022/42xxx/CVE-2022-42919.json | 7 +- 2022/44xxx/CVE-2022-44636.json | 5 + 2022/4xxx/CVE-2022-4499.json | 18 ++++ 2022/4xxx/CVE-2022-4500.json | 18 ++++ 12 files changed, 398 insertions(+), 113 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4499.json create mode 100644 2022/4xxx/CVE-2022-4500.json diff --git a/2022/23xxx/CVE-2022-23741.json b/2022/23xxx/CVE-2022-23741.json index 6d446a2f9da4..dd29cc20d54e 100644 --- a/2022/23xxx/CVE-2022-23741.json +++ b/2022/23xxx/CVE-2022-23741.json @@ -1,100 +1,104 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-cna@github.com", - "ID": "CVE-2022-23741", - "STATE": "PUBLIC", - "TITLE": "Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "GitHub Enterprise Server", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.3", - "version_value": "3.3.17" + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-23741", + "STATE": "PUBLIC", + "TITLE": "Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3", + "version_value": "3.3.17" + }, + { + "version_affected": "<", + "version_name": "3.4", + "version_value": "3.4.12" + }, + { + "version_affected": "<", + "version_name": "3.5", + "version_value": "3.5.9" + }, + { + "version_affected": "<", + "version_name": "3.6", + "version_value": "3.6.5" + } + ] + } + } + ] }, - { - "version_affected": "<", - "version_name": "3.4", - "version_value": "3.4.12" - }, - { - "version_affected": "<", - "version_name": "3.5", - "version_value": "3.5.9" - }, - { - "version_affected": "<", - "version_name": "3.6", - "version_value": "3.6.5" - } - ] + "vendor_name": "GitHub" } - } ] - }, - "vendor_name": "GitHub" } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Vaibhav Singh (@vaib25vicky)" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { + }, + "credit": [ + { "lang": "eng", - "value": "CWE-863" - } + "value": "Vaibhav Singh (@vaib25vicky)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5" - } - ] - }, - "source": { - "discovery": "EXTERNAL" - } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17", + "name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12", + "name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9", + "name": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5", + "name": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23748.json b/2022/23xxx/CVE-2022-23748.json index 17b6510b108a..a0be63fd9670 100644 --- a/2022/23xxx/CVE-2022-23748.json +++ b/2022/23xxx/CVE-2022-23748.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Audinate Dante Discovery, Zoom Rooms", + "product_name": "Audinate Dante Application Library for Windows", "version": { "version_data": [ { - "version_value": "All versions prior to and including 1.3.0.0" + "version_value": "All versions prior to and including 1.2.0" } ] } @@ -46,8 +46,13 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/", - "url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/" + "name": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/,", + "url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/," + }, + { + "refsource": "MISC", + "name": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748", + "url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748" } ] }, diff --git a/2022/31xxx/CVE-2022-31700.json b/2022/31xxx/CVE-2022-31700.json index 309bb52200a7..b828b4a7be66 100644 --- a/2022/31xxx/CVE-2022-31700.json +++ b/2022/31xxx/CVE-2022-31700.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)", + "version": { + "version_data": [ + { + "version_value": "VMware Workspace ONE Access (Multiple Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated Remote Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2." } ] } diff --git a/2022/31xxx/CVE-2022-31701.json b/2022/31xxx/CVE-2022-31701.json index 8e0bca8fa54c..e8451feaa21d 100644 --- a/2022/31xxx/CVE-2022-31701.json +++ b/2022/31xxx/CVE-2022-31701.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)", + "version": { + "version_data": [ + { + "version_value": "VMware Workspace ONE Access (Multiple Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Broken Authentication Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3." } ] } diff --git a/2022/31xxx/CVE-2022-31702.json b/2022/31xxx/CVE-2022-31702.json index 793ff904e969..6aed26bf5593 100644 --- a/2022/31xxx/CVE-2022-31702.json +++ b/2022/31xxx/CVE-2022-31702.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vRealize Network Insight (vRNI)", + "version": { + "version_data": [ + { + "version_value": "6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware vRealize Network Insight (vRNI) contains command injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication." } ] } diff --git a/2022/31xxx/CVE-2022-31703.json b/2022/31xxx/CVE-2022-31703.json index 5a603aae2851..0d8fee5a1362 100644 --- a/2022/31xxx/CVE-2022-31703.json +++ b/2022/31xxx/CVE-2022-31703.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vRealize Network Insight (vRNI)", + "version": { + "version_data": [ + { + "version_value": "6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware vRealize Network Insight (vRNI) contains a directory traversal vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server." } ] } diff --git a/2022/31xxx/CVE-2022-31705.json b/2022/31xxx/CVE-2022-31705.json index e26b810738fa..109a114c1f64 100644 --- a/2022/31xxx/CVE-2022-31705.json +++ b/2022/31xxx/CVE-2022-31705.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion (Fusion), VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware ESXi (8.0 prior to ESXi80a-20842819, 7.0 prior to ESXi70U3si-20841705, VMware Workstation Pro / Player (16.x prior to 16.2.5), VMware Fusion Pro / Fusion (12.x prior to 12.2.5), VMware Cloud Foundation (4.x, 3.x)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap out-of-bounds write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0033.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0033.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed." } ] } diff --git a/2022/36xxx/CVE-2022-36227.json b/2022/36xxx/CVE-2022-36227.json index 70e989659b85..1417b9eab8de 100644 --- a/2022/36xxx/CVE-2022-36227.json +++ b/2022/36xxx/CVE-2022-36227.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"" + "value": "In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"" } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "url": "https://github.com/libarchive/libarchive/issues/1754", + "refsource": "MISC", + "name": "https://github.com/libarchive/libarchive/issues/1754" + }, { "url": "https://github.com/libarchive/libarchive/issues/1754", "refsource": "MISC", @@ -61,6 +66,11 @@ "refsource": "MISC", "name": "https://bugs.gentoo.org/882521", "url": "https://bugs.gentoo.org/882521" + }, + { + "refsource": "MISC", + "name": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215", + "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215" } ] } diff --git a/2022/42xxx/CVE-2022-42919.json b/2022/42xxx/CVE-2022-42919.json index 93e70826ee9d..fdbd8d1cbec3 100644 --- a/2022/42xxx/CVE-2022-42919.json +++ b/2022/42xxx/CVE-2022-42919.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9." + "value": "Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9." } ] }, @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221209-0006/", "url": "https://security.netapp.com/advisory/ntap-20221209-0006/" + }, + { + "refsource": "MISC", + "name": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840", + "url": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840" } ] } diff --git a/2022/44xxx/CVE-2022-44636.json b/2022/44xxx/CVE-2022-44636.json index 3e68eea73aef..e18f1874d19d 100644 --- a/2022/44xxx/CVE-2022-44636.json +++ b/2022/44xxx/CVE-2022-44636.json @@ -56,6 +56,11 @@ "url": "https://samsung.com", "refsource": "MISC", "name": "https://samsung.com" + }, + { + "refsource": "MISC", + "name": "https://samsungtvbounty.com/securityUpdates", + "url": "https://samsungtvbounty.com/securityUpdates" } ] } diff --git a/2022/4xxx/CVE-2022-4499.json b/2022/4xxx/CVE-2022-4499.json new file mode 100644 index 000000000000..d3889fb21225 --- /dev/null +++ b/2022/4xxx/CVE-2022-4499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4500.json b/2022/4xxx/CVE-2022-4500.json new file mode 100644 index 000000000000..ec07aad9aa66 --- /dev/null +++ b/2022/4xxx/CVE-2022-4500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 7b4ac4d120df10fff535620038cd7c0216d6ca11 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Dec 2022 21:00:38 +0000 Subject: [PATCH 009/754] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2601.json | 50 ++++++++++++++++++-- 2022/38xxx/CVE-2022-38488.json | 76 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3104.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3105.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3106.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3107.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3108.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3110.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3111.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3112.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3113.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3114.json | 55 ++++++++++++++++++++-- 2022/3xxx/CVE-2022-3115.json | 55 ++++++++++++++++++++-- 2022/46xxx/CVE-2022-46340.json | 55 ++++++++++++++++++++-- 2022/46xxx/CVE-2022-46341.json | 55 ++++++++++++++++++++-- 2022/46xxx/CVE-2022-46342.json | 55 ++++++++++++++++++++-- 2022/46xxx/CVE-2022-46343.json | 55 ++++++++++++++++++++-- 2022/46xxx/CVE-2022-46344.json | 55 ++++++++++++++++++++-- 2022/47xxx/CVE-2022-47406.json | 76 ++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47407.json | 76 ++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47408.json | 76 ++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47409.json | 76 ++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47410.json | 76 ++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47411.json | 76 ++++++++++++++++++++++++++++++ 2022/4xxx/CVE-2022-4283.json | 55 ++++++++++++++++++++-- 2022/4xxx/CVE-2022-4501.json | 84 ++++++++++++++++++++++++++++++++++ 26 files changed, 1541 insertions(+), 60 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47406.json create mode 100644 2022/47xxx/CVE-2022-47407.json create mode 100644 2022/47xxx/CVE-2022-47408.json create mode 100644 2022/47xxx/CVE-2022-47409.json create mode 100644 2022/47xxx/CVE-2022-47410.json create mode 100644 2022/47xxx/CVE-2022-47411.json create mode 100644 2022/4xxx/CVE-2022-4501.json diff --git a/2022/2xxx/CVE-2022-2601.json b/2022/2xxx/CVE-2022-2601.json index 28cc682b1a46..221cc26ef137 100644 --- a/2022/2xxx/CVE-2022-2601.json +++ b/2022/2xxx/CVE-2022-2601.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "grub2", + "version": { + "version_data": [ + { + "version_value": "grub2 2.06 and lower" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122->CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism." } ] } diff --git a/2022/38xxx/CVE-2022-38488.json b/2022/38xxx/CVE-2022-38488.json index 482f9f4e1754..f849feee4f1a 100644 --- a/2022/38xxx/CVE-2022-38488.json +++ b/2022/38xxx/CVE-2022-38488.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-38488", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-38488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/diogosouza/logrocket-oauth2-example", + "refsource": "MISC", + "name": "https://github.com/diogosouza/logrocket-oauth2-example" + }, + { + "url": "https://archive.ph/PecmD", + "refsource": "MISC", + "name": "https://archive.ph/PecmD" + }, + { + "url": "https://blog.logrocket.com/implement-oauth-2-0-node-js/", + "refsource": "MISC", + "name": "https://blog.logrocket.com/implement-oauth-2-0-node-js/" + }, + { + "url": "https://archive.ph/VlGDa", + "refsource": "MISC", + "name": "https://archive.ph/VlGDa" + }, + { + "refsource": "MISC", + "name": "https://github.com/secoats/cve/tree/master/CVE-2022-38488_sqli_logrocket-oauth2-example", + "url": "https://github.com/secoats/cve/tree/master/CVE-2022-38488_sqli_logrocket-oauth2-example" } ] } diff --git a/2022/3xxx/CVE-2022-3104.json b/2022/3xxx/CVE-2022-3104.json index 4dac2e6aa073..6ce194713317 100644 --- a/2022/3xxx/CVE-2022-3104.json +++ b/2022/3xxx/CVE-2022-3104.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=4a9800c81d2f34afb66b4b42e0330ae8298019a2", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=4a9800c81d2f34afb66b4b42e0330ae8298019a2" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153062", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153062" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference." } ] } diff --git a/2022/3xxx/CVE-2022-3105.json b/2022/3xxx/CVE-2022-3105.json index a858db1ee8f2..97e12baaf93c 100644 --- a/2022/3xxx/CVE-2022-3105.json +++ b/2022/3xxx/CVE-2022-3105.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=7694a7de22c53a312ea98960fcafc6ec62046531", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=7694a7de22c53a312ea98960fcafc6ec62046531" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153067", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153067" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array()." } ] } diff --git a/2022/3xxx/CVE-2022-3106.json b/2022/3xxx/CVE-2022-3106.json index b1223d5f7289..c51825f7092a 100644 --- a/2022/3xxx/CVE-2022-3106.json +++ b/2022/3xxx/CVE-2022-3106.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=407ecd1bd726f240123f704620d46e285ff30dd9", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=407ecd1bd726f240123f704620d46e285ff30dd9" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153066", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153066" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc()." } ] } diff --git a/2022/3xxx/CVE-2022-3107.json b/2022/3xxx/CVE-2022-3107.json index 919c090924de..95e0deacb9fe 100644 --- a/2022/3xxx/CVE-2022-3107.json +++ b/2022/3xxx/CVE-2022-3107.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=886e44c9298a6b428ae046e2fa092ca52e822e6a", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=886e44c9298a6b428ae046e2fa092ca52e822e6a" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153060", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153060" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference." } ] } diff --git a/2022/3xxx/CVE-2022-3108.json b/2022/3xxx/CVE-2022-3108.json index ca2e07db6856..549adb2f7fcc 100644 --- a/2022/3xxx/CVE-2022-3108.json +++ b/2022/3xxx/CVE-2022-3108.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.17-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-252" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=abfaf0eee97925905e742aa3b0b72e04a918fa9e", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=abfaf0eee97925905e742aa3b0b72e04a918fa9e" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153052", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153052" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup()." } ] } diff --git a/2022/3xxx/CVE-2022-3110.json b/2022/3xxx/CVE-2022-3110.json index 1a091051a987..a56252fc3bca 100644 --- a/2022/3xxx/CVE-2022-3110.json +++ b/2022/3xxx/CVE-2022-3110.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=f94b47c6bde624d6c07f43054087607c52054a95", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=f94b47c6bde624d6c07f43054087607c52054a95" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153055", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153055" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference." } ] } diff --git a/2022/3xxx/CVE-2022-3111.json b/2022/3xxx/CVE-2022-3111.json index 2af5fbd444b7..68f3d98b105f 100644 --- a/2022/3xxx/CVE-2022-3111.json +++ b/2022/3xxx/CVE-2022-3111.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=6dee930f6f6776d1e5a7edf542c6863b47d9f078", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=6dee930f6f6776d1e5a7edf542c6863b47d9f078" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153059", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153059" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger()." } ] } diff --git a/2022/3xxx/CVE-2022-3112.json b/2022/3xxx/CVE-2022-3112.json index ba6d5c0eedd0..c29f6a14f23c 100644 --- a/2022/3xxx/CVE-2022-3112.json +++ b/2022/3xxx/CVE-2022-3112.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=c8c80c996182239ff9b05eda4db50184cf3b2e99", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=c8c80c996182239ff9b05eda4db50184cf3b2e99" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153068", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153068" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference." } ] } diff --git a/2022/3xxx/CVE-2022-3113.json b/2022/3xxx/CVE-2022-3113.json index 3809352f9256..e68d92ae7e1d 100644 --- a/2022/3xxx/CVE-2022-3113.json +++ b/2022/3xxx/CVE-2022-3113.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e25a89f743b18c029bfbe5e1663ae0c7190912b0", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e25a89f743b18c029bfbe5e1663ae0c7190912b0" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153053", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153053" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference." } ] } diff --git a/2022/3xxx/CVE-2022-3114.json b/2022/3xxx/CVE-2022-3114.json index 4840810c7878..1894c7b57876 100644 --- a/2022/3xxx/CVE-2022-3114.json +++ b/2022/3xxx/CVE-2022-3114.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=ed713e2bc093239ccd380c2ce8ae9e4162f5c037", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=ed713e2bc093239ccd380c2ce8ae9e4162f5c037" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153054", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153054" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference." } ] } diff --git a/2022/3xxx/CVE-2022-3115.json b/2022/3xxx/CVE-2022-3115.json index 7bf2e8855342..b5cc74b727ba 100644 --- a/2022/3xxx/CVE-2022-3115.json +++ b/2022/3xxx/CVE-2022-3115.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 5.16-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=73c3ed7495c67b8fbdc31cf58e6ca8757df31a33", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=73c3ed7495c67b8fbdc31cf58e6ca8757df31a33" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153058", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153058" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference." } ] } diff --git a/2022/46xxx/CVE-2022-46340.json b/2022/46xxx/CVE-2022-46340.json index 680b352062ad..a9e34092a8a3 100644 --- a/2022/46xxx/CVE-2022-46340.json +++ b/2022/46xxx/CVE-2022-46340.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46340", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "xorg-x11-server-1.20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-46340", + "url": "https://access.redhat.com/security/cve/CVE-2022-46340" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order." } ] } diff --git a/2022/46xxx/CVE-2022-46341.json b/2022/46xxx/CVE-2022-46341.json index a32d49360a46..bfdc184938c2 100644 --- a/2022/46xxx/CVE-2022-46341.json +++ b/2022/46xxx/CVE-2022-46341.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "xorg-x11-server-1.20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-46341", + "url": "https://access.redhat.com/security/cve/CVE-2022-46341" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ] } diff --git a/2022/46xxx/CVE-2022-46342.json b/2022/46xxx/CVE-2022-46342.json index 9e0d231ad96b..f1a3cb6e4557 100644 --- a/2022/46xxx/CVE-2022-46342.json +++ b/2022/46xxx/CVE-2022-46342.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46342", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "xorg-x11-server-1.20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-46342", + "url": "https://access.redhat.com/security/cve/CVE-2022-46342" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se" } ] } diff --git a/2022/46xxx/CVE-2022-46343.json b/2022/46xxx/CVE-2022-46343.json index dc692636d105..6758ebe0cbbf 100644 --- a/2022/46xxx/CVE-2022-46343.json +++ b/2022/46xxx/CVE-2022-46343.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46343", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "xorg-x11-server-1.20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-46343", + "url": "https://access.redhat.com/security/cve/CVE-2022-46343" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ] } diff --git a/2022/46xxx/CVE-2022-46344.json b/2022/46xxx/CVE-2022-46344.json index 7f954527cca9..cf783d9b5b57 100644 --- a/2022/46xxx/CVE-2022-46344.json +++ b/2022/46xxx/CVE-2022-46344.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "xorg-x11-server-1.20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-46344", + "url": "https://access.redhat.com/security/cve/CVE-2022-46344" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ] } diff --git a/2022/47xxx/CVE-2022-47406.json b/2022/47xxx/CVE-2022-47406.json new file mode 100644 index 000000000000..663d856dd11d --- /dev/null +++ b/2022/47xxx/CVE-2022-47406.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-016", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2022-016" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47407.json b/2022/47xxx/CVE-2022-47407.json new file mode 100644 index 000000000000..0c49073308c2 --- /dev/null +++ b/2022/47xxx/CVE-2022-47407.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-018", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2022-018" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47408.json b/2022/47xxx/CVE-2022-47408.json new file mode 100644 index 000000000000..c4d526a6117f --- /dev/null +++ b/2022/47xxx/CVE-2022-47408.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47409.json b/2022/47xxx/CVE-2022-47409.json new file mode 100644 index 000000000000..768d813cdac0 --- /dev/null +++ b/2022/47xxx/CVE-2022-47409.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47410.json b/2022/47xxx/CVE-2022-47410.json new file mode 100644 index 000000000000..6165c4e9c095 --- /dev/null +++ b/2022/47xxx/CVE-2022-47410.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47411.json b/2022/47xxx/CVE-2022-47411.json new file mode 100644 index 000000000000..47b0f4708414 --- /dev/null +++ b/2022/47xxx/CVE-2022-47411.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2022-017" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4283.json b/2022/4xxx/CVE-2022-4283.json index 4b50dd60abff..1ddd21e3f8f3 100644 --- a/2022/4xxx/CVE-2022-4283.json +++ b/2022/4xxx/CVE-2022-4283.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "xorg-x11-server-1.20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-4283", + "url": "https://access.redhat.com/security/cve/CVE-2022-4283" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ] } diff --git a/2022/4xxx/CVE-2022-4501.json b/2022/4xxx/CVE-2022-4501.json new file mode 100644 index 000000000000..d68d4d6c6a49 --- /dev/null +++ b/2022/4xxx/CVE-2022-4501.json @@ -0,0 +1,84 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-4501", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nasir179125", + "product": { + "product_data": [ + { + "product_name": "Mega Addons For WPBakery Page Builder", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1eda885-7e10-4294-9748-5359efd51754", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1eda885-7e10-4294-9748-5359efd51754" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/mega-addons-for-visual-composer/tags/4.2.7/main.php#L87", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/mega-addons-for-visual-composer/tags/4.2.7/main.php#L87" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file From 44bb5e53fb2250d71fb04820a02fa613b968b7e1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Dec 2022 22:00:36 +0000 Subject: [PATCH 010/754] "-Synchronized-Data." --- 2020/4xxx/CVE-2020-4497.json | 83 ++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3917.json | 97 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4410.json | 74 +++++++++++++++++++++++++-- 3 files changed, 242 insertions(+), 12 deletions(-) diff --git a/2020/4xxx/CVE-2020-4497.json b/2020/4xxx/CVE-2020-4497.json index 8a83684cda7e..cd293dcc8b18 100644 --- a/2020/4xxx/CVE-2020-4497.json +++ b/2020/4xxx/CVE-2020-4497.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6847627", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6847627" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3917.json b/2022/3xxx/CVE-2022-3917.json index dac1b057d3f9..0d4cc8f9adcf 100644 --- a/2022/3xxx/CVE-2022-3917.json +++ b/2022/3xxx/CVE-2022-3917.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Motorola", + "product": { + "product_data": [ + { + "product_name": "Moto e20", + "version": { + "version_data": [ + { + "version_value": "RON31.199-9", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://motorola-global-portal.custhelp.com/app/software-security-update_link/g_id/6853", + "refsource": "MISC", + "name": "https://motorola-global-portal.custhelp.com/app/software-security-update_link/g_id/6853" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nUpdate your Moto e20 to software version RONS31.267-38-8 or later.\n\n
" + } + ], + "value": "\nUpdate your Moto e20 to software version RONS31.267-38-8 or later.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Motorola Mobility thanks David Lodge from Pen Test Partners for reporting this issue" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4410.json b/2022/4xxx/CVE-2022-4410.json index 57311a0dc491..dab9d95cfd28 100644 --- a/2022/4xxx/CVE-2022-4410.json +++ b/2022/4xxx/CVE-2022-4410.json @@ -1,17 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mbis", + "product": { + "product_data": [ + { + "product_name": "Permalink Manager Lite", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cbf9636-9d9d-44d4-b873-8920f2dbb846", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cbf9636-9d9d-44d4-b873-8920f2dbb846" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2833667%40permalink-manager&new=2833667%40permalink-manager&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2833667%40permalink-manager&new=2833667%40permalink-manager&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Nicole Sheinin" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } From c65301ebecd10b54f641d6158aaf2043c8bd72f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Dec 2022 23:00:37 +0000 Subject: [PATCH 011/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47412.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47413.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47414.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47415.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47416.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47417.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47418.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47419.json | 18 ++++++++++++++++++ 8 files changed, 144 insertions(+) create mode 100644 2022/47xxx/CVE-2022-47412.json create mode 100644 2022/47xxx/CVE-2022-47413.json create mode 100644 2022/47xxx/CVE-2022-47414.json create mode 100644 2022/47xxx/CVE-2022-47415.json create mode 100644 2022/47xxx/CVE-2022-47416.json create mode 100644 2022/47xxx/CVE-2022-47417.json create mode 100644 2022/47xxx/CVE-2022-47418.json create mode 100644 2022/47xxx/CVE-2022-47419.json diff --git a/2022/47xxx/CVE-2022-47412.json b/2022/47xxx/CVE-2022-47412.json new file mode 100644 index 000000000000..5a69d28cbb51 --- /dev/null +++ b/2022/47xxx/CVE-2022-47412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47413.json b/2022/47xxx/CVE-2022-47413.json new file mode 100644 index 000000000000..53e253fe3d4e --- /dev/null +++ b/2022/47xxx/CVE-2022-47413.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47413", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47414.json b/2022/47xxx/CVE-2022-47414.json new file mode 100644 index 000000000000..4c5e0cb3eba3 --- /dev/null +++ b/2022/47xxx/CVE-2022-47414.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47414", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47415.json b/2022/47xxx/CVE-2022-47415.json new file mode 100644 index 000000000000..82eadc4d1ff9 --- /dev/null +++ b/2022/47xxx/CVE-2022-47415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47416.json b/2022/47xxx/CVE-2022-47416.json new file mode 100644 index 000000000000..2d2a32fedab8 --- /dev/null +++ b/2022/47xxx/CVE-2022-47416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47417.json b/2022/47xxx/CVE-2022-47417.json new file mode 100644 index 000000000000..72b57dab90a1 --- /dev/null +++ b/2022/47xxx/CVE-2022-47417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47418.json b/2022/47xxx/CVE-2022-47418.json new file mode 100644 index 000000000000..93d867305015 --- /dev/null +++ b/2022/47xxx/CVE-2022-47418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47419.json b/2022/47xxx/CVE-2022-47419.json new file mode 100644 index 000000000000..f3c28e10d993 --- /dev/null +++ b/2022/47xxx/CVE-2022-47419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 23d3424a6daed33298b46ecd8c8d1cc65b23e6de Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 00:00:38 +0000 Subject: [PATCH 012/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4502.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4503.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4504.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4505.json | 18 ++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4502.json create mode 100644 2022/4xxx/CVE-2022-4503.json create mode 100644 2022/4xxx/CVE-2022-4504.json create mode 100644 2022/4xxx/CVE-2022-4505.json diff --git a/2022/4xxx/CVE-2022-4502.json b/2022/4xxx/CVE-2022-4502.json new file mode 100644 index 000000000000..c5605f5efbc4 --- /dev/null +++ b/2022/4xxx/CVE-2022-4502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4503.json b/2022/4xxx/CVE-2022-4503.json new file mode 100644 index 000000000000..34893723b2e5 --- /dev/null +++ b/2022/4xxx/CVE-2022-4503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4504.json b/2022/4xxx/CVE-2022-4504.json new file mode 100644 index 000000000000..ea158d7f9cf9 --- /dev/null +++ b/2022/4xxx/CVE-2022-4504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4505.json b/2022/4xxx/CVE-2022-4505.json new file mode 100644 index 000000000000..cff2bf43f4b2 --- /dev/null +++ b/2022/4xxx/CVE-2022-4505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From eae9a9adb13500e2418c9015ed33cd60ac667788 Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Wed, 14 Dec 2022 16:59:27 -0800 Subject: [PATCH 013/754] 5bdef791-6886-4008-b9ba-045cb4524114 --- 2022/4xxx/CVE-2022-4502.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4502.json b/2022/4xxx/CVE-2022-4502.json index c5605f5efbc4..d97349a371d7 100644 --- a/2022/4xxx/CVE-2022-4502.json +++ b/2022/4xxx/CVE-2022-4502.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4502", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Reflected in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114" + }, + { + "name": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879" + } + ] + }, + "source": { + "advisory": "5bdef791-6886-4008-b9ba-045cb4524114", + "discovery": "EXTERNAL" + } } \ No newline at end of file From d764028939953db8f29b07e1eb58ce4504040d61 Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Wed, 14 Dec 2022 16:59:31 -0800 Subject: [PATCH 014/754] 4cba644c-a2f5-4ed7-af5d-f2cab1895e13 --- 2022/4xxx/CVE-2022-4503.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4503.json b/2022/4xxx/CVE-2022-4503.json index 34893723b2e5..0bb538cfdcc7 100644 --- a/2022/4xxx/CVE-2022-4503.json +++ b/2022/4xxx/CVE-2022-4503.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4503", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Generic in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13" + }, + { + "name": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879" + } + ] + }, + "source": { + "advisory": "4cba644c-a2f5-4ed7-af5d-f2cab1895e13", + "discovery": "EXTERNAL" + } } \ No newline at end of file From 5af910540b9c5426ced068c6b7c25d44dd04f52e Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Wed, 14 Dec 2022 16:59:42 -0800 Subject: [PATCH 015/754] f50538cb-99d3-411d-bd1a-5f36d1fa9f5d --- 2022/4xxx/CVE-2022-4504.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4504.json b/2022/4xxx/CVE-2022-4504.json index ea158d7f9cf9..3c5c88e12404 100644 --- a/2022/4xxx/CVE-2022-4504.json +++ b/2022/4xxx/CVE-2022-4504.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4504", + "STATE": "PUBLIC", + "TITLE": "Improper Input Validation in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/f50538cb-99d3-411d-bd1a-5f36d1fa9f5d", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/f50538cb-99d3-411d-bd1a-5f36d1fa9f5d" + }, + { + "name": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879" + } + ] + }, + "source": { + "advisory": "f50538cb-99d3-411d-bd1a-5f36d1fa9f5d", + "discovery": "EXTERNAL" + } } \ No newline at end of file From e0be085326e576ee7e01b25709a5b84e3cfd1df3 Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Wed, 14 Dec 2022 17:00:29 -0800 Subject: [PATCH 016/754] e36ca754-bb9f-4686-ad72-7fb849e97d92 --- 2022/4xxx/CVE-2022-4505.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4505.json b/2022/4xxx/CVE-2022-4505.json index cff2bf43f4b2..8c8e343d10a4 100644 --- a/2022/4xxx/CVE-2022-4505.json +++ b/2022/4xxx/CVE-2022-4505.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4505", + "STATE": "PUBLIC", + "TITLE": "Improper Access Control in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92" + }, + { + "name": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33" + } + ] + }, + "source": { + "advisory": "e36ca754-bb9f-4686-ad72-7fb849e97d92", + "discovery": "EXTERNAL" + } } \ No newline at end of file From 724654a77a3811690d55839abc00dfaea2f45caf Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Wed, 14 Dec 2022 17:00:40 -0800 Subject: [PATCH 017/754] f423d193-4ab0-4f03-ad90-25e4f02e7942 --- 2022/4xxx/CVE-2022-4506.json | 89 ++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4506.json diff --git a/2022/4xxx/CVE-2022-4506.json b/2022/4xxx/CVE-2022-4506.json new file mode 100644 index 000000000000..b5b434f2e4f7 --- /dev/null +++ b/2022/4xxx/CVE-2022-4506.json @@ -0,0 +1,89 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4506", + "STATE": "PUBLIC", + "TITLE": "Unrestricted Upload of File with Dangerous Type in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942" + }, + { + "name": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f" + } + ] + }, + "source": { + "advisory": "f423d193-4ab0-4f03-ad90-25e4f02e7942", + "discovery": "EXTERNAL" + } +} \ No newline at end of file From 4a95ecc8f9ef464b74c649bdc4b473c647f10cfb Mon Sep 17 00:00:00 2001 From: Zabbix Security <97531315+zabbixsecurity@users.noreply.github.com> Date: Thu, 15 Dec 2022 09:00:37 +0200 Subject: [PATCH 018/754] Update CVE-2022-46768.json --- 2022/46xxx/CVE-2022-46768.json | 122 ++++++++++++++++++++++++++++++--- 1 file changed, 114 insertions(+), 8 deletions(-) diff --git a/2022/46xxx/CVE-2022-46768.json b/2022/46xxx/CVE-2022-46768.json index 95f32646aeed..58dfd178847b 100644 --- a/2022/46xxx/CVE-2022-46768.json +++ b/2022/46xxx/CVE-2022-46768.json @@ -1,18 +1,124 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "ZBV-2022-09-1", + "ASSIGNER": "security@zabbix.com", + "DATE_PUBLIC": "2022-09-21T01:56:00.000Z", "ID": "CVE-2022-46768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "File name information disclosure vulnerability in Zabbix Web Service Report Generation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Web Service Report Generation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.0.0-6.0.11" + }, + { + "version_affected": "=", + "version_value": "6.2.0-6.2.5" + } + ] + } + }, + { + "product_name": "Zabbix agent 2 (MSI packages)", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_value": "6.0.12rc1" + }, + { + "version_affected": "!>=", + "version_value": "6.2.6rc1" + } + ] + } + } + ] + }, + "vendor_name": "Zabbix" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Trend Micro ZDI" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-22087" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "To remediate this vulnerability, apply updates to the appropriate products or use the workaround" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If an immediate update is not possible, limit network access to Zabbix Web Service Report Generation." + } + ] +} From 2cd0a95fee72ad1cee428a0f98e76f3f1a39d4c6 Mon Sep 17 00:00:00 2001 From: Cisco Talos CNA Date: Thu, 15 Dec 2022 08:00:32 -0500 Subject: [PATCH 019/754] Submitting published CVEs --- 2022/41xxx/CVE-2022-41992.json | 62 +++++++++++++++++++++++++++++++--- 1 file changed, 58 insertions(+), 4 deletions(-) diff --git a/2022/41xxx/CVE-2022-41992.json b/2022/41xxx/CVE-2022-41992.json index 2fba338acc97..31c589346657 100644 --- a/2022/41xxx/CVE-2022-41992.json +++ b/2022/41xxx/CVE-2022-41992.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-12-07", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1644", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1644" } ] + }, + "impact": { + "cvss": { + "baseScore": 7.8, + "baseSeverity": "High", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PowerISO", + "product": { + "product_data": [ + { + "product_name": "PowerISO", + "version": { + "version_data": [ + { + "version_value": "PowerISO 8.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file From 792210f5e408037f558fbbd84a3ec2799292f716 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 18:39:55 +0000 Subject: [PATCH 020/754] "-Synchronized-Data." --- 2020/20xxx/CVE-2020-20588.json | 56 +++++++++-- 2020/20xxx/CVE-2020-20589.json | 56 +++++++++-- 2020/21xxx/CVE-2020-21219.json | 56 +++++++++-- 2020/24xxx/CVE-2020-24855.json | 56 +++++++++-- 2020/25xxx/CVE-2020-25736.json | 5 + 2020/36xxx/CVE-2020-36607.json | 48 ++++++++- 2021/33xxx/CVE-2021-33420.json | 71 ++++++++++++-- 2021/36xxx/CVE-2021-36572.json | 56 +++++++++-- 2021/36xxx/CVE-2021-36573.json | 56 +++++++++-- 2021/39xxx/CVE-2021-39426.json | 56 +++++++++-- 2021/39xxx/CVE-2021-39427.json | 56 +++++++++-- 2021/39xxx/CVE-2021-39428.json | 56 +++++++++-- 2021/4xxx/CVE-2021-4226.json | 67 ++++++++++++- 2022/31xxx/CVE-2022-31692.json | 5 + 2022/32xxx/CVE-2022-32833.json | 51 +++++++++- 2022/32xxx/CVE-2022-32860.json | 83 +++++++++++++++- 2022/32xxx/CVE-2022-32916.json | 51 +++++++++- 2022/32xxx/CVE-2022-32942.json | 83 +++++++++++++++- 2022/32xxx/CVE-2022-32943.json | 67 ++++++++++++- 2022/32xxx/CVE-2022-32945.json | 51 +++++++++- 2022/32xxx/CVE-2022-32948.json | 67 ++++++++++++- 2022/36xxx/CVE-2022-36534.json | 5 + 2022/39xxx/CVE-2022-39328.json | 5 + 2022/39xxx/CVE-2022-39916.json | 4 +- 2022/39xxx/CVE-2022-39917.json | 4 +- 2022/39xxx/CVE-2022-39918.json | 4 +- 2022/39xxx/CVE-2022-39919.json | 4 +- 2022/39xxx/CVE-2022-39920.json | 4 +- 2022/39xxx/CVE-2022-39921.json | 4 +- 2022/39xxx/CVE-2022-39922.json | 4 +- 2022/39xxx/CVE-2022-39923.json | 4 +- 2022/39xxx/CVE-2022-39924.json | 4 +- 2022/39xxx/CVE-2022-39925.json | 4 +- 2022/39xxx/CVE-2022-39926.json | 4 +- 2022/39xxx/CVE-2022-39927.json | 4 +- 2022/39xxx/CVE-2022-39928.json | 4 +- 2022/39xxx/CVE-2022-39929.json | 4 +- 2022/39xxx/CVE-2022-39930.json | 4 +- 2022/39xxx/CVE-2022-39931.json | 4 +- 2022/39xxx/CVE-2022-39932.json | 4 +- 2022/39xxx/CVE-2022-39933.json | 4 +- 2022/39xxx/CVE-2022-39934.json | 4 +- 2022/39xxx/CVE-2022-39935.json | 4 +- 2022/39xxx/CVE-2022-39936.json | 4 +- 2022/39xxx/CVE-2022-39937.json | 4 +- 2022/39xxx/CVE-2022-39938.json | 4 +- 2022/39xxx/CVE-2022-39939.json | 4 +- 2022/39xxx/CVE-2022-39940.json | 4 +- 2022/39xxx/CVE-2022-39941.json | 4 +- 2022/39xxx/CVE-2022-39942.json | 4 +- 2022/39xxx/CVE-2022-39943.json | 4 +- 2022/40xxx/CVE-2022-40000.json | 56 +++++++++-- 2022/40xxx/CVE-2022-40001.json | 56 +++++++++-- 2022/40xxx/CVE-2022-40002.json | 56 +++++++++-- 2022/40xxx/CVE-2022-40373.json | 56 +++++++++-- 2022/42xxx/CVE-2022-42805.json | 67 ++++++++++++- 2022/42xxx/CVE-2022-42821.json | 83 +++++++++++++++- 2022/42xxx/CVE-2022-42837.json | 99 ++++++++++++++++++- 2022/42xxx/CVE-2022-42840.json | 115 +++++++++++++++++++++- 2022/42xxx/CVE-2022-42841.json | 83 +++++++++++++++- 2022/42xxx/CVE-2022-42842.json | 131 ++++++++++++++++++++++++- 2022/42xxx/CVE-2022-42843.json | 99 ++++++++++++++++++- 2022/42xxx/CVE-2022-42844.json | 51 +++++++++- 2022/42xxx/CVE-2022-42845.json | 131 ++++++++++++++++++++++++- 2022/42xxx/CVE-2022-42846.json | 67 ++++++++++++- 2022/42xxx/CVE-2022-42847.json | 51 +++++++++- 2022/42xxx/CVE-2022-42848.json | 83 +++++++++++++++- 2022/42xxx/CVE-2022-42849.json | 83 +++++++++++++++- 2022/42xxx/CVE-2022-42850.json | 51 +++++++++- 2022/42xxx/CVE-2022-42851.json | 67 ++++++++++++- 2022/42xxx/CVE-2022-42852.json | 131 ++++++++++++++++++++++++- 2022/42xxx/CVE-2022-42853.json | 51 +++++++++- 2022/42xxx/CVE-2022-42854.json | 67 ++++++++++++- 2022/42xxx/CVE-2022-42855.json | 115 +++++++++++++++++++++- 2022/42xxx/CVE-2022-42856.json | 115 +++++++++++++++++++++- 2022/42xxx/CVE-2022-42859.json | 83 +++++++++++++++- 2022/42xxx/CVE-2022-42861.json | 99 ++++++++++++++++++- 2022/42xxx/CVE-2022-42862.json | 67 ++++++++++++- 2022/42xxx/CVE-2022-42863.json | 115 +++++++++++++++++++++- 2022/42xxx/CVE-2022-42864.json | 147 +++++++++++++++++++++++++++- 2022/42xxx/CVE-2022-42865.json | 99 ++++++++++++++++++- 2022/42xxx/CVE-2022-42866.json | 99 ++++++++++++++++++- 2022/42xxx/CVE-2022-42867.json | 115 +++++++++++++++++++++- 2022/46xxx/CVE-2022-46689.json | 147 +++++++++++++++++++++++++++- 2022/46xxx/CVE-2022-46690.json | 99 ++++++++++++++++++- 2022/46xxx/CVE-2022-46691.json | 131 ++++++++++++++++++++++++- 2022/46xxx/CVE-2022-46692.json | 147 +++++++++++++++++++++++++++- 2022/46xxx/CVE-2022-46693.json | 115 +++++++++++++++++++++- 2022/46xxx/CVE-2022-46694.json | 99 ++++++++++++++++++- 2022/46xxx/CVE-2022-46695.json | 115 +++++++++++++++++++++- 2022/46xxx/CVE-2022-46696.json | 115 +++++++++++++++++++++- 2022/46xxx/CVE-2022-46697.json | 51 +++++++++- 2022/46xxx/CVE-2022-46698.json | 131 ++++++++++++++++++++++++- 2022/46xxx/CVE-2022-46699.json | 115 +++++++++++++++++++++- 2022/46xxx/CVE-2022-46700.json | 131 ++++++++++++++++++++++++- 2022/46xxx/CVE-2022-46701.json | 83 +++++++++++++++- 2022/46xxx/CVE-2022-46702.json | 51 +++++++++- 2022/47xxx/CVE-2022-47502.json | 18 ++++ 2022/4xxx/CVE-2022-4506.json | 171 +++++++++++++++++---------------- 99 files changed, 5405 insertions(+), 377 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47502.json diff --git a/2020/20xxx/CVE-2020-20588.json b/2020/20xxx/CVE-2020-20588.json index 4630eacbc584..631b96fde2c1 100644 --- a/2020/20xxx/CVE-2020-20588.json +++ b/2020/20xxx/CVE-2020-20588.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20588", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhimengzhe/iBarn/issues/13", + "refsource": "MISC", + "name": "https://github.com/zhimengzhe/iBarn/issues/13" } ] } diff --git a/2020/20xxx/CVE-2020-20589.json b/2020/20xxx/CVE-2020-20589.json index f3493b00bd89..54e61bded0d1 100644 --- a/2020/20xxx/CVE-2020-20589.json +++ b/2020/20xxx/CVE-2020-20589.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20589", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/liufee/cms/issues/45", + "url": "https://github.com/liufee/cms/issues/45" } ] } diff --git a/2020/21xxx/CVE-2020-21219.json b/2020/21xxx/CVE-2020-21219.json index 440c010b7fc9..11a36a5f4556 100644 --- a/2020/21xxx/CVE-2020-21219.json +++ b/2020/21xxx/CVE-2020-21219.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21219", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21219", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://redmine.pfsense.org/issues/9888", + "url": "https://redmine.pfsense.org/issues/9888" } ] } diff --git a/2020/24xxx/CVE-2020-24855.json b/2020/24xxx/CVE-2020-24855.json index a19c38901f27..6325847aa570 100644 --- a/2020/24xxx/CVE-2020-24855.json +++ b/2020/24xxx/CVE-2020-24855.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/easy-team/easywebpack-cli/issues/25", + "refsource": "MISC", + "name": "https://github.com/easy-team/easywebpack-cli/issues/25" } ] } diff --git a/2020/25xxx/CVE-2020-25736.json b/2020/25xxx/CVE-2020-25736.json index 1bb91febf49b..3dc2bd932eae 100644 --- a/2020/25xxx/CVE-2020-25736.json +++ b/2020/25xxx/CVE-2020-25736.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://kb.acronis.com/content/68061", "url": "https://kb.acronis.com/content/68061" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html" } ] } diff --git a/2020/36xxx/CVE-2020-36607.json b/2020/36xxx/CVE-2020-36607.json index fbbae6591890..b914c492e939 100644 --- a/2020/36xxx/CVE-2020-36607.json +++ b/2020/36xxx/CVE-2020-36607.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2020-36607", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/liufee/cms/issues/45", + "url": "https://github.com/liufee/cms/issues/45" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag." } ] } diff --git a/2021/33xxx/CVE-2021-33420.json b/2021/33xxx/CVE-2021-33420.json index 7e7fab58f3b4..9f48bdd1382d 100644 --- a/2021/33xxx/CVE-2021-33420.json +++ b/2021/33xxx/CVE-2021-33420.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33420", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33420", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/inikulin/replicator/issues/16", + "refsource": "MISC", + "name": "https://github.com/inikulin/replicator/issues/16" + }, + { + "url": "https://github.com/inikulin/replicator/pull/17", + "refsource": "MISC", + "name": "https://github.com/inikulin/replicator/pull/17" + }, + { + "url": "https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b", + "refsource": "MISC", + "name": "https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b" + }, + { + "url": "https://advisory.checkmarx.net/advisory/CX-2021-4787", + "refsource": "MISC", + "name": "https://advisory.checkmarx.net/advisory/CX-2021-4787" } ] } diff --git a/2021/36xxx/CVE-2021-36572.json b/2021/36xxx/CVE-2021-36572.json index 208adc17dc87..6a72d9ae0c2e 100644 --- a/2021/36xxx/CVE-2021-36572.json +++ b/2021/36xxx/CVE-2021-36572.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36572", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36572", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/58", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/58" } ] } diff --git a/2021/36xxx/CVE-2021-36573.json b/2021/36xxx/CVE-2021-36573.json index b39b99f2960f..c798b877d531 100644 --- a/2021/36xxx/CVE-2021-36573.json +++ b/2021/36xxx/CVE-2021-36573.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36573", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36573", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/59", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/59" } ] } diff --git a/2021/39xxx/CVE-2021-39426.json b/2021/39xxx/CVE-2021-39426.json index a49cc3c1f720..3ce30f8f592d 100644 --- a/2021/39xxx/CVE-2021-39426.json +++ b/2021/39xxx/CVE-2021-39426.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/seacms-com/seacms/issues/21", + "url": "https://github.com/seacms-com/seacms/issues/21" } ] } diff --git a/2021/39xxx/CVE-2021-39427.json b/2021/39xxx/CVE-2021-39427.json index d487875aafc8..c2b35b017101 100644 --- a/2021/39xxx/CVE-2021-39427.json +++ b/2021/39xxx/CVE-2021-39427.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vtime-tech/188Jianzhan/issues/4", + "refsource": "MISC", + "name": "https://github.com/vtime-tech/188Jianzhan/issues/4" } ] } diff --git a/2021/39xxx/CVE-2021-39428.json b/2021/39xxx/CVE-2021-39428.json index 57daad666867..e798f3a29b77 100644 --- a/2021/39xxx/CVE-2021-39428.json +++ b/2021/39xxx/CVE-2021-39428.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39428", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39428", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/eyoucms/eyoucms/issues/14", + "refsource": "MISC", + "name": "https://github.com/eyoucms/eyoucms/issues/14" } ] } diff --git a/2021/4xxx/CVE-2021-4226.json b/2021/4xxx/CVE-2021-4226.json index a4e9f5e54420..099ea048579a 100644 --- a/2021/4xxx/CVE-2021-4226.json +++ b/2021/4xxx/CVE-2021-4226.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "RSFirewall!", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c0ed80c8-ebbf-4ed9-b02f-31660097c352", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c0ed80c8-ebbf-4ed9-b02f-31660097c352" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Ruf" + } + ] } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31692.json b/2022/31xxx/CVE-2022-31692.json index a04921104146..05e8f98f29f3 100644 --- a/2022/31xxx/CVE-2022-31692.json +++ b/2022/31xxx/CVE-2022-31692.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://tanzu.vmware.com/security/cve-2022-31692", "url": "https://tanzu.vmware.com/security/cve-2022-31692" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0010/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0010/" } ] }, diff --git a/2022/32xxx/CVE-2022-32833.json b/2022/32xxx/CVE-2022-32833.json index 83ee90563186..0df3fabcd814 100644 --- a/2022/32xxx/CVE-2022-32833.json +++ b/2022/32xxx/CVE-2022-32833.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An unauthorized user may be able to access browsing history" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213446", + "name": "https://support.apple.com/en-us/HT213446" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history." } ] } diff --git a/2022/32xxx/CVE-2022-32860.json b/2022/32xxx/CVE-2022-32860.json index 42b8349e68dd..4f829417fdfb 100644 --- a/2022/32xxx/CVE-2022-32860.json +++ b/2022/32xxx/CVE-2022-32860.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213345", + "name": "https://support.apple.com/en-us/HT213345" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213346", + "name": "https://support.apple.com/en-us/HT213346" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213344", + "name": "https://support.apple.com/en-us/HT213344" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/32xxx/CVE-2022-32916.json b/2022/32xxx/CVE-2022-32916.json index acd9d3f2e5af..cbb6bd643857 100644 --- a/2022/32xxx/CVE-2022-32916.json +++ b/2022/32xxx/CVE-2022-32916.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to disclose kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213446", + "name": "https://support.apple.com/en-us/HT213446" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory." } ] } diff --git a/2022/32xxx/CVE-2022-32942.json b/2022/32xxx/CVE-2022-32942.json index d5a884fd4a13..da545313b6f1 100644 --- a/2022/32xxx/CVE-2022-32942.json +++ b/2022/32xxx/CVE-2022-32942.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/32xxx/CVE-2022-32943.json b/2022/32xxx/CVE-2022-32943.json index 1779fb24aa5a..86248e2a0ec3 100644 --- a/2022/32xxx/CVE-2022-32943.json +++ b/2022/32xxx/CVE-2022-32943.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Shake-to-undo may allow a deleted photo to be re-surfaced without authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication." } ] } diff --git a/2022/32xxx/CVE-2022-32945.json b/2022/32xxx/CVE-2022-32945.json index f66d30034f4c..e6aedda71f51 100644 --- a/2022/32xxx/CVE-2022-32945.json +++ b/2022/32xxx/CVE-2022-32945.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to record audio with paired AirPods" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213488", + "name": "https://support.apple.com/en-us/HT213488" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods." } ] } diff --git a/2022/32xxx/CVE-2022-32948.json b/2022/32xxx/CVE-2022-32948.json index 6d468320c0e3..1e95632f18ae 100644 --- a/2022/32xxx/CVE-2022-32948.json +++ b/2022/32xxx/CVE-2022-32948.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213345", + "name": "https://support.apple.com/en-us/HT213345" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213346", + "name": "https://support.apple.com/en-us/HT213346" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/36xxx/CVE-2022-36534.json b/2022/36xxx/CVE-2022-36534.json index 482d784d2e5d..f9c56151f7dd 100644 --- a/2022/36xxx/CVE-2022-36534.json +++ b/2022/36xxx/CVE-2022-36534.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/", "url": "https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html" } ] } diff --git a/2022/39xxx/CVE-2022-39328.json b/2022/39xxx/CVE-2022-39328.json index 1da0e3434801..ea5d65934e3f 100644 --- a/2022/39xxx/CVE-2022-39328.json +++ b/2022/39xxx/CVE-2022-39328.json @@ -73,6 +73,11 @@ "name": "https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch", "refsource": "CONFIRM", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0003/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0003/" } ] }, diff --git a/2022/39xxx/CVE-2022-39916.json b/2022/39xxx/CVE-2022-39916.json index 2c24f615cf76..4ecdea51aa31 100644 --- a/2022/39xxx/CVE-2022-39916.json +++ b/2022/39xxx/CVE-2022-39916.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39916", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39917.json b/2022/39xxx/CVE-2022-39917.json index 5ec6f48ab91e..903273f6cb57 100644 --- a/2022/39xxx/CVE-2022-39917.json +++ b/2022/39xxx/CVE-2022-39917.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39917", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39918.json b/2022/39xxx/CVE-2022-39918.json index d74480dfc954..43b5994d24c2 100644 --- a/2022/39xxx/CVE-2022-39918.json +++ b/2022/39xxx/CVE-2022-39918.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39918", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39919.json b/2022/39xxx/CVE-2022-39919.json index 668e5495ec6b..663b6334c910 100644 --- a/2022/39xxx/CVE-2022-39919.json +++ b/2022/39xxx/CVE-2022-39919.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39919", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39920.json b/2022/39xxx/CVE-2022-39920.json index 9b4ed53eeeac..ff9ed90b90ad 100644 --- a/2022/39xxx/CVE-2022-39920.json +++ b/2022/39xxx/CVE-2022-39920.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39920", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39921.json b/2022/39xxx/CVE-2022-39921.json index 7a5bf53eec53..3d76387f3028 100644 --- a/2022/39xxx/CVE-2022-39921.json +++ b/2022/39xxx/CVE-2022-39921.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39922.json b/2022/39xxx/CVE-2022-39922.json index caf2d256624d..f5682f275e8e 100644 --- a/2022/39xxx/CVE-2022-39922.json +++ b/2022/39xxx/CVE-2022-39922.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39922", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39923.json b/2022/39xxx/CVE-2022-39923.json index 9b65fd30c1d0..65afd58482ac 100644 --- a/2022/39xxx/CVE-2022-39923.json +++ b/2022/39xxx/CVE-2022-39923.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39923", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39924.json b/2022/39xxx/CVE-2022-39924.json index 589e488dbebd..0e7eb5aaf36f 100644 --- a/2022/39xxx/CVE-2022-39924.json +++ b/2022/39xxx/CVE-2022-39924.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39924", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39925.json b/2022/39xxx/CVE-2022-39925.json index 23b89b8b13f8..154e7b3ab588 100644 --- a/2022/39xxx/CVE-2022-39925.json +++ b/2022/39xxx/CVE-2022-39925.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39925", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39926.json b/2022/39xxx/CVE-2022-39926.json index c38f8ca6e7c0..a3b466649736 100644 --- a/2022/39xxx/CVE-2022-39926.json +++ b/2022/39xxx/CVE-2022-39926.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39926", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39927.json b/2022/39xxx/CVE-2022-39927.json index 28d8d999cba8..ea3a6254bc0c 100644 --- a/2022/39xxx/CVE-2022-39927.json +++ b/2022/39xxx/CVE-2022-39927.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39927", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39928.json b/2022/39xxx/CVE-2022-39928.json index e4c12089182c..81b7460af17e 100644 --- a/2022/39xxx/CVE-2022-39928.json +++ b/2022/39xxx/CVE-2022-39928.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39928", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39929.json b/2022/39xxx/CVE-2022-39929.json index 4e23caa551b7..2498fff7c9d6 100644 --- a/2022/39xxx/CVE-2022-39929.json +++ b/2022/39xxx/CVE-2022-39929.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39929", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39930.json b/2022/39xxx/CVE-2022-39930.json index ad959ab54ace..da696e5370cb 100644 --- a/2022/39xxx/CVE-2022-39930.json +++ b/2022/39xxx/CVE-2022-39930.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39930", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39931.json b/2022/39xxx/CVE-2022-39931.json index 5092128e807a..19dd1c139c10 100644 --- a/2022/39xxx/CVE-2022-39931.json +++ b/2022/39xxx/CVE-2022-39931.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39931", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39932.json b/2022/39xxx/CVE-2022-39932.json index 28fc1565c7aa..6ee6d8cff841 100644 --- a/2022/39xxx/CVE-2022-39932.json +++ b/2022/39xxx/CVE-2022-39932.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39932", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39933.json b/2022/39xxx/CVE-2022-39933.json index f995ba7038d3..18786afc06d5 100644 --- a/2022/39xxx/CVE-2022-39933.json +++ b/2022/39xxx/CVE-2022-39933.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39933", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39934.json b/2022/39xxx/CVE-2022-39934.json index cfd764e82139..60bbcb3e5a94 100644 --- a/2022/39xxx/CVE-2022-39934.json +++ b/2022/39xxx/CVE-2022-39934.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39934", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39935.json b/2022/39xxx/CVE-2022-39935.json index 81efd910f2a6..f2665fe0ff42 100644 --- a/2022/39xxx/CVE-2022-39935.json +++ b/2022/39xxx/CVE-2022-39935.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39935", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39936.json b/2022/39xxx/CVE-2022-39936.json index 65902959687a..01426c309584 100644 --- a/2022/39xxx/CVE-2022-39936.json +++ b/2022/39xxx/CVE-2022-39936.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39936", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39937.json b/2022/39xxx/CVE-2022-39937.json index 2382d2a2bb9e..5dcfb4641b8e 100644 --- a/2022/39xxx/CVE-2022-39937.json +++ b/2022/39xxx/CVE-2022-39937.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39937", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39938.json b/2022/39xxx/CVE-2022-39938.json index a15c578d3bc2..6c6f79de155d 100644 --- a/2022/39xxx/CVE-2022-39938.json +++ b/2022/39xxx/CVE-2022-39938.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39938", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39939.json b/2022/39xxx/CVE-2022-39939.json index 69be42677ad0..d1a01f48c714 100644 --- a/2022/39xxx/CVE-2022-39939.json +++ b/2022/39xxx/CVE-2022-39939.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39939", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39940.json b/2022/39xxx/CVE-2022-39940.json index 51d885d4b7fe..fedc400156ba 100644 --- a/2022/39xxx/CVE-2022-39940.json +++ b/2022/39xxx/CVE-2022-39940.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39940", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39941.json b/2022/39xxx/CVE-2022-39941.json index 8c4fc0f47d1c..3dab2a0fd222 100644 --- a/2022/39xxx/CVE-2022-39941.json +++ b/2022/39xxx/CVE-2022-39941.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39941", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39942.json b/2022/39xxx/CVE-2022-39942.json index ef8e3470edb5..be5a3248b848 100644 --- a/2022/39xxx/CVE-2022-39942.json +++ b/2022/39xxx/CVE-2022-39942.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39942", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/39xxx/CVE-2022-39943.json b/2022/39xxx/CVE-2022-39943.json index 2e00cd075220..9b4b155a0cdd 100644 --- a/2022/39xxx/CVE-2022-39943.json +++ b/2022/39xxx/CVE-2022-39943.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-39943", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/40xxx/CVE-2022-40000.json b/2022/40xxx/CVE-2022-40000.json index f762b01f5d53..c2a6decf011b 100644 --- a/2022/40xxx/CVE-2022-40000.json +++ b/2022/40xxx/CVE-2022-40000.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40000", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40000", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/64", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/64" } ] } diff --git a/2022/40xxx/CVE-2022-40001.json b/2022/40xxx/CVE-2022-40001.json index f54a895d9744..5dfb86505c8f 100644 --- a/2022/40xxx/CVE-2022-40001.json +++ b/2022/40xxx/CVE-2022-40001.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40001", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40001", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/65", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/65" } ] } diff --git a/2022/40xxx/CVE-2022-40002.json b/2022/40xxx/CVE-2022-40002.json index 10d53a72d7a5..639ae962e63f 100644 --- a/2022/40xxx/CVE-2022-40002.json +++ b/2022/40xxx/CVE-2022-40002.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40002", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40002", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/66", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/66" } ] } diff --git a/2022/40xxx/CVE-2022-40373.json b/2022/40xxx/CVE-2022-40373.json index 9cd8e08c8c56..31c5ae66e1ce 100644 --- a/2022/40xxx/CVE-2022-40373.json +++ b/2022/40xxx/CVE-2022-40373.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40373", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40373", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/67", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/67" } ] } diff --git a/2022/42xxx/CVE-2022-42805.json b/2022/42xxx/CVE-2022-42805.json index 769da6cc98e8..7ee87f563654 100644 --- a/2022/42xxx/CVE-2022-42805.json +++ b/2022/42xxx/CVE-2022-42805.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213345", + "name": "https://support.apple.com/en-us/HT213345" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213346", + "name": "https://support.apple.com/en-us/HT213346" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42821.json b/2022/42xxx/CVE-2022-42821.json index d3066b23aa5c..e1b64e80e0bc 100644 --- a/2022/42xxx/CVE-2022-42821.json +++ b/2022/42xxx/CVE-2022-42821.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may bypass Gatekeeper checks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213488", + "name": "https://support.apple.com/en-us/HT213488" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks." } ] } diff --git a/2022/42xxx/CVE-2022-42837.json b/2022/42xxx/CVE-2022-42837.json index 54f15998ae4e..caf29a1ddd8d 100644 --- a/2022/42xxx/CVE-2022-42837.json +++ b/2022/42xxx/CVE-2022-42837.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42837", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote user may be able to cause unexpected app termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution." } ] } diff --git a/2022/42xxx/CVE-2022-42840.json b/2022/42xxx/CVE-2022-42840.json index cddc54c09abe..6191c7266bbe 100644 --- a/2022/42xxx/CVE-2022-42840.json +++ b/2022/42xxx/CVE-2022-42840.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42841.json b/2022/42xxx/CVE-2022-42841.json index 43f09b16bc8f..5bc6ffbefea5 100644 --- a/2022/42xxx/CVE-2022-42841.json +++ b/2022/42xxx/CVE-2022-42841.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42841", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted package may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution." } ] } diff --git a/2022/42xxx/CVE-2022-42842.json b/2022/42xxx/CVE-2022-42842.json index f8847ff207f2..447412d12cad 100644 --- a/2022/42xxx/CVE-2022-42842.json +++ b/2022/42xxx/CVE-2022-42842.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote user may be able to cause kernel code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution." } ] } diff --git a/2022/42xxx/CVE-2022-42843.json b/2022/42xxx/CVE-2022-42843.json index ed047d06fef6..c7b1fda22191 100644 --- a/2022/42xxx/CVE-2022-42843.json +++ b/2022/42xxx/CVE-2022-42843.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user may be able to view sensitive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information." } ] } diff --git a/2022/42xxx/CVE-2022-42844.json b/2022/42xxx/CVE-2022-42844.json index cb06407f46e9..f8f84cbc45a9 100644 --- a/2022/42xxx/CVE-2022-42844.json +++ b/2022/42xxx/CVE-2022-42844.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to break out of its sandbox" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox." } ] } diff --git a/2022/42xxx/CVE-2022-42845.json b/2022/42xxx/CVE-2022-42845.json index cc8b28d5e2b3..846886f3a1fa 100644 --- a/2022/42xxx/CVE-2022-42845.json +++ b/2022/42xxx/CVE-2022-42845.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app with root privileges may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42846.json b/2022/42xxx/CVE-2022-42846.json index cb88ea011c7d..d8b573bb40b1 100644 --- a/2022/42xxx/CVE-2022-42846.json +++ b/2022/42xxx/CVE-2022-42846.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Parsing a maliciously crafted video file may lead to unexpected system termination" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination." } ] } diff --git a/2022/42xxx/CVE-2022-42847.json b/2022/42xxx/CVE-2022-42847.json index 74cf28336c20..ac7077e2aca6 100644 --- a/2022/42xxx/CVE-2022-42847.json +++ b/2022/42xxx/CVE-2022-42847.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42848.json b/2022/42xxx/CVE-2022-42848.json index cadb978d62c5..af07dc265fed 100644 --- a/2022/42xxx/CVE-2022-42848.json +++ b/2022/42xxx/CVE-2022-42848.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42849.json b/2022/42xxx/CVE-2022-42849.json index e044fe5904cb..8f2f52864c45 100644 --- a/2022/42xxx/CVE-2022-42849.json +++ b/2022/42xxx/CVE-2022-42849.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user may be able to elevate privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42850.json b/2022/42xxx/CVE-2022-42850.json index bc7824a4a60b..ef9821f154c7 100644 --- a/2022/42xxx/CVE-2022-42850.json +++ b/2022/42xxx/CVE-2022-42850.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42851.json b/2022/42xxx/CVE-2022-42851.json index 0b3f159afb32..7626b4e422d1 100644 --- a/2022/42xxx/CVE-2022-42851.json +++ b/2022/42xxx/CVE-2022-42851.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Parsing a maliciously crafted TIFF file may lead to disclosure of user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information." } ] } diff --git a/2022/42xxx/CVE-2022-42852.json b/2022/42xxx/CVE-2022-42852.json index c61228a86a54..81d0731313a1 100644 --- a/2022/42xxx/CVE-2022-42852.json +++ b/2022/42xxx/CVE-2022-42852.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may result in the disclosure of process memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory." } ] } diff --git a/2022/42xxx/CVE-2022-42853.json b/2022/42xxx/CVE-2022-42853.json index eccaa3f895f3..bfa32e3e6127 100644 --- a/2022/42xxx/CVE-2022-42853.json +++ b/2022/42xxx/CVE-2022-42853.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system." } ] } diff --git a/2022/42xxx/CVE-2022-42854.json b/2022/42xxx/CVE-2022-42854.json index 1a470bc04ed1..eb96efef5430 100644 --- a/2022/42xxx/CVE-2022-42854.json +++ b/2022/42xxx/CVE-2022-42854.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to disclose kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory." } ] } diff --git a/2022/42xxx/CVE-2022-42855.json b/2022/42xxx/CVE-2022-42855.json index 9e8e42b8cb6d..7d17cd0b299a 100644 --- a/2022/42xxx/CVE-2022-42855.json +++ b/2022/42xxx/CVE-2022-42855.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to use arbitrary entitlements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements." } ] } diff --git a/2022/42xxx/CVE-2022-42856.json b/2022/42xxx/CVE-2022-42856.json index eb8afb2baebc..6cdb42800944 100644 --- a/2022/42xxx/CVE-2022-42856.json +++ b/2022/42xxx/CVE-2022-42856.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213516", + "name": "https://support.apple.com/en-us/HT213516" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.." } ] } diff --git a/2022/42xxx/CVE-2022-42859.json b/2022/42xxx/CVE-2022-42859.json index 392317d9d2c3..ee56af666188 100644 --- a/2022/42xxx/CVE-2022-42859.json +++ b/2022/42xxx/CVE-2022-42859.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences." } ] } diff --git a/2022/42xxx/CVE-2022-42861.json b/2022/42xxx/CVE-2022-42861.json index a00c13c1a4af..fb70f3c6c128 100644 --- a/2022/42xxx/CVE-2022-42861.json +++ b/2022/42xxx/CVE-2022-42861.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to break out of its sandbox" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox." } ] } diff --git a/2022/42xxx/CVE-2022-42862.json b/2022/42xxx/CVE-2022-42862.json index c99002102271..6e162847243e 100644 --- a/2022/42xxx/CVE-2022-42862.json +++ b/2022/42xxx/CVE-2022-42862.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences." } ] } diff --git a/2022/42xxx/CVE-2022-42863.json b/2022/42xxx/CVE-2022-42863.json index 7b084ebe0c94..42d137208382 100644 --- a/2022/42xxx/CVE-2022-42863.json +++ b/2022/42xxx/CVE-2022-42863.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/42xxx/CVE-2022-42864.json b/2022/42xxx/CVE-2022-42864.json index aab481f75a33..b9235ca3d9d3 100644 --- a/2022/42xxx/CVE-2022-42864.json +++ b/2022/42xxx/CVE-2022-42864.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/42xxx/CVE-2022-42865.json b/2022/42xxx/CVE-2022-42865.json index 42a2382a6465..e1473fdcb07e 100644 --- a/2022/42xxx/CVE-2022-42865.json +++ b/2022/42xxx/CVE-2022-42865.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences." } ] } diff --git a/2022/42xxx/CVE-2022-42866.json b/2022/42xxx/CVE-2022-42866.json index 0308777044dd..7b3b5cdadaf0 100644 --- a/2022/42xxx/CVE-2022-42866.json +++ b/2022/42xxx/CVE-2022-42866.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information." } ] } diff --git a/2022/42xxx/CVE-2022-42867.json b/2022/42xxx/CVE-2022-42867.json index 4b573bde3197..1ea1e9f8387e 100644 --- a/2022/42xxx/CVE-2022-42867.json +++ b/2022/42xxx/CVE-2022-42867.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/46xxx/CVE-2022-46689.json b/2022/46xxx/CVE-2022-46689.json index 6e83b413576b..5c1896b2975d 100644 --- a/2022/46xxx/CVE-2022-46689.json +++ b/2022/46xxx/CVE-2022-46689.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/46xxx/CVE-2022-46690.json b/2022/46xxx/CVE-2022-46690.json index 993d86ae5507..553b6ef289ac 100644 --- a/2022/46xxx/CVE-2022-46690.json +++ b/2022/46xxx/CVE-2022-46690.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/46xxx/CVE-2022-46691.json b/2022/46xxx/CVE-2022-46691.json index 466a71831074..6751b83de39e 100644 --- a/2022/46xxx/CVE-2022-46691.json +++ b/2022/46xxx/CVE-2022-46691.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/46xxx/CVE-2022-46692.json b/2022/46xxx/CVE-2022-46692.json index 8961b32b93ab..6a05c6429e66 100644 --- a/2022/46xxx/CVE-2022-46692.json +++ b/2022/46xxx/CVE-2022-46692.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may bypass Same Origin Policy" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213538", + "name": "https://support.apple.com/en-us/HT213538" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy." } ] } diff --git a/2022/46xxx/CVE-2022-46693.json b/2022/46xxx/CVE-2022-46693.json index b7d1a3456180..4331b73b9c20 100644 --- a/2022/46xxx/CVE-2022-46693.json +++ b/2022/46xxx/CVE-2022-46693.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a maliciously crafted file may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213538", + "name": "https://support.apple.com/en-us/HT213538" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution." } ] } diff --git a/2022/46xxx/CVE-2022-46694.json b/2022/46xxx/CVE-2022-46694.json index b378d97f64da..9f25d25c852b 100644 --- a/2022/46xxx/CVE-2022-46694.json +++ b/2022/46xxx/CVE-2022-46694.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Parsing a maliciously crafted video file may lead to kernel code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution." } ] } diff --git a/2022/46xxx/CVE-2022-46695.json b/2022/46xxx/CVE-2022-46695.json index de0ab4ee0abf..9b04a53a845d 100644 --- a/2022/46xxx/CVE-2022-46695.json +++ b/2022/46xxx/CVE-2022-46695.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Visiting a website that frames malicious content may lead to UI spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing." } ] } diff --git a/2022/46xxx/CVE-2022-46696.json b/2022/46xxx/CVE-2022-46696.json index 6eba278e2688..ad1e818a6ce7 100644 --- a/2022/46xxx/CVE-2022-46696.json +++ b/2022/46xxx/CVE-2022-46696.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/46xxx/CVE-2022-46697.json b/2022/46xxx/CVE-2022-46697.json index 89efac016110..7998c13cc062 100644 --- a/2022/46xxx/CVE-2022-46697.json +++ b/2022/46xxx/CVE-2022-46697.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges." } ] } diff --git a/2022/46xxx/CVE-2022-46698.json b/2022/46xxx/CVE-2022-46698.json index 7a28e7d87faa..24a52a5e1680 100644 --- a/2022/46xxx/CVE-2022-46698.json +++ b/2022/46xxx/CVE-2022-46698.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "14.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may disclose sensitive user information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213538", + "name": "https://support.apple.com/en-us/HT213538" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information." } ] } diff --git a/2022/46xxx/CVE-2022-46699.json b/2022/46xxx/CVE-2022-46699.json index 6cc57371ac88..794de2b82fc5 100644 --- a/2022/46xxx/CVE-2022-46699.json +++ b/2022/46xxx/CVE-2022-46699.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/46xxx/CVE-2022-46700.json b/2022/46xxx/CVE-2022-46700.json index d5449aa34127..aaae53a47261 100644 --- a/2022/46xxx/CVE-2022-46700.json +++ b/2022/46xxx/CVE-2022-46700.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213536", + "name": "https://support.apple.com/en-us/HT213536" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213537", + "name": "https://support.apple.com/en-us/HT213537" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ] } diff --git a/2022/46xxx/CVE-2022-46701.json b/2022/46xxx/CVE-2022-46701.json index 014e79f9065c..9a9b79697426 100644 --- a/2022/46xxx/CVE-2022-46701.json +++ b/2022/46xxx/CVE-2022-46701.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213535", + "name": "https://support.apple.com/en-us/HT213535" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges." } ] } diff --git a/2022/46xxx/CVE-2022-46702.json b/2022/46xxx/CVE-2022-46702.json index a09b4246a62d..0c5a9fad67d8 100644 --- a/2022/46xxx/CVE-2022-46702.json +++ b/2022/46xxx/CVE-2022-46702.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to disclose kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213530", + "name": "https://support.apple.com/en-us/HT213530" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory." } ] } diff --git a/2022/47xxx/CVE-2022-47502.json b/2022/47xxx/CVE-2022-47502.json new file mode 100644 index 000000000000..ac6fa1804cf7 --- /dev/null +++ b/2022/47xxx/CVE-2022-47502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4506.json b/2022/4xxx/CVE-2022-4506.json index b5b434f2e4f7..21b38dc2a6b6 100644 --- a/2022/4xxx/CVE-2022-4506.json +++ b/2022/4xxx/CVE-2022-4506.json @@ -1,89 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-4506", - "STATE": "PUBLIC", - "TITLE": "Unrestricted Upload of File with Dangerous Type in openemr/openemr" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openemr/openemr", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "7.0.0.2" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4506", + "STATE": "PUBLIC", + "TITLE": "Unrestricted Upload of File with Dangerous Type in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" } - } ] - }, - "vendor_name": "openemr" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942" - }, - { - "name": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f", - "refsource": "MISC", - "url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f" - } - ] - }, - "source": { - "advisory": "f423d193-4ab0-4f03-ad90-25e4f02e7942", - "discovery": "EXTERNAL" - } + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942" + }, + { + "name": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-4506", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-4506" + } + ] + }, + "source": { + "advisory": "f423d193-4ab0-4f03-ad90-25e4f02e7942", + "discovery": "EXTERNAL" + } } \ No newline at end of file From c801d46bad2244fc9f5db10c710e3dbe9bdd8ad3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 18:40:08 +0000 Subject: [PATCH 021/754] "-Synchronized-Data." --- 2022/22xxx/CVE-2022-22063.json | 99 +++++++++++++++++++- 2022/23xxx/CVE-2022-23474.json | 81 +++++++++++++++- 2022/23xxx/CVE-2022-23507.json | 76 ++++++++++++++- 2022/23xxx/CVE-2022-23524.json | 76 ++++++++++++++- 2022/23xxx/CVE-2022-23525.json | 81 +++++++++++++++- 2022/23xxx/CVE-2022-23526.json | 81 +++++++++++++++- 2022/2xxx/CVE-2022-2536.json | 99 +++++++++++++++++++- 2022/3xxx/CVE-2022-3427.json | 79 +++++++++++++++- 2022/44xxx/CVE-2022-44235.json | 56 +++++++++-- 2022/44xxx/CVE-2022-44236.json | 56 +++++++++-- 2022/45xxx/CVE-2022-45033.json | 56 +++++++++-- 2022/46xxx/CVE-2022-46768.json | 7 +- 2022/47xxx/CVE-2022-47420.json | 18 ++++ 2022/47xxx/CVE-2022-47421.json | 18 ++++ 2022/47xxx/CVE-2022-47422.json | 18 ++++ 2022/47xxx/CVE-2022-47423.json | 18 ++++ 2022/47xxx/CVE-2022-47424.json | 18 ++++ 2022/47xxx/CVE-2022-47425.json | 18 ++++ 2022/47xxx/CVE-2022-47426.json | 18 ++++ 2022/47xxx/CVE-2022-47427.json | 18 ++++ 2022/47xxx/CVE-2022-47428.json | 18 ++++ 2022/47xxx/CVE-2022-47429.json | 18 ++++ 2022/47xxx/CVE-2022-47430.json | 18 ++++ 2022/47xxx/CVE-2022-47431.json | 18 ++++ 2022/47xxx/CVE-2022-47432.json | 18 ++++ 2022/47xxx/CVE-2022-47433.json | 18 ++++ 2022/47xxx/CVE-2022-47434.json | 18 ++++ 2022/47xxx/CVE-2022-47435.json | 18 ++++ 2022/47xxx/CVE-2022-47436.json | 18 ++++ 2022/47xxx/CVE-2022-47437.json | 18 ++++ 2022/47xxx/CVE-2022-47438.json | 18 ++++ 2022/47xxx/CVE-2022-47439.json | 18 ++++ 2022/47xxx/CVE-2022-47440.json | 18 ++++ 2022/47xxx/CVE-2022-47441.json | 18 ++++ 2022/47xxx/CVE-2022-47442.json | 18 ++++ 2022/47xxx/CVE-2022-47443.json | 18 ++++ 2022/47xxx/CVE-2022-47444.json | 18 ++++ 2022/47xxx/CVE-2022-47445.json | 18 ++++ 2022/47xxx/CVE-2022-47446.json | 18 ++++ 2022/47xxx/CVE-2022-47447.json | 18 ++++ 2022/47xxx/CVE-2022-47448.json | 18 ++++ 2022/47xxx/CVE-2022-47449.json | 18 ++++ 2022/47xxx/CVE-2022-47450.json | 18 ++++ 2022/47xxx/CVE-2022-47451.json | 18 ++++ 2022/47xxx/CVE-2022-47453.json | 18 ++++ 2022/47xxx/CVE-2022-47454.json | 18 ++++ 2022/47xxx/CVE-2022-47455.json | 18 ++++ 2022/47xxx/CVE-2022-47456.json | 18 ++++ 2022/47xxx/CVE-2022-47460.json | 18 ++++ 2022/47xxx/CVE-2022-47462.json | 18 ++++ 2022/47xxx/CVE-2022-47464.json | 18 ++++ 2022/47xxx/CVE-2022-47465.json | 18 ++++ 2022/47xxx/CVE-2022-47466.json | 18 ++++ 2022/47xxx/CVE-2022-47467.json | 18 ++++ 2022/47xxx/CVE-2022-47468.json | 18 ++++ 2022/47xxx/CVE-2022-47469.json | 18 ++++ 2022/47xxx/CVE-2022-47471.json | 18 ++++ 2022/47xxx/CVE-2022-47477.json | 18 ++++ 2022/47xxx/CVE-2022-47479.json | 18 ++++ 2022/47xxx/CVE-2022-47480.json | 18 ++++ 2022/47xxx/CVE-2022-47481.json | 18 ++++ 2022/47xxx/CVE-2022-47483.json | 18 ++++ 2022/47xxx/CVE-2022-47484.json | 18 ++++ 2022/47xxx/CVE-2022-47485.json | 18 ++++ 2022/47xxx/CVE-2022-47486.json | 18 ++++ 2022/47xxx/CVE-2022-47487.json | 18 ++++ 2022/47xxx/CVE-2022-47488.json | 18 ++++ 2022/47xxx/CVE-2022-47489.json | 18 ++++ 2022/47xxx/CVE-2022-47490.json | 18 ++++ 2022/47xxx/CVE-2022-47491.json | 18 ++++ 2022/47xxx/CVE-2022-47493.json | 18 ++++ 2022/47xxx/CVE-2022-47495.json | 18 ++++ 2022/47xxx/CVE-2022-47499.json | 18 ++++ 2022/4xxx/CVE-2022-4502.json | 166 ++++++++++++++++----------------- 2022/4xxx/CVE-2022-4503.json | 166 ++++++++++++++++----------------- 2022/4xxx/CVE-2022-4506.json | 5 - 2022/4xxx/CVE-2022-4507.json | 18 ++++ 2022/4xxx/CVE-2022-4508.json | 18 ++++ 2022/4xxx/CVE-2022-4509.json | 18 ++++ 2022/4xxx/CVE-2022-4510.json | 18 ++++ 80 files changed, 2130 insertions(+), 224 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47420.json create mode 100644 2022/47xxx/CVE-2022-47421.json create mode 100644 2022/47xxx/CVE-2022-47422.json create mode 100644 2022/47xxx/CVE-2022-47423.json create mode 100644 2022/47xxx/CVE-2022-47424.json create mode 100644 2022/47xxx/CVE-2022-47425.json create mode 100644 2022/47xxx/CVE-2022-47426.json create mode 100644 2022/47xxx/CVE-2022-47427.json create mode 100644 2022/47xxx/CVE-2022-47428.json create mode 100644 2022/47xxx/CVE-2022-47429.json create mode 100644 2022/47xxx/CVE-2022-47430.json create mode 100644 2022/47xxx/CVE-2022-47431.json create mode 100644 2022/47xxx/CVE-2022-47432.json create mode 100644 2022/47xxx/CVE-2022-47433.json create mode 100644 2022/47xxx/CVE-2022-47434.json create mode 100644 2022/47xxx/CVE-2022-47435.json create mode 100644 2022/47xxx/CVE-2022-47436.json create mode 100644 2022/47xxx/CVE-2022-47437.json create mode 100644 2022/47xxx/CVE-2022-47438.json create mode 100644 2022/47xxx/CVE-2022-47439.json create mode 100644 2022/47xxx/CVE-2022-47440.json create mode 100644 2022/47xxx/CVE-2022-47441.json create mode 100644 2022/47xxx/CVE-2022-47442.json create mode 100644 2022/47xxx/CVE-2022-47443.json create mode 100644 2022/47xxx/CVE-2022-47444.json create mode 100644 2022/47xxx/CVE-2022-47445.json create mode 100644 2022/47xxx/CVE-2022-47446.json create mode 100644 2022/47xxx/CVE-2022-47447.json create mode 100644 2022/47xxx/CVE-2022-47448.json create mode 100644 2022/47xxx/CVE-2022-47449.json create mode 100644 2022/47xxx/CVE-2022-47450.json create mode 100644 2022/47xxx/CVE-2022-47451.json create mode 100644 2022/47xxx/CVE-2022-47453.json create mode 100644 2022/47xxx/CVE-2022-47454.json create mode 100644 2022/47xxx/CVE-2022-47455.json create mode 100644 2022/47xxx/CVE-2022-47456.json create mode 100644 2022/47xxx/CVE-2022-47460.json create mode 100644 2022/47xxx/CVE-2022-47462.json create mode 100644 2022/47xxx/CVE-2022-47464.json create mode 100644 2022/47xxx/CVE-2022-47465.json create mode 100644 2022/47xxx/CVE-2022-47466.json create mode 100644 2022/47xxx/CVE-2022-47467.json create mode 100644 2022/47xxx/CVE-2022-47468.json create mode 100644 2022/47xxx/CVE-2022-47469.json create mode 100644 2022/47xxx/CVE-2022-47471.json create mode 100644 2022/47xxx/CVE-2022-47477.json create mode 100644 2022/47xxx/CVE-2022-47479.json create mode 100644 2022/47xxx/CVE-2022-47480.json create mode 100644 2022/47xxx/CVE-2022-47481.json create mode 100644 2022/47xxx/CVE-2022-47483.json create mode 100644 2022/47xxx/CVE-2022-47484.json create mode 100644 2022/47xxx/CVE-2022-47485.json create mode 100644 2022/47xxx/CVE-2022-47486.json create mode 100644 2022/47xxx/CVE-2022-47487.json create mode 100644 2022/47xxx/CVE-2022-47488.json create mode 100644 2022/47xxx/CVE-2022-47489.json create mode 100644 2022/47xxx/CVE-2022-47490.json create mode 100644 2022/47xxx/CVE-2022-47491.json create mode 100644 2022/47xxx/CVE-2022-47493.json create mode 100644 2022/47xxx/CVE-2022-47495.json create mode 100644 2022/47xxx/CVE-2022-47499.json create mode 100644 2022/4xxx/CVE-2022-4507.json create mode 100644 2022/4xxx/CVE-2022-4508.json create mode 100644 2022/4xxx/CVE-2022-4509.json create mode 100644 2022/4xxx/CVE-2022-4510.json diff --git a/2022/22xxx/CVE-2022-22063.json b/2022/22xxx/CVE-2022-22063.json index 3533062333a4..45258a83d4cb 100644 --- a/2022/22xxx/CVE-2022-22063.json +++ b/2022/22xxx/CVE-2022-22063.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@qualcomm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory corruption in Core due to improper configuration in boot remapper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qualcomm, Inc.", + "product": { + "product_data": [ + { + "product_name": "Snapdragon", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU", + "version_affected": "=" + }, + { + "version_value": "MDM9640", + "version_affected": "=" + }, + { + "version_value": "MDM9645", + "version_affected": "=" + }, + { + "version_value": "QCA6174", + "version_affected": "=" + }, + { + "version_value": "QCA6174A", + "version_affected": "=" + }, + { + "version_value": "QCA6574A", + "version_affected": "=" + }, + { + "version_value": "QCA6574AU", + "version_affected": "=" + }, + { + "version_value": "WCN3990", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin", + "refsource": "MISC", + "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23474.json b/2022/23xxx/CVE-2022-23474.json index 7c291c501d26..3cf56d36d74d 100644 --- a/2022/23xxx/CVE-2022-23474.json +++ b/2022/23xxx/CVE-2022-23474.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper\u2019s innerHTML. This issue is patched in version 2.26.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codex-team", + "product": { + "product_data": [ + { + "product_name": "editor.js", + "version": { + "version_data": [ + { + "version_value": "2.26.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitylab.github.com/advisories/GHSL-2022-028_codex-team_editor_js/", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2022-028_codex-team_editor_js/" + }, + { + "url": "https://github.com/codex-team/editor.js/pull/2100", + "refsource": "MISC", + "name": "https://github.com/codex-team/editor.js/pull/2100" + } + ] + }, + "source": { + "advisory": "GHSA-6mvj-2569-3mcm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23507.json b/2022/23xxx/CVE-2022-23507.json index 38a24827ca01..5f57a0c7aa30 100644 --- a/2022/23xxx/CVE-2022-23507.json +++ b/2022/23xxx/CVE-2022-23507.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "informalsystems", + "product": { + "product_data": [ + { + "product_name": "tendermint-rs", + "version": { + "version_data": [ + { + "version_value": "0.28.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5", + "refsource": "MISC", + "name": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5" + } + ] + }, + "source": { + "advisory": "GHSA-xqqc-c5gw-c5r5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23524.json b/2022/23xxx/CVE-2022-23524.json index bbb74aad946f..e1eef24906e4 100644 --- a/2022/23xxx/CVE-2022-23524.json +++ b/2022/23xxx/CVE-2022-23524.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "helm", + "product": { + "product_data": [ + { + "product_name": "helm", + "version": { + "version_data": [ + { + "version_value": "< v3.10.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", + "refsource": "MISC", + "name": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r" + } + ] + }, + "source": { + "advisory": "GHSA-6rx9-889q-vv2r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23525.json b/2022/23xxx/CVE-2022-23525.json index 82b413a81722..cd1428d2131f 100644 --- a/2022/23xxx/CVE-2022-23525.json +++ b/2022/23xxx/CVE-2022-23525.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "helm", + "product": { + "product_data": [ + { + "product_name": "helm", + "version": { + "version_data": [ + { + "version_value": "< v3.10.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", + "refsource": "MISC", + "name": "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q" + }, + { + "url": "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", + "refsource": "MISC", + "name": "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b" + } + ] + }, + "source": { + "advisory": "GHSA-53c4-hhmh-vw5q", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23526.json b/2022/23xxx/CVE-2022-23526.json index 852d9833a59b..d0222e8f4bda 100644 --- a/2022/23xxx/CVE-2022-23526.json +++ b/2022/23xxx/CVE-2022-23526.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "helm", + "product": { + "product_data": [ + { + "product_name": "helm", + "version": { + "version_data": [ + { + "version_value": "< v3.10.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", + "refsource": "MISC", + "name": "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33" + }, + { + "url": "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", + "refsource": "MISC", + "name": "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d" + } + ] + }, + "source": { + "advisory": "GHSA-67fx-wx78-jx33", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/2xxx/CVE-2022-2536.json b/2022/2xxx/CVE-2022-2536.json index 1aabf70d1131..e810c5c0df3d 100644 --- a/2022/2xxx/CVE-2022-2536.json +++ b/2022/2xxx/CVE-2022-2536.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the \"Who can translate\" setting under the \"Settings\" tab. However, this option is largely ignored, if Transposh has enabled its \"autotranslate\" feature (it's enabled by default) and the HTTP POST parameter \"sr0\" is larger than 0. This is caused by a faulty validation in \"wp/transposh_db.php.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "oferwald", + "product": { + "product_data": [ + { + "product_name": "Transposh WordPress Translation", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/", + "refsource": "MISC", + "name": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6" + }, + { + "url": "https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt" + }, + { + "url": "https://www.exploitalert.com/view-details.html?id=38949", + "refsource": "MISC", + "name": "https://www.exploitalert.com/view-details.html?id=38949" + }, + { + "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536", + "refsource": "MISC", + "name": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536" + }, + { + "url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt", + "refsource": "MISC", + "name": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Julien Ahrens" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2022/3xxx/CVE-2022-3427.json b/2022/3xxx/CVE-2022-3427.json index d3b213b00600..db048db0ce0c 100644 --- a/2022/3xxx/CVE-2022-3427.json +++ b/2022/3xxx/CVE-2022-3427.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codepeople", + "product": { + "product_data": [ + { + "product_name": "Corner Ad", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6c5e9a-754f-41c8-b27b-caa133b5070f", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6c5e9a-754f-41c8-b27b-caa133b5070f" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2765630%40corner-ad%2Ftrunk&old=2719671%40corner-ad%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2765630%40corner-ad%2Ftrunk&old=2719671%40corner-ad%2Ftrunk&sfp_email=&sfph_mail=" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/corner-ad/trunk/corner-ad.php?rev=2782613#L240", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/corner-ad/trunk/corner-ad.php?rev=2782613#L240" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2022/44xxx/CVE-2022-44235.json b/2022/44xxx/CVE-2022-44235.json index d6412586548d..b1d44e358206 100644 --- a/2022/44xxx/CVE-2022-44235.json +++ b/2022/44xxx/CVE-2022-44235.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44235", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44235", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liong007/Zed-3/issues/1", + "refsource": "MISC", + "name": "https://github.com/liong007/Zed-3/issues/1" } ] } diff --git a/2022/44xxx/CVE-2022-44236.json b/2022/44xxx/CVE-2022-44236.json index 62c65be6357c..9f276e183a51 100644 --- a/2022/44xxx/CVE-2022-44236.json +++ b/2022/44xxx/CVE-2022-44236.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44236", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44236", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liong007/Zed-3/issues/2", + "refsource": "MISC", + "name": "https://github.com/liong007/Zed-3/issues/2" } ] } diff --git a/2022/45xxx/CVE-2022-45033.json b/2022/45xxx/CVE-2022-45033.json index 3a3163f3eed3..1bf2fa462a01 100644 --- a/2022/45xxx/CVE-2022-45033.json +++ b/2022/45xxx/CVE-2022-45033.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45033", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45033", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/cyb3r-n3rd/cve-request/blob/main/cve-poc-payload", + "url": "https://github.com/cyb3r-n3rd/cve-request/blob/main/cve-poc-payload" } ] } diff --git a/2022/46xxx/CVE-2022-46768.json b/2022/46xxx/CVE-2022-46768.json index 58dfd178847b..f0e54762286f 100644 --- a/2022/46xxx/CVE-2022-46768.json +++ b/2022/46xxx/CVE-2022-46768.json @@ -101,8 +101,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.zabbix.com/browse/ZBX-22087" + "refsource": "MISC", + "url": "https://support.zabbix.com/browse/ZBX-22087", + "name": "https://support.zabbix.com/browse/ZBX-22087" } ] }, @@ -121,4 +122,4 @@ "value": "If an immediate update is not possible, limit network access to Zabbix Web Service Report Generation." } ] -} +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47420.json b/2022/47xxx/CVE-2022-47420.json new file mode 100644 index 000000000000..4ac991270e3e --- /dev/null +++ b/2022/47xxx/CVE-2022-47420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47421.json b/2022/47xxx/CVE-2022-47421.json new file mode 100644 index 000000000000..c345bc5bb0d4 --- /dev/null +++ b/2022/47xxx/CVE-2022-47421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47422.json b/2022/47xxx/CVE-2022-47422.json new file mode 100644 index 000000000000..b1a02752ccf3 --- /dev/null +++ b/2022/47xxx/CVE-2022-47422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47423.json b/2022/47xxx/CVE-2022-47423.json new file mode 100644 index 000000000000..94ad80f0d69b --- /dev/null +++ b/2022/47xxx/CVE-2022-47423.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47423", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47424.json b/2022/47xxx/CVE-2022-47424.json new file mode 100644 index 000000000000..4c5d587f928f --- /dev/null +++ b/2022/47xxx/CVE-2022-47424.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47424", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47425.json b/2022/47xxx/CVE-2022-47425.json new file mode 100644 index 000000000000..249f53a0de92 --- /dev/null +++ b/2022/47xxx/CVE-2022-47425.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47425", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47426.json b/2022/47xxx/CVE-2022-47426.json new file mode 100644 index 000000000000..c297463f7ab0 --- /dev/null +++ b/2022/47xxx/CVE-2022-47426.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47426", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47427.json b/2022/47xxx/CVE-2022-47427.json new file mode 100644 index 000000000000..f1137661f153 --- /dev/null +++ b/2022/47xxx/CVE-2022-47427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47428.json b/2022/47xxx/CVE-2022-47428.json new file mode 100644 index 000000000000..b7c447b69016 --- /dev/null +++ b/2022/47xxx/CVE-2022-47428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47429.json b/2022/47xxx/CVE-2022-47429.json new file mode 100644 index 000000000000..a5d8962b5498 --- /dev/null +++ b/2022/47xxx/CVE-2022-47429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47430.json b/2022/47xxx/CVE-2022-47430.json new file mode 100644 index 000000000000..9c514e1891b2 --- /dev/null +++ b/2022/47xxx/CVE-2022-47430.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47430", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47431.json b/2022/47xxx/CVE-2022-47431.json new file mode 100644 index 000000000000..d2602bbf5e36 --- /dev/null +++ b/2022/47xxx/CVE-2022-47431.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47431", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47432.json b/2022/47xxx/CVE-2022-47432.json new file mode 100644 index 000000000000..90fccf826bf0 --- /dev/null +++ b/2022/47xxx/CVE-2022-47432.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47432", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47433.json b/2022/47xxx/CVE-2022-47433.json new file mode 100644 index 000000000000..34ce56dd44ae --- /dev/null +++ b/2022/47xxx/CVE-2022-47433.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47433", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47434.json b/2022/47xxx/CVE-2022-47434.json new file mode 100644 index 000000000000..891dad314b36 --- /dev/null +++ b/2022/47xxx/CVE-2022-47434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47435.json b/2022/47xxx/CVE-2022-47435.json new file mode 100644 index 000000000000..d48603a3cc29 --- /dev/null +++ b/2022/47xxx/CVE-2022-47435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47436.json b/2022/47xxx/CVE-2022-47436.json new file mode 100644 index 000000000000..d710871b10ed --- /dev/null +++ b/2022/47xxx/CVE-2022-47436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47437.json b/2022/47xxx/CVE-2022-47437.json new file mode 100644 index 000000000000..47add7e49f36 --- /dev/null +++ b/2022/47xxx/CVE-2022-47437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47438.json b/2022/47xxx/CVE-2022-47438.json new file mode 100644 index 000000000000..57b3474f62b3 --- /dev/null +++ b/2022/47xxx/CVE-2022-47438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47439.json b/2022/47xxx/CVE-2022-47439.json new file mode 100644 index 000000000000..67e5305e2792 --- /dev/null +++ b/2022/47xxx/CVE-2022-47439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47440.json b/2022/47xxx/CVE-2022-47440.json new file mode 100644 index 000000000000..dd7733c72b88 --- /dev/null +++ b/2022/47xxx/CVE-2022-47440.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47440", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47441.json b/2022/47xxx/CVE-2022-47441.json new file mode 100644 index 000000000000..26c7942af8e4 --- /dev/null +++ b/2022/47xxx/CVE-2022-47441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47441", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47442.json b/2022/47xxx/CVE-2022-47442.json new file mode 100644 index 000000000000..40d0f9693450 --- /dev/null +++ b/2022/47xxx/CVE-2022-47442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47442", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47443.json b/2022/47xxx/CVE-2022-47443.json new file mode 100644 index 000000000000..b9d0a3509f7c --- /dev/null +++ b/2022/47xxx/CVE-2022-47443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47444.json b/2022/47xxx/CVE-2022-47444.json new file mode 100644 index 000000000000..7d44b313c810 --- /dev/null +++ b/2022/47xxx/CVE-2022-47444.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47444", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47445.json b/2022/47xxx/CVE-2022-47445.json new file mode 100644 index 000000000000..edb2d23231f6 --- /dev/null +++ b/2022/47xxx/CVE-2022-47445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47446.json b/2022/47xxx/CVE-2022-47446.json new file mode 100644 index 000000000000..a48bc18fdd9c --- /dev/null +++ b/2022/47xxx/CVE-2022-47446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47447.json b/2022/47xxx/CVE-2022-47447.json new file mode 100644 index 000000000000..ec0b66c4a84a --- /dev/null +++ b/2022/47xxx/CVE-2022-47447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47448.json b/2022/47xxx/CVE-2022-47448.json new file mode 100644 index 000000000000..569df9092f4f --- /dev/null +++ b/2022/47xxx/CVE-2022-47448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47449.json b/2022/47xxx/CVE-2022-47449.json new file mode 100644 index 000000000000..67c2f94e1303 --- /dev/null +++ b/2022/47xxx/CVE-2022-47449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47450.json b/2022/47xxx/CVE-2022-47450.json new file mode 100644 index 000000000000..fa7543c89317 --- /dev/null +++ b/2022/47xxx/CVE-2022-47450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47451.json b/2022/47xxx/CVE-2022-47451.json new file mode 100644 index 000000000000..28f341f97b83 --- /dev/null +++ b/2022/47xxx/CVE-2022-47451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47453.json b/2022/47xxx/CVE-2022-47453.json new file mode 100644 index 000000000000..d5049276990f --- /dev/null +++ b/2022/47xxx/CVE-2022-47453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47454.json b/2022/47xxx/CVE-2022-47454.json new file mode 100644 index 000000000000..ea6e72eb6b5c --- /dev/null +++ b/2022/47xxx/CVE-2022-47454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47455.json b/2022/47xxx/CVE-2022-47455.json new file mode 100644 index 000000000000..6381c2a20903 --- /dev/null +++ b/2022/47xxx/CVE-2022-47455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47456.json b/2022/47xxx/CVE-2022-47456.json new file mode 100644 index 000000000000..3b7115d36324 --- /dev/null +++ b/2022/47xxx/CVE-2022-47456.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47456", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47460.json b/2022/47xxx/CVE-2022-47460.json new file mode 100644 index 000000000000..abe13991192b --- /dev/null +++ b/2022/47xxx/CVE-2022-47460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47462.json b/2022/47xxx/CVE-2022-47462.json new file mode 100644 index 000000000000..ed237a82a788 --- /dev/null +++ b/2022/47xxx/CVE-2022-47462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47464.json b/2022/47xxx/CVE-2022-47464.json new file mode 100644 index 000000000000..91150cab753c --- /dev/null +++ b/2022/47xxx/CVE-2022-47464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47465.json b/2022/47xxx/CVE-2022-47465.json new file mode 100644 index 000000000000..4163a4508be5 --- /dev/null +++ b/2022/47xxx/CVE-2022-47465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47466.json b/2022/47xxx/CVE-2022-47466.json new file mode 100644 index 000000000000..e247fe413db0 --- /dev/null +++ b/2022/47xxx/CVE-2022-47466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47467.json b/2022/47xxx/CVE-2022-47467.json new file mode 100644 index 000000000000..2dfa4ee0316f --- /dev/null +++ b/2022/47xxx/CVE-2022-47467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47468.json b/2022/47xxx/CVE-2022-47468.json new file mode 100644 index 000000000000..1f0bb42eb866 --- /dev/null +++ b/2022/47xxx/CVE-2022-47468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47469.json b/2022/47xxx/CVE-2022-47469.json new file mode 100644 index 000000000000..b392587ac275 --- /dev/null +++ b/2022/47xxx/CVE-2022-47469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47471.json b/2022/47xxx/CVE-2022-47471.json new file mode 100644 index 000000000000..c23d419415bf --- /dev/null +++ b/2022/47xxx/CVE-2022-47471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47477.json b/2022/47xxx/CVE-2022-47477.json new file mode 100644 index 000000000000..75bfd627c8ac --- /dev/null +++ b/2022/47xxx/CVE-2022-47477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47477", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47479.json b/2022/47xxx/CVE-2022-47479.json new file mode 100644 index 000000000000..9f503c3146d4 --- /dev/null +++ b/2022/47xxx/CVE-2022-47479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47479", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47480.json b/2022/47xxx/CVE-2022-47480.json new file mode 100644 index 000000000000..3e2bcf500687 --- /dev/null +++ b/2022/47xxx/CVE-2022-47480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47480", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47481.json b/2022/47xxx/CVE-2022-47481.json new file mode 100644 index 000000000000..fb4c7b544fae --- /dev/null +++ b/2022/47xxx/CVE-2022-47481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47483.json b/2022/47xxx/CVE-2022-47483.json new file mode 100644 index 000000000000..9c08873169fc --- /dev/null +++ b/2022/47xxx/CVE-2022-47483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47484.json b/2022/47xxx/CVE-2022-47484.json new file mode 100644 index 000000000000..b4b9f2586ab7 --- /dev/null +++ b/2022/47xxx/CVE-2022-47484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47485.json b/2022/47xxx/CVE-2022-47485.json new file mode 100644 index 000000000000..9e09bfd3b3af --- /dev/null +++ b/2022/47xxx/CVE-2022-47485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47486.json b/2022/47xxx/CVE-2022-47486.json new file mode 100644 index 000000000000..2f78ef061369 --- /dev/null +++ b/2022/47xxx/CVE-2022-47486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47487.json b/2022/47xxx/CVE-2022-47487.json new file mode 100644 index 000000000000..5753450f3397 --- /dev/null +++ b/2022/47xxx/CVE-2022-47487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47487", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47488.json b/2022/47xxx/CVE-2022-47488.json new file mode 100644 index 000000000000..36e4994c8695 --- /dev/null +++ b/2022/47xxx/CVE-2022-47488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47489.json b/2022/47xxx/CVE-2022-47489.json new file mode 100644 index 000000000000..60f4301cec3b --- /dev/null +++ b/2022/47xxx/CVE-2022-47489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47490.json b/2022/47xxx/CVE-2022-47490.json new file mode 100644 index 000000000000..9bce0caf3726 --- /dev/null +++ b/2022/47xxx/CVE-2022-47490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47491.json b/2022/47xxx/CVE-2022-47491.json new file mode 100644 index 000000000000..b2db9b8ec651 --- /dev/null +++ b/2022/47xxx/CVE-2022-47491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47493.json b/2022/47xxx/CVE-2022-47493.json new file mode 100644 index 000000000000..564b287f3806 --- /dev/null +++ b/2022/47xxx/CVE-2022-47493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47495.json b/2022/47xxx/CVE-2022-47495.json new file mode 100644 index 000000000000..f7fc31c192e9 --- /dev/null +++ b/2022/47xxx/CVE-2022-47495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47499.json b/2022/47xxx/CVE-2022-47499.json new file mode 100644 index 000000000000..5cf2c9d875cc --- /dev/null +++ b/2022/47xxx/CVE-2022-47499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4502.json b/2022/4xxx/CVE-2022-4502.json index d97349a371d7..988df1a9d089 100644 --- a/2022/4xxx/CVE-2022-4502.json +++ b/2022/4xxx/CVE-2022-4502.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-4502", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Reflected in openemr/openemr" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openemr/openemr", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "7.0.0.2" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4502", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Reflected in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" } - } ] - }, - "vendor_name": "openemr" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114" - }, - { - "name": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879", - "refsource": "MISC", - "url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879" - } - ] - }, - "source": { - "advisory": "5bdef791-6886-4008-b9ba-045cb4524114", - "discovery": "EXTERNAL" - } + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879" + }, + { + "name": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114" + } + ] + }, + "source": { + "advisory": "5bdef791-6886-4008-b9ba-045cb4524114", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4503.json b/2022/4xxx/CVE-2022-4503.json index 0bb538cfdcc7..e3fa11483173 100644 --- a/2022/4xxx/CVE-2022-4503.json +++ b/2022/4xxx/CVE-2022-4503.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-4503", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Generic in openemr/openemr" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openemr/openemr", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "7.0.0.2" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4503", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Generic in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" } - } ] - }, - "vendor_name": "openemr" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13" - }, - { - "name": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879", - "refsource": "MISC", - "url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879" - } - ] - }, - "source": { - "advisory": "4cba644c-a2f5-4ed7-af5d-f2cab1895e13", - "discovery": "EXTERNAL" - } + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879" + }, + { + "name": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13" + } + ] + }, + "source": { + "advisory": "4cba644c-a2f5-4ed7-af5d-f2cab1895e13", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4506.json b/2022/4xxx/CVE-2022-4506.json index 21b38dc2a6b6..0ee739759e77 100644 --- a/2022/4xxx/CVE-2022-4506.json +++ b/2022/4xxx/CVE-2022-4506.json @@ -79,11 +79,6 @@ "name": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f", "refsource": "MISC", "url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f" - }, - { - "refsource": "MISC", - "name": "https://www.cve.org/CVERecord?id=CVE-2022-4506", - "url": "https://www.cve.org/CVERecord?id=CVE-2022-4506" } ] }, diff --git a/2022/4xxx/CVE-2022-4507.json b/2022/4xxx/CVE-2022-4507.json new file mode 100644 index 000000000000..1a1e50d03eaa --- /dev/null +++ b/2022/4xxx/CVE-2022-4507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4508.json b/2022/4xxx/CVE-2022-4508.json new file mode 100644 index 000000000000..3f3066abb33c --- /dev/null +++ b/2022/4xxx/CVE-2022-4508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4509.json b/2022/4xxx/CVE-2022-4509.json new file mode 100644 index 000000000000..9864971cdba0 --- /dev/null +++ b/2022/4xxx/CVE-2022-4509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4510.json b/2022/4xxx/CVE-2022-4510.json new file mode 100644 index 000000000000..2ac57e8958bf --- /dev/null +++ b/2022/4xxx/CVE-2022-4510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From b4253d935cecdac27bfa3ec2d4538a9835e73613 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 18:40:19 +0000 Subject: [PATCH 022/754] "-Synchronized-Data." --- 2021/3xxx/CVE-2021-3671.json | 5 ++ 2021/4xxx/CVE-2021-4245.json | 18 ++++++++ 2022/31xxx/CVE-2022-31690.json | 5 ++ 2022/32xxx/CVE-2022-32531.json | 80 ++++++++++++++++++++++++++++++-- 2022/35xxx/CVE-2022-35957.json | 5 ++ 2022/36xxx/CVE-2022-36062.json | 5 ++ 2022/39xxx/CVE-2022-39306.json | 5 ++ 2022/39xxx/CVE-2022-39307.json | 5 ++ 2022/3xxx/CVE-2022-3872.json | 5 ++ 2022/3xxx/CVE-2022-3970.json | 5 ++ 2022/43xxx/CVE-2022-43945.json | 5 ++ 2022/44xxx/CVE-2022-44588.json | 84 ++++++++++++++++++++++++++++++++-- 2022/47xxx/CVE-2022-47452.json | 18 ++++++++ 2022/47xxx/CVE-2022-47457.json | 18 ++++++++ 2022/47xxx/CVE-2022-47458.json | 18 ++++++++ 2022/47xxx/CVE-2022-47459.json | 18 ++++++++ 2022/47xxx/CVE-2022-47461.json | 18 ++++++++ 2022/47xxx/CVE-2022-47463.json | 18 ++++++++ 2022/47xxx/CVE-2022-47470.json | 18 ++++++++ 2022/47xxx/CVE-2022-47472.json | 18 ++++++++ 2022/47xxx/CVE-2022-47473.json | 18 ++++++++ 2022/47xxx/CVE-2022-47474.json | 18 ++++++++ 2022/47xxx/CVE-2022-47475.json | 18 ++++++++ 2022/47xxx/CVE-2022-47476.json | 18 ++++++++ 2022/47xxx/CVE-2022-47478.json | 18 ++++++++ 2022/47xxx/CVE-2022-47482.json | 18 ++++++++ 2022/47xxx/CVE-2022-47492.json | 18 ++++++++ 2022/47xxx/CVE-2022-47494.json | 18 ++++++++ 2022/47xxx/CVE-2022-47496.json | 18 ++++++++ 2022/47xxx/CVE-2022-47497.json | 18 ++++++++ 2022/47xxx/CVE-2022-47498.json | 18 ++++++++ 2022/47xxx/CVE-2022-47500.json | 18 ++++++++ 2022/47xxx/CVE-2022-47501.json | 18 ++++++++ 2022/47xxx/CVE-2022-47503.json | 18 ++++++++ 2022/47xxx/CVE-2022-47504.json | 18 ++++++++ 2022/47xxx/CVE-2022-47505.json | 18 ++++++++ 2022/47xxx/CVE-2022-47506.json | 18 ++++++++ 2022/47xxx/CVE-2022-47507.json | 18 ++++++++ 2022/47xxx/CVE-2022-47508.json | 18 ++++++++ 2022/47xxx/CVE-2022-47509.json | 18 ++++++++ 2022/47xxx/CVE-2022-47510.json | 18 ++++++++ 2022/47xxx/CVE-2022-47511.json | 18 ++++++++ 2022/47xxx/CVE-2022-47512.json | 18 ++++++++ 2022/4xxx/CVE-2022-4511.json | 18 ++++++++ 2022/4xxx/CVE-2022-4512.json | 18 ++++++++ 2022/4xxx/CVE-2022-4513.json | 18 ++++++++ 2022/4xxx/CVE-2022-4514.json | 18 ++++++++ 2022/4xxx/CVE-2022-4515.json | 18 ++++++++ 2022/4xxx/CVE-2022-4516.json | 18 ++++++++ 2022/4xxx/CVE-2022-4517.json | 18 ++++++++ 50 files changed, 902 insertions(+), 9 deletions(-) create mode 100644 2021/4xxx/CVE-2021-4245.json create mode 100644 2022/47xxx/CVE-2022-47452.json create mode 100644 2022/47xxx/CVE-2022-47457.json create mode 100644 2022/47xxx/CVE-2022-47458.json create mode 100644 2022/47xxx/CVE-2022-47459.json create mode 100644 2022/47xxx/CVE-2022-47461.json create mode 100644 2022/47xxx/CVE-2022-47463.json create mode 100644 2022/47xxx/CVE-2022-47470.json create mode 100644 2022/47xxx/CVE-2022-47472.json create mode 100644 2022/47xxx/CVE-2022-47473.json create mode 100644 2022/47xxx/CVE-2022-47474.json create mode 100644 2022/47xxx/CVE-2022-47475.json create mode 100644 2022/47xxx/CVE-2022-47476.json create mode 100644 2022/47xxx/CVE-2022-47478.json create mode 100644 2022/47xxx/CVE-2022-47482.json create mode 100644 2022/47xxx/CVE-2022-47492.json create mode 100644 2022/47xxx/CVE-2022-47494.json create mode 100644 2022/47xxx/CVE-2022-47496.json create mode 100644 2022/47xxx/CVE-2022-47497.json create mode 100644 2022/47xxx/CVE-2022-47498.json create mode 100644 2022/47xxx/CVE-2022-47500.json create mode 100644 2022/47xxx/CVE-2022-47501.json create mode 100644 2022/47xxx/CVE-2022-47503.json create mode 100644 2022/47xxx/CVE-2022-47504.json create mode 100644 2022/47xxx/CVE-2022-47505.json create mode 100644 2022/47xxx/CVE-2022-47506.json create mode 100644 2022/47xxx/CVE-2022-47507.json create mode 100644 2022/47xxx/CVE-2022-47508.json create mode 100644 2022/47xxx/CVE-2022-47509.json create mode 100644 2022/47xxx/CVE-2022-47510.json create mode 100644 2022/47xxx/CVE-2022-47511.json create mode 100644 2022/47xxx/CVE-2022-47512.json create mode 100644 2022/4xxx/CVE-2022-4511.json create mode 100644 2022/4xxx/CVE-2022-4512.json create mode 100644 2022/4xxx/CVE-2022-4513.json create mode 100644 2022/4xxx/CVE-2022-4514.json create mode 100644 2022/4xxx/CVE-2022-4515.json create mode 100644 2022/4xxx/CVE-2022-4516.json create mode 100644 2022/4xxx/CVE-2022-4517.json diff --git a/2021/3xxx/CVE-2021-3671.json b/2021/3xxx/CVE-2021-3671.json index 8f1734c48af6..11d848841dd9 100644 --- a/2021/3xxx/CVE-2021-3671.json +++ b/2021/3xxx/CVE-2021-3671.json @@ -68,6 +68,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0002/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0002/" } ] }, diff --git a/2021/4xxx/CVE-2021-4245.json b/2021/4xxx/CVE-2021-4245.json new file mode 100644 index 000000000000..b9a552c0be5f --- /dev/null +++ b/2021/4xxx/CVE-2021-4245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31690.json b/2022/31xxx/CVE-2022-31690.json index 9daa02408cdc..2c72a45d5f52 100644 --- a/2022/31xxx/CVE-2022-31690.json +++ b/2022/31xxx/CVE-2022-31690.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://tanzu.vmware.com/security/cve-2022-31690", "url": "https://tanzu.vmware.com/security/cve-2022-31690" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0010/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0010/" } ] }, diff --git a/2022/32xxx/CVE-2022-32531.json b/2022/32xxx/CVE-2022-32531.json index 1fccbf46eab0..fb1b18b61a14 100644 --- a/2022/32xxx/CVE-2022-32531.json +++ b/2022/32xxx/CVE-2022-32531.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation", + "cweId": "CWE-295" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache BookKeeper", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + }, + { + "version_value": "4.15.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "https://github.com/apache/bookkeeper/pull/3310", + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to 4.14.6 or to 4.15.1
" + } + ], + "value": "Upgrade to 4.14.6 or to 4.15.1\n" + } + ] } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35957.json b/2022/35xxx/CVE-2022-35957.json index cc551819cf56..fb67c33ad567 100644 --- a/2022/35xxx/CVE-2022-35957.json +++ b/2022/35xxx/CVE-2022-35957.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-2eb4418018", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0001/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0001/" } ] }, diff --git a/2022/36xxx/CVE-2022-36062.json b/2022/36xxx/CVE-2022-36062.json index aaeb7e499032..5e2a7e406c53 100644 --- a/2022/36xxx/CVE-2022-36062.json +++ b/2022/36xxx/CVE-2022-36062.json @@ -79,6 +79,11 @@ "name": "https://github.com/grafana/grafana/security/advisories/GHSA-p978-56hq-r492", "refsource": "CONFIRM", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-p978-56hq-r492" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0001/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0001/" } ] }, diff --git a/2022/39xxx/CVE-2022-39306.json b/2022/39xxx/CVE-2022-39306.json index c174d594d40f..d6b61f7e87ad 100644 --- a/2022/39xxx/CVE-2022-39306.json +++ b/2022/39xxx/CVE-2022-39306.json @@ -76,6 +76,11 @@ "name": "https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84", "refsource": "CONFIRM", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0004/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0004/" } ] }, diff --git a/2022/39xxx/CVE-2022-39307.json b/2022/39xxx/CVE-2022-39307.json index 8ab55cf34c97..b778f82b6bd8 100644 --- a/2022/39xxx/CVE-2022-39307.json +++ b/2022/39xxx/CVE-2022-39307.json @@ -76,6 +76,11 @@ "name": "https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5", "refsource": "CONFIRM", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0004/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0004/" } ] }, diff --git a/2022/3xxx/CVE-2022-3872.json b/2022/3xxx/CVE-2022-3872.json index 32f18808b5d3..0dbc5db5fcfb 100644 --- a/2022/3xxx/CVE-2022-3872.json +++ b/2022/3xxx/CVE-2022-3872.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0005/" } ] }, diff --git a/2022/3xxx/CVE-2022-3970.json b/2022/3xxx/CVE-2022-3970.json index c67d1b6133aa..8f36a3d74dab 100644 --- a/2022/3xxx/CVE-2022-3970.json +++ b/2022/3xxx/CVE-2022-3970.json @@ -81,6 +81,11 @@ "url": "https://vuldb.com/?id.213549", "refsource": "MISC", "name": "https://vuldb.com/?id.213549" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0009/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0009/" } ] } diff --git a/2022/43xxx/CVE-2022-43945.json b/2022/43xxx/CVE-2022-43945.json index 5549ca0b1e42..9653ca420b02 100644 --- a/2022/43xxx/CVE-2022-43945.json +++ b/2022/43xxx/CVE-2022-43945.json @@ -48,6 +48,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0006/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0006/" } ] }, diff --git a/2022/44xxx/CVE-2022-44588.json b/2022/44xxx/CVE-2022-44588.json index f9794c2b4262..bda206c8a3f3 100644 --- a/2022/44xxx/CVE-2022-44588.json +++ b/2022/44xxx/CVE-2022-44588.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Blocksera", + "product": { + "product_data": [ + { + "product_name": "Cryptocurrency Widgets Pack", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/cryptocurrency-widgets-pack/wordpress-cryptocurrency-widgets-pack-plugin-1-8-1-sql-injection-sqli-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cryptocurrency-widgets-pack/wordpress-cryptocurrency-widgets-pack-plugin-1-8-1-sql-injection-sqli-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Tomasz Staszyszyn (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/47xxx/CVE-2022-47452.json b/2022/47xxx/CVE-2022-47452.json new file mode 100644 index 000000000000..eca1bca4e17d --- /dev/null +++ b/2022/47xxx/CVE-2022-47452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47457.json b/2022/47xxx/CVE-2022-47457.json new file mode 100644 index 000000000000..4257b400034f --- /dev/null +++ b/2022/47xxx/CVE-2022-47457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47458.json b/2022/47xxx/CVE-2022-47458.json new file mode 100644 index 000000000000..21e1ad297872 --- /dev/null +++ b/2022/47xxx/CVE-2022-47458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47459.json b/2022/47xxx/CVE-2022-47459.json new file mode 100644 index 000000000000..48ccd6d9efe7 --- /dev/null +++ b/2022/47xxx/CVE-2022-47459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47461.json b/2022/47xxx/CVE-2022-47461.json new file mode 100644 index 000000000000..f7f960e0518d --- /dev/null +++ b/2022/47xxx/CVE-2022-47461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47463.json b/2022/47xxx/CVE-2022-47463.json new file mode 100644 index 000000000000..b1730c50c732 --- /dev/null +++ b/2022/47xxx/CVE-2022-47463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47470.json b/2022/47xxx/CVE-2022-47470.json new file mode 100644 index 000000000000..20a986eba9c5 --- /dev/null +++ b/2022/47xxx/CVE-2022-47470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47470", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47472.json b/2022/47xxx/CVE-2022-47472.json new file mode 100644 index 000000000000..5f4496149027 --- /dev/null +++ b/2022/47xxx/CVE-2022-47472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47473.json b/2022/47xxx/CVE-2022-47473.json new file mode 100644 index 000000000000..2247479bcaf8 --- /dev/null +++ b/2022/47xxx/CVE-2022-47473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47474.json b/2022/47xxx/CVE-2022-47474.json new file mode 100644 index 000000000000..9a9883641be4 --- /dev/null +++ b/2022/47xxx/CVE-2022-47474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47475.json b/2022/47xxx/CVE-2022-47475.json new file mode 100644 index 000000000000..186209ff05d6 --- /dev/null +++ b/2022/47xxx/CVE-2022-47475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47476.json b/2022/47xxx/CVE-2022-47476.json new file mode 100644 index 000000000000..3691076f3d13 --- /dev/null +++ b/2022/47xxx/CVE-2022-47476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47478.json b/2022/47xxx/CVE-2022-47478.json new file mode 100644 index 000000000000..41429d8f6ad6 --- /dev/null +++ b/2022/47xxx/CVE-2022-47478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47482.json b/2022/47xxx/CVE-2022-47482.json new file mode 100644 index 000000000000..5173588ae5f1 --- /dev/null +++ b/2022/47xxx/CVE-2022-47482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47492.json b/2022/47xxx/CVE-2022-47492.json new file mode 100644 index 000000000000..964709b65149 --- /dev/null +++ b/2022/47xxx/CVE-2022-47492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47494.json b/2022/47xxx/CVE-2022-47494.json new file mode 100644 index 000000000000..aaa64a0de1c5 --- /dev/null +++ b/2022/47xxx/CVE-2022-47494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47496.json b/2022/47xxx/CVE-2022-47496.json new file mode 100644 index 000000000000..37d9f4a395e7 --- /dev/null +++ b/2022/47xxx/CVE-2022-47496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47497.json b/2022/47xxx/CVE-2022-47497.json new file mode 100644 index 000000000000..883425ba4353 --- /dev/null +++ b/2022/47xxx/CVE-2022-47497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47498.json b/2022/47xxx/CVE-2022-47498.json new file mode 100644 index 000000000000..0b4e20399915 --- /dev/null +++ b/2022/47xxx/CVE-2022-47498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47500.json b/2022/47xxx/CVE-2022-47500.json new file mode 100644 index 000000000000..ea0b43bee2e8 --- /dev/null +++ b/2022/47xxx/CVE-2022-47500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47501.json b/2022/47xxx/CVE-2022-47501.json new file mode 100644 index 000000000000..dc1d9e86dbb7 --- /dev/null +++ b/2022/47xxx/CVE-2022-47501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47503.json b/2022/47xxx/CVE-2022-47503.json new file mode 100644 index 000000000000..8675dd414f46 --- /dev/null +++ b/2022/47xxx/CVE-2022-47503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47504.json b/2022/47xxx/CVE-2022-47504.json new file mode 100644 index 000000000000..dca1a81fdb2f --- /dev/null +++ b/2022/47xxx/CVE-2022-47504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47505.json b/2022/47xxx/CVE-2022-47505.json new file mode 100644 index 000000000000..36b418d5dc28 --- /dev/null +++ b/2022/47xxx/CVE-2022-47505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47506.json b/2022/47xxx/CVE-2022-47506.json new file mode 100644 index 000000000000..80f01bd1acdd --- /dev/null +++ b/2022/47xxx/CVE-2022-47506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47507.json b/2022/47xxx/CVE-2022-47507.json new file mode 100644 index 000000000000..ed3854134c96 --- /dev/null +++ b/2022/47xxx/CVE-2022-47507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47508.json b/2022/47xxx/CVE-2022-47508.json new file mode 100644 index 000000000000..26077851fc7e --- /dev/null +++ b/2022/47xxx/CVE-2022-47508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47509.json b/2022/47xxx/CVE-2022-47509.json new file mode 100644 index 000000000000..118df2e3b02b --- /dev/null +++ b/2022/47xxx/CVE-2022-47509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47510.json b/2022/47xxx/CVE-2022-47510.json new file mode 100644 index 000000000000..fe68b028cde9 --- /dev/null +++ b/2022/47xxx/CVE-2022-47510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47511.json b/2022/47xxx/CVE-2022-47511.json new file mode 100644 index 000000000000..4fc80b90bf26 --- /dev/null +++ b/2022/47xxx/CVE-2022-47511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47512.json b/2022/47xxx/CVE-2022-47512.json new file mode 100644 index 000000000000..bff8e50b9dc9 --- /dev/null +++ b/2022/47xxx/CVE-2022-47512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4511.json b/2022/4xxx/CVE-2022-4511.json new file mode 100644 index 000000000000..e3f32b9830e5 --- /dev/null +++ b/2022/4xxx/CVE-2022-4511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4512.json b/2022/4xxx/CVE-2022-4512.json new file mode 100644 index 000000000000..dd65e4971279 --- /dev/null +++ b/2022/4xxx/CVE-2022-4512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4513.json b/2022/4xxx/CVE-2022-4513.json new file mode 100644 index 000000000000..74aeeea962ae --- /dev/null +++ b/2022/4xxx/CVE-2022-4513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4514.json b/2022/4xxx/CVE-2022-4514.json new file mode 100644 index 000000000000..b801bee5523e --- /dev/null +++ b/2022/4xxx/CVE-2022-4514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4515.json b/2022/4xxx/CVE-2022-4515.json new file mode 100644 index 000000000000..0f2374aa151a --- /dev/null +++ b/2022/4xxx/CVE-2022-4515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4516.json b/2022/4xxx/CVE-2022-4516.json new file mode 100644 index 000000000000..58dcae6d2284 --- /dev/null +++ b/2022/4xxx/CVE-2022-4516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4517.json b/2022/4xxx/CVE-2022-4517.json new file mode 100644 index 000000000000..8bdad1308419 --- /dev/null +++ b/2022/4xxx/CVE-2022-4517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 06600afaa1b14c39d22a5eb4ce0d500c1929babe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 19:00:39 +0000 Subject: [PATCH 023/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4506.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2022/4xxx/CVE-2022-4506.json b/2022/4xxx/CVE-2022-4506.json index 0ee739759e77..21b38dc2a6b6 100644 --- a/2022/4xxx/CVE-2022-4506.json +++ b/2022/4xxx/CVE-2022-4506.json @@ -79,6 +79,11 @@ "name": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f", "refsource": "MISC", "url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f" + }, + { + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2022-4506", + "url": "https://www.cve.org/CVERecord?id=CVE-2022-4506" } ] }, From 15a5b11cf2a3d1f5f363d8f35ceafc9f513e12c0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 19:00:51 +0000 Subject: [PATCH 024/754] "-Synchronized-Data." --- 2020/21xxx/CVE-2020-21219.json | 5 +++++ 2022/4xxx/CVE-2022-4506.json | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/2020/21xxx/CVE-2020-21219.json b/2020/21xxx/CVE-2020-21219.json index 11a36a5f4556..31c461c43009 100644 --- a/2020/21xxx/CVE-2020-21219.json +++ b/2020/21xxx/CVE-2020-21219.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "url": "https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8", + "refsource": "MISC", + "name": "https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8" + }, { "refsource": "MISC", "name": "https://redmine.pfsense.org/issues/9888", diff --git a/2022/4xxx/CVE-2022-4506.json b/2022/4xxx/CVE-2022-4506.json index 21b38dc2a6b6..0ee739759e77 100644 --- a/2022/4xxx/CVE-2022-4506.json +++ b/2022/4xxx/CVE-2022-4506.json @@ -79,11 +79,6 @@ "name": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f", "refsource": "MISC", "url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f" - }, - { - "refsource": "MISC", - "name": "https://www.cve.org/CVERecord?id=CVE-2022-4506", - "url": "https://www.cve.org/CVERecord?id=CVE-2022-4506" } ] }, From 3f009ec11a5cad516253a5e794f722b272a6b85a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 19:01:02 +0000 Subject: [PATCH 025/754] "-Synchronized-Data." --- 2022/38xxx/CVE-2022-38469.json | 18 ++++++++++++++++++ 2022/43xxx/CVE-2022-43494.json | 18 ++++++++++++++++++ 2022/46xxx/CVE-2022-46331.json | 18 ++++++++++++++++++ 2022/46xxx/CVE-2022-46660.json | 18 ++++++++++++++++++ 2022/46xxx/CVE-2022-46732.json | 18 ++++++++++++++++++ 5 files changed, 90 insertions(+) create mode 100644 2022/38xxx/CVE-2022-38469.json create mode 100644 2022/43xxx/CVE-2022-43494.json create mode 100644 2022/46xxx/CVE-2022-46331.json create mode 100644 2022/46xxx/CVE-2022-46660.json create mode 100644 2022/46xxx/CVE-2022-46732.json diff --git a/2022/38xxx/CVE-2022-38469.json b/2022/38xxx/CVE-2022-38469.json new file mode 100644 index 000000000000..2ece507e12be --- /dev/null +++ b/2022/38xxx/CVE-2022-38469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-38469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43494.json b/2022/43xxx/CVE-2022-43494.json new file mode 100644 index 000000000000..56bdc878df6c --- /dev/null +++ b/2022/43xxx/CVE-2022-43494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-43494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46331.json b/2022/46xxx/CVE-2022-46331.json new file mode 100644 index 000000000000..c674a0f99e6a --- /dev/null +++ b/2022/46xxx/CVE-2022-46331.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46331", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46660.json b/2022/46xxx/CVE-2022-46660.json new file mode 100644 index 000000000000..d90029550959 --- /dev/null +++ b/2022/46xxx/CVE-2022-46660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/46xxx/CVE-2022-46732.json b/2022/46xxx/CVE-2022-46732.json new file mode 100644 index 000000000000..0f00adf75038 --- /dev/null +++ b/2022/46xxx/CVE-2022-46732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-46732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 6910077e91ed573e7b064c70a757f5ad7b6c1d03 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Thu, 15 Dec 2022 20:55:14 +0100 Subject: [PATCH 026/754] CVE-2022-451X --- 2022/4xxx/CVE-2022-4511.json | 61 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4513.json | 64 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4514.json | 64 ++++++++++++++++++++++++++++++++++-- 3 files changed, 180 insertions(+), 9 deletions(-) diff --git a/2022/4xxx/CVE-2022-4511.json b/2022/4xxx/CVE-2022-4511.json index e3f32b9830e5..d9fa0e488c8b 100644 --- a/2022/4xxx/CVE-2022-4511.json +++ b/2022/4xxx/CVE-2022-4511.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "RainyGao DocSys path traversal", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RainyGao", + "product": { + "product_data": [ + { + "product_name": "DocSys", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal -> CWE-23 Relative Path Traversal -> CWE-24 Path Traversal: '..\/filedir'" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '..\/filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/gitee.com\/RainyGao\/DocSys\/issues\/I66A3V" + }, + { + "url": "https:\/\/vuldb.com\/?id.215851" } ] } diff --git a/2022/4xxx/CVE-2022-4513.json b/2022/4xxx/CVE-2022-4513.json index 74aeeea962ae..5f8a04dcb64a 100644 --- a/2022/4xxx/CVE-2022-4513.json +++ b/2022/4xxx/CVE-2022-4513.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "European Environment Agency eionet.contreg cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "European Environment Agency", + "product": { + "product_data": [ + { + "product_name": "eionet.contreg", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag\/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/eea\/eionet.contreg\/commit\/a120c2153e263e62c4db34a06ab96a9f1c6bccb6" + }, + { + "url": "https:\/\/github.com\/eea\/eionet.contreg\/releases\/tag\/2022-06-27T0948" + }, + { + "url": "https:\/\/vuldb.com\/?id.215885" } ] } diff --git a/2022/4xxx/CVE-2022-4514.json b/2022/4xxx/CVE-2022-4514.json index b801bee5523e..aec3495b8c4f 100644 --- a/2022/4xxx/CVE-2022-4514.json +++ b/2022/4xxx/CVE-2022-4514.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Opencaching Deutschland oc-server3 varset.inc.php cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Opencaching Deutschland", + "product": { + "product_data": [ + { + "product_name": "oc-server3", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs\/lang\/de\/ocstyle\/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/902" + }, + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f" + }, + { + "url": "https:\/\/vuldb.com\/?id.215886" } ] } From 41753e74a59fb4d66b111c8640db009de7f012b5 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Thu, 15 Dec 2022 20:55:34 +0100 Subject: [PATCH 027/754] CVE-2021-4245 --- 2021/4xxx/CVE-2021-4245.json | 64 ++++++++++++++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/2021/4xxx/CVE-2021-4245.json b/2021/4xxx/CVE-2021-4245.json index b9a552c0be5f..810fea83ff13 100644 --- a/2021/4xxx/CVE-2021-4245.json +++ b/2021/4xxx/CVE-2021-4245.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4245", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "chbrown rfc6902 pointer.ts prototype pollution", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "chbrown", + "product": { + "product_data": [ + { + "product_name": "rfc6902", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection -> CWE-94 Code Injection -> CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/chbrown\/rfc6902\/pull\/76" + }, + { + "url": "https:\/\/github.com\/chbrown\/rfc6902\/commit\/c006ce9faa43d31edb34924f1df7b79c137096cf" + }, + { + "url": "https:\/\/vuldb.com\/?id.215883" } ] } From 110ba5c225ebd993e5e0bf0b371c0f5c1ba6e6cd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 20:00:38 +0000 Subject: [PATCH 028/754] "-Synchronized-Data." --- 2020/21xxx/CVE-2020-21599.json | 5 ++ 2021/35xxx/CVE-2021-35452.json | 5 ++ 2021/36xxx/CVE-2021-36408.json | 5 ++ 2021/36xxx/CVE-2021-36409.json | 5 ++ 2021/36xxx/CVE-2021-36410.json | 5 ++ 2021/36xxx/CVE-2021-36411.json | 5 ++ 2022/4xxx/CVE-2022-4518.json | 18 ++++++++ 2022/4xxx/CVE-2022-4519.json | 84 ++++++++++++++++++++++++++++++++++ 8 files changed, 132 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4518.json create mode 100644 2022/4xxx/CVE-2022-4519.json diff --git a/2020/21xxx/CVE-2020-21599.json b/2020/21xxx/CVE-2020-21599.json index 4ad1b22b0d0d..ce369a5a7f47 100644 --- a/2020/21xxx/CVE-2020-21599.json +++ b/2020/21xxx/CVE-2020-21599.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/235", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/235" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/35xxx/CVE-2021-35452.json b/2021/35xxx/CVE-2021-35452.json index 943ef7a19bce..c8d88f2b0e64 100644 --- a/2021/35xxx/CVE-2021-35452.json +++ b/2021/35xxx/CVE-2021-35452.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/298", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/298" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36408.json b/2021/36xxx/CVE-2021-36408.json index c1ee7a8f786e..8289bbc45311 100644 --- a/2021/36xxx/CVE-2021-36408.json +++ b/2021/36xxx/CVE-2021-36408.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/299", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/299" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36409.json b/2021/36xxx/CVE-2021-36409.json index 9c94e1ec298c..2c0ef4e690d3 100644 --- a/2021/36xxx/CVE-2021-36409.json +++ b/2021/36xxx/CVE-2021-36409.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/300", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/300" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36410.json b/2021/36xxx/CVE-2021-36410.json index fbca45557883..cad2a0e8af11 100644 --- a/2021/36xxx/CVE-2021-36410.json +++ b/2021/36xxx/CVE-2021-36410.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/301", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/301" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36411.json b/2021/36xxx/CVE-2021-36411.json index b26a33045a3b..d9bb38ea1a75 100644 --- a/2021/36xxx/CVE-2021-36411.json +++ b/2021/36xxx/CVE-2021-36411.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/302", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/302" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2022/4xxx/CVE-2022-4518.json b/2022/4xxx/CVE-2022-4518.json new file mode 100644 index 000000000000..ff91c16c1291 --- /dev/null +++ b/2022/4xxx/CVE-2022-4518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4519.json b/2022/4xxx/CVE-2022-4519.json new file mode 100644 index 000000000000..6dedc3a0dbd8 --- /dev/null +++ b/2022/4xxx/CVE-2022-4519.json @@ -0,0 +1,84 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-4519", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "walkeprashant", + "product": { + "product_data": [ + { + "product_name": "WP User \u2013 Custom Registration Forms, Login and User Profile", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ee21796-5340-4f84-b1c4-a95137a27223", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ee21796-5340-4f84-b1c4-a95137a27223" + }, + { + "url": "https://wordpress.org/plugins/wp-user/#description", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-user/#description" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file From 05a35b52c02dc67b7869dc35f4007d000c5428a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 21:00:35 +0000 Subject: [PATCH 029/754] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21707.json | 5 +++++ 2021/4xxx/CVE-2021-4245.json | 16 +++++++++++----- 2022/31xxx/CVE-2022-31625.json | 5 +++++ 2022/31xxx/CVE-2022-31626.json | 5 +++++ 2022/31xxx/CVE-2022-31628.json | 5 +++++ 2022/31xxx/CVE-2022-31629.json | 5 +++++ 2022/4xxx/CVE-2022-4511.json | 16 ++++++++++------ 2022/4xxx/CVE-2022-4513.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4514.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4520.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4521.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4522.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4523.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4524.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4525.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4526.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4527.json | 18 ++++++++++++++++++ 17 files changed, 214 insertions(+), 23 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4520.json create mode 100644 2022/4xxx/CVE-2022-4521.json create mode 100644 2022/4xxx/CVE-2022-4522.json create mode 100644 2022/4xxx/CVE-2022-4523.json create mode 100644 2022/4xxx/CVE-2022-4524.json create mode 100644 2022/4xxx/CVE-2022-4525.json create mode 100644 2022/4xxx/CVE-2022-4526.json create mode 100644 2022/4xxx/CVE-2022-4527.json diff --git a/2021/21xxx/CVE-2021-21707.json b/2021/21xxx/CVE-2021-21707.json index d041a32a8158..a64ccd7b247c 100644 --- a/2021/21xxx/CVE-2021-21707.json +++ b/2021/21xxx/CVE-2021-21707.json @@ -110,6 +110,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2022-09", "url": "https://www.tenable.com/security/tns-2022-09" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" } ] }, diff --git a/2021/4xxx/CVE-2021-4245.json b/2021/4xxx/CVE-2021-4245.json index 810fea83ff13..942d977eee19 100644 --- a/2021/4xxx/CVE-2021-4245.json +++ b/2021/4xxx/CVE-2021-4245.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "5.5", - "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/chbrown\/rfc6902\/pull\/76" + "url": "https://github.com/chbrown/rfc6902/pull/76", + "refsource": "MISC", + "name": "https://github.com/chbrown/rfc6902/pull/76" }, { - "url": "https:\/\/github.com\/chbrown\/rfc6902\/commit\/c006ce9faa43d31edb34924f1df7b79c137096cf" + "url": "https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096cf", + "refsource": "MISC", + "name": "https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096cf" }, { - "url": "https:\/\/vuldb.com\/?id.215883" + "url": "https://vuldb.com/?id.215883", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215883" } ] } diff --git a/2022/31xxx/CVE-2022-31625.json b/2022/31xxx/CVE-2022-31625.json index e93a843495d9..e3ecc189a077 100644 --- a/2022/31xxx/CVE-2022-31625.json +++ b/2022/31xxx/CVE-2022-31625.json @@ -134,6 +134,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-20", "url": "https://security.gentoo.org/glsa/202209-20" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" } ] }, diff --git a/2022/31xxx/CVE-2022-31626.json b/2022/31xxx/CVE-2022-31626.json index 1365e2d85127..e3ea70dc3549 100644 --- a/2022/31xxx/CVE-2022-31626.json +++ b/2022/31xxx/CVE-2022-31626.json @@ -126,6 +126,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-20", "url": "https://security.gentoo.org/glsa/202209-20" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" } ] }, diff --git a/2022/31xxx/CVE-2022-31628.json b/2022/31xxx/CVE-2022-31628.json index 8df495ff5ea3..9e169dc9a563 100644 --- a/2022/31xxx/CVE-2022-31628.json +++ b/2022/31xxx/CVE-2022-31628.json @@ -125,6 +125,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221209-0001/", "url": "https://security.netapp.com/advisory/ntap-20221209-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" } ] }, diff --git a/2022/31xxx/CVE-2022-31629.json b/2022/31xxx/CVE-2022-31629.json index 932662bb29a9..f32f2a8cc958 100644 --- a/2022/31xxx/CVE-2022-31629.json +++ b/2022/31xxx/CVE-2022-31629.json @@ -109,6 +109,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221209-0001/", "url": "https://security.netapp.com/advisory/ntap-20221209-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" } ] }, diff --git a/2022/4xxx/CVE-2022-4511.json b/2022/4xxx/CVE-2022-4511.json index d9fa0e488c8b..7fa9ef3f20f0 100644 --- a/2022/4xxx/CVE-2022-4511.json +++ b/2022/4xxx/CVE-2022-4511.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -39,7 +39,7 @@ "description": [ { "lang": "eng", - "value": "CWE-22 Path Traversal -> CWE-23 Relative Path Traversal -> CWE-24 Path Traversal: '..\/filedir'" + "value": "CWE-22 Path Traversal -> CWE-23 Relative Path Traversal -> CWE-24 Path Traversal: '../filedir'" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '..\/filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851." + "value": "A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "5.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/gitee.com\/RainyGao\/DocSys\/issues\/I66A3V" + "url": "https://gitee.com/RainyGao/DocSys/issues/I66A3V", + "refsource": "MISC", + "name": "https://gitee.com/RainyGao/DocSys/issues/I66A3V" }, { - "url": "https:\/\/vuldb.com\/?id.215851" + "url": "https://vuldb.com/?id.215851", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215851" } ] } diff --git a/2022/4xxx/CVE-2022-4513.json b/2022/4xxx/CVE-2022-4513.json index 5f8a04dcb64a..4102a517774c 100644 --- a/2022/4xxx/CVE-2022-4513.json +++ b/2022/4xxx/CVE-2022-4513.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag\/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability." + "value": "A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/eea\/eionet.contreg\/commit\/a120c2153e263e62c4db34a06ab96a9f1c6bccb6" + "url": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6", + "refsource": "MISC", + "name": "https://github.com/eea/eionet.contreg/commit/a120c2153e263e62c4db34a06ab96a9f1c6bccb6" }, { - "url": "https:\/\/github.com\/eea\/eionet.contreg\/releases\/tag\/2022-06-27T0948" + "url": "https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948", + "refsource": "MISC", + "name": "https://github.com/eea/eionet.contreg/releases/tag/2022-06-27T0948" }, { - "url": "https:\/\/vuldb.com\/?id.215885" + "url": "https://vuldb.com/?id.215885", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215885" } ] } diff --git a/2022/4xxx/CVE-2022-4514.json b/2022/4xxx/CVE-2022-4514.json index aec3495b8c4f..98cc800b12eb 100644 --- a/2022/4xxx/CVE-2022-4514.json +++ b/2022/4xxx/CVE-2022-4514.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs\/lang\/de\/ocstyle\/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability." + "value": "A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/902" + "url": "https://github.com/OpencachingDeutschland/oc-server3/pull/902", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/pull/902" }, { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f" + "url": "https://github.com/OpencachingDeutschland/oc-server3/commit/4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/commit/4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f" }, { - "url": "https:\/\/vuldb.com\/?id.215886" + "url": "https://vuldb.com/?id.215886", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215886" } ] } diff --git a/2022/4xxx/CVE-2022-4520.json b/2022/4xxx/CVE-2022-4520.json new file mode 100644 index 000000000000..4c8f1912e3a4 --- /dev/null +++ b/2022/4xxx/CVE-2022-4520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4521.json b/2022/4xxx/CVE-2022-4521.json new file mode 100644 index 000000000000..6ba6d2a2096d --- /dev/null +++ b/2022/4xxx/CVE-2022-4521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4522.json b/2022/4xxx/CVE-2022-4522.json new file mode 100644 index 000000000000..72fe669460ec --- /dev/null +++ b/2022/4xxx/CVE-2022-4522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4523.json b/2022/4xxx/CVE-2022-4523.json new file mode 100644 index 000000000000..7e34ad0dbb09 --- /dev/null +++ b/2022/4xxx/CVE-2022-4523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4523", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4524.json b/2022/4xxx/CVE-2022-4524.json new file mode 100644 index 000000000000..24ea4def8665 --- /dev/null +++ b/2022/4xxx/CVE-2022-4524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4525.json b/2022/4xxx/CVE-2022-4525.json new file mode 100644 index 000000000000..34dcc9b3eac9 --- /dev/null +++ b/2022/4xxx/CVE-2022-4525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4526.json b/2022/4xxx/CVE-2022-4526.json new file mode 100644 index 000000000000..a10d2b040107 --- /dev/null +++ b/2022/4xxx/CVE-2022-4526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4527.json b/2022/4xxx/CVE-2022-4527.json new file mode 100644 index 000000000000..646210c37796 --- /dev/null +++ b/2022/4xxx/CVE-2022-4527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 4882e3fa5025f72686689cf4d787221bc24b8fe7 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Thu, 15 Dec 2022 22:01:57 +0100 Subject: [PATCH 030/754] CVE-2022-4520 - CVE-2022-4527 --- 2022/4xxx/CVE-2022-4520.json | 100 +++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4521.json | 88 ++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4522.json | 67 +++++++++++++++++++++-- 2022/4xxx/CVE-2022-4523.json | 64 ++++++++++++++++++++-- 2022/4xxx/CVE-2022-4524.json | 70 ++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4525.json | 70 ++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4526.json | 67 +++++++++++++++++++++-- 2022/4xxx/CVE-2022-4527.json | 91 +++++++++++++++++++++++++++++-- 8 files changed, 593 insertions(+), 24 deletions(-) diff --git a/2022/4xxx/CVE-2022-4520.json b/2022/4xxx/CVE-2022-4520.json index 4c8f1912e3a4..467bbb3f6898 100644 --- a/2022/4xxx/CVE-2022-4520.json +++ b/2022/4xxx/CVE-2022-4520.json @@ -4,14 +4,108 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WSO2", + "product": { + "product_data": [ + { + "product_name": "carbon-registry", + "version": { + "version_data": [ + { + "version_value": "4.8.0" + }, + { + "version_value": "4.8.1" + }, + { + "version_value": "4.8.2" + }, + { + "version_value": "4.8.3" + }, + { + "version_value": "4.8.4" + }, + { + "version_value": "4.8.5" + }, + { + "version_value": "4.8.6" + }, + { + "version_value": "4.8.7" + }, + { + "version_value": "4.8.8" + }, + { + "version_value": "4.8.9" + }, + { + "version_value": "4.8.10" + }, + { + "version_value": "4.8.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components\/registry\/org.wso2.carbon.registry.search.ui\/src\/main\/resources\/web\/search\/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType\/rightOp\/leftOp\/rightPropertyValue\/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/wso2\/carbon-registry\/pull\/404" + }, + { + "url": "https:\/\/github.com\/wso2\/carbon-registry\/releases\/tag\/v4.8.12" + }, + { + "url": "https:\/\/github.com\/wso2\/carbon-registry\/commit\/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4" + }, + { + "url": "https:\/\/vuldb.com\/?id.215900" } ] } diff --git a/2022/4xxx/CVE-2022-4521.json b/2022/4xxx/CVE-2022-4521.json index 6ba6d2a2096d..77df00cc3bd8 100644 --- a/2022/4xxx/CVE-2022-4521.json +++ b/2022/4xxx/CVE-2022-4521.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "WSO2 carbon-registry Request Parameter cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WSO2", + "product": { + "product_data": [ + { + "product_name": "carbon-registry", + "version": { + "version_data": [ + { + "version_value": "4.8.0" + }, + { + "version_value": "4.8.1" + }, + { + "version_value": "4.8.2" + }, + { + "version_value": "4.8.3" + }, + { + "version_value": "4.8.4" + }, + { + "version_value": "4.8.5" + }, + { + "version_value": "4.8.6" + }, + { + "version_value": "4.8.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.7. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath\/path\/username\/path\/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/wso2\/carbon-registry\/pull\/399" + }, + { + "url": "https:\/\/github.com\/wso2\/carbon-registry\/releases\/tag\/v4.8.12" + }, + { + "url": "https:\/\/github.com\/wso2\/carbon-registry\/commit\/9f967abfde9317bee2cda469dbc09b57d539f2cc" + }, + { + "url": "https:\/\/vuldb.com\/?id.215901" } ] } diff --git a/2022/4xxx/CVE-2022-4522.json b/2022/4xxx/CVE-2022-4522.json index 72fe669460ec..44dc943a5474 100644 --- a/2022/4xxx/CVE-2022-4522.json +++ b/2022/4xxx/CVE-2022-4522.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "CalendarXP cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "CalendarXP", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + }, + { + "version_value": "10.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in CalendarXP up to 10.0.1. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 10.0.2 is able to address this issue. The name of the patch is e3715b2228ddefe00113296069969f9e184836da. It is recommended to upgrade the affected component. VDB-215902 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/victorwon\/calendarxp\/commit\/e3715b2228ddefe00113296069969f9e184836da" + }, + { + "url": "https:\/\/github.com\/victorwon\/calendarxp\/releases\/tag\/10.0.2" + }, + { + "url": "https:\/\/vuldb.com\/?id.215902" } ] } diff --git a/2022/4xxx/CVE-2022-4523.json b/2022/4xxx/CVE-2022-4523.json index 7e34ad0dbb09..08807bde819a 100644 --- a/2022/4xxx/CVE-2022-4523.json +++ b/2022/4xxx/CVE-2022-4523.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "vexim2 cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "vexim2", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in vexim2. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 21c0a60d12e9d587f905cd084b2c70f9b1592065. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215903." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/vexim\/vexim2\/pull\/274" + }, + { + "url": "https:\/\/github.com\/vexim\/vexim2\/commit\/21c0a60d12e9d587f905cd084b2c70f9b1592065" + }, + { + "url": "https:\/\/vuldb.com\/?id.215903" } ] } diff --git a/2022/4xxx/CVE-2022-4524.json b/2022/4xxx/CVE-2022-4524.json index 24ea4def8665..a4ebaec6d217 100644 --- a/2022/4xxx/CVE-2022-4524.json +++ b/2022/4xxx/CVE-2022-4524.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Roots soil Plugin CleanUpModule.php language_attributes cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Roots", + "product": { + "product_data": [ + { + "product_name": "soil Plugin", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src\/Modules\/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/roots\/soil\/pull\/285" + }, + { + "url": "https:\/\/github.com\/roots\/soil\/releases\/tag\/4.1.1" + }, + { + "url": "https:\/\/github.com\/roots\/soil\/commit\/0c9151e00ab047da253e5cdbfccb204dd423269d" + }, + { + "url": "https:\/\/vuldb.com\/?id.215904" } ] } diff --git a/2022/4xxx/CVE-2022-4525.json b/2022/4xxx/CVE-2022-4525.json index 34dcc9b3eac9..c740e1405763 100644 --- a/2022/4xxx/CVE-2022-4525.json +++ b/2022/4xxx/CVE-2022-4525.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "National Sleep Research Resource sleepdata.org cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "National Sleep Research Resource", + "product": { + "product_data": [ + { + "product_name": "sleepdata.org", + "version": { + "version_data": [ + { + "version_value": "59.0.0.ra" + }, + { + "version_value": "59.0.0.rb" + }, + { + "version_value": "59.0.0.rc" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 59.0.0.rc and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0 is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/nsrr\/sleepdata.org\/commit\/da44a3893b407087829b006d09339780919714cd" + }, + { + "url": "https:\/\/github.com\/nsrr\/sleepdata.org\/releases\/tag\/v59.0.0" + }, + { + "url": "https:\/\/vuldb.com\/?id.215905" } ] } diff --git a/2022/4xxx/CVE-2022-4526.json b/2022/4xxx/CVE-2022-4526.json index a10d2b040107..86dbac1bb9b5 100644 --- a/2022/4xxx/CVE-2022-4526.json +++ b/2022/4xxx/CVE-2022-4526.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "django-photologue Default Template photo_detail.html cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "django-photologue", + "version": { + "version_data": [ + { + "version_value": "3.15.0" + }, + { + "version_value": "3.15.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue\/templates\/photologue\/photo_detail.html of the component Default Template Handler. The manipulation of the argument object.caption leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.16 is able to address this issue. The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7. It is recommended to apply a patch to fix this issue. VDB-215906 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/richardbarran\/django-photologue\/issues\/223" + }, + { + "url": "https:\/\/github.com\/richardbarran\/django-photologue\/commit\/960cb060ce5e2964e6d716ff787c72fc18a371e7" + }, + { + "url": "https:\/\/vuldb.com\/?id.215906" } ] } diff --git a/2022/4xxx/CVE-2022-4527.json b/2022/4xxx/CVE-2022-4527.json index 646210c37796..cd25ee9d41a3 100644 --- a/2022/4xxx/CVE-2022-4527.json +++ b/2022/4xxx/CVE-2022-4527.json @@ -4,14 +4,99 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "collective.task table.py AssignedGroupColumn cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "collective.task", + "version": { + "version_data": [ + { + "version_value": "3.0.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "3.0.2" + }, + { + "version_value": "3.0.3" + }, + { + "version_value": "3.0.4" + }, + { + "version_value": "3.0.5" + }, + { + "version_value": "3.0.6" + }, + { + "version_value": "3.0.7" + }, + { + "version_value": "3.0.8" + }, + { + "version_value": "3.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell\/AssignedGroupColumn of the file src\/collective\/task\/browser\/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/collective\/collective.task\/commit\/1aac7f83fa2c2b41d59ba02748912953461f3fac" + }, + { + "url": "https:\/\/github.com\/collective\/collective.task\/releases\/tag\/3.0.10" + }, + { + "url": "https:\/\/vuldb.com\/?id.215907" } ] } From 72ce4c38836c7c03c152fdfcfb07537216749239 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 22:00:42 +0000 Subject: [PATCH 031/754] "-Synchronized-Data." --- 2022/46xxx/CVE-2022-46631.json | 56 ++++++++++++++++++++++++++++++---- 2022/46xxx/CVE-2022-46634.json | 56 ++++++++++++++++++++++++++++++---- 2022/4xxx/CVE-2022-4520.json | 20 ++++++++---- 2022/4xxx/CVE-2022-4521.json | 20 ++++++++---- 2022/4xxx/CVE-2022-4522.json | 14 ++++++--- 2022/4xxx/CVE-2022-4523.json | 16 +++++++--- 2022/4xxx/CVE-2022-4524.json | 20 ++++++++---- 2022/4xxx/CVE-2022-4525.json | 14 ++++++--- 2022/4xxx/CVE-2022-4526.json | 16 +++++++--- 2022/4xxx/CVE-2022-4527.json | 16 +++++++--- 10 files changed, 195 insertions(+), 53 deletions(-) diff --git a/2022/46xxx/CVE-2022-46631.json b/2022/46xxx/CVE-2022-46631.json index 3824003eb816..3c1c4a31b205 100644 --- a/2022/46xxx/CVE-2022-46631.json +++ b/2022/46xxx/CVE-2022-46631.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6", + "refsource": "MISC", + "name": "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/6" } ] } diff --git a/2022/46xxx/CVE-2022-46634.json b/2022/46xxx/CVE-2022-46634.json index 452bc86b7c7b..6deacc02fe99 100644 --- a/2022/46xxx/CVE-2022-46634.json +++ b/2022/46xxx/CVE-2022-46634.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46634", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46634", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7", + "refsource": "MISC", + "name": "https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/7" } ] } diff --git a/2022/4xxx/CVE-2022-4520.json b/2022/4xxx/CVE-2022-4520.json index 467bbb3f6898..fe365a64b069 100644 --- a/2022/4xxx/CVE-2022-4520.json +++ b/2022/4xxx/CVE-2022-4520.json @@ -82,7 +82,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components\/registry\/org.wso2.carbon.registry.search.ui\/src\/main\/resources\/web\/search\/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType\/rightOp\/leftOp\/rightPropertyValue\/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900." + "value": "A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900." } ] }, @@ -90,22 +90,30 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/wso2\/carbon-registry\/pull\/404" + "url": "https://github.com/wso2/carbon-registry/pull/404", + "refsource": "MISC", + "name": "https://github.com/wso2/carbon-registry/pull/404" }, { - "url": "https:\/\/github.com\/wso2\/carbon-registry\/releases\/tag\/v4.8.12" + "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12", + "refsource": "MISC", + "name": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12" }, { - "url": "https:\/\/github.com\/wso2\/carbon-registry\/commit\/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4" + "url": "https://github.com/wso2/carbon-registry/commit/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4", + "refsource": "MISC", + "name": "https://github.com/wso2/carbon-registry/commit/0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4" }, { - "url": "https:\/\/vuldb.com\/?id.215900" + "url": "https://vuldb.com/?id.215900", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215900" } ] } diff --git a/2022/4xxx/CVE-2022-4521.json b/2022/4xxx/CVE-2022-4521.json index 77df00cc3bd8..1dc304c68681 100644 --- a/2022/4xxx/CVE-2022-4521.json +++ b/2022/4xxx/CVE-2022-4521.json @@ -70,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.7. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath\/path\/username\/path\/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability." + "value": "A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.7. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability." } ] }, @@ -78,22 +78,30 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/wso2\/carbon-registry\/pull\/399" + "url": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12", + "refsource": "MISC", + "name": "https://github.com/wso2/carbon-registry/releases/tag/v4.8.12" }, { - "url": "https:\/\/github.com\/wso2\/carbon-registry\/releases\/tag\/v4.8.12" + "url": "https://github.com/wso2/carbon-registry/pull/399", + "refsource": "MISC", + "name": "https://github.com/wso2/carbon-registry/pull/399" }, { - "url": "https:\/\/github.com\/wso2\/carbon-registry\/commit\/9f967abfde9317bee2cda469dbc09b57d539f2cc" + "url": "https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc", + "refsource": "MISC", + "name": "https://github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc" }, { - "url": "https:\/\/vuldb.com\/?id.215901" + "url": "https://vuldb.com/?id.215901", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215901" } ] } diff --git a/2022/4xxx/CVE-2022-4522.json b/2022/4xxx/CVE-2022-4522.json index 44dc943a5474..3833cbff5fb6 100644 --- a/2022/4xxx/CVE-2022-4522.json +++ b/2022/4xxx/CVE-2022-4522.json @@ -60,19 +60,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/victorwon\/calendarxp\/commit\/e3715b2228ddefe00113296069969f9e184836da" + "url": "https://github.com/victorwon/calendarxp/commit/e3715b2228ddefe00113296069969f9e184836da", + "refsource": "MISC", + "name": "https://github.com/victorwon/calendarxp/commit/e3715b2228ddefe00113296069969f9e184836da" }, { - "url": "https:\/\/github.com\/victorwon\/calendarxp\/releases\/tag\/10.0.2" + "url": "https://github.com/victorwon/calendarxp/releases/tag/10.0.2", + "refsource": "MISC", + "name": "https://github.com/victorwon/calendarxp/releases/tag/10.0.2" }, { - "url": "https:\/\/vuldb.com\/?id.215902" + "url": "https://vuldb.com/?id.215902", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215902" } ] } diff --git a/2022/4xxx/CVE-2022-4523.json b/2022/4xxx/CVE-2022-4523.json index 08807bde819a..c8eb42506ee4 100644 --- a/2022/4xxx/CVE-2022-4523.json +++ b/2022/4xxx/CVE-2022-4523.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/vexim\/vexim2\/pull\/274" + "url": "https://github.com/vexim/vexim2/pull/274", + "refsource": "MISC", + "name": "https://github.com/vexim/vexim2/pull/274" }, { - "url": "https:\/\/github.com\/vexim\/vexim2\/commit\/21c0a60d12e9d587f905cd084b2c70f9b1592065" + "url": "https://github.com/vexim/vexim2/commit/21c0a60d12e9d587f905cd084b2c70f9b1592065", + "refsource": "MISC", + "name": "https://github.com/vexim/vexim2/commit/21c0a60d12e9d587f905cd084b2c70f9b1592065" }, { - "url": "https:\/\/vuldb.com\/?id.215903" + "url": "https://vuldb.com/?id.215903", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215903" } ] } diff --git a/2022/4xxx/CVE-2022-4524.json b/2022/4xxx/CVE-2022-4524.json index a4ebaec6d217..165b721e2bb9 100644 --- a/2022/4xxx/CVE-2022-4524.json +++ b/2022/4xxx/CVE-2022-4524.json @@ -52,7 +52,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src\/Modules\/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904." + "value": "A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904." } ] }, @@ -60,22 +60,30 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/roots\/soil\/pull\/285" + "url": "https://github.com/roots/soil/pull/285", + "refsource": "MISC", + "name": "https://github.com/roots/soil/pull/285" }, { - "url": "https:\/\/github.com\/roots\/soil\/releases\/tag\/4.1.1" + "url": "https://github.com/roots/soil/releases/tag/4.1.1", + "refsource": "MISC", + "name": "https://github.com/roots/soil/releases/tag/4.1.1" }, { - "url": "https:\/\/github.com\/roots\/soil\/commit\/0c9151e00ab047da253e5cdbfccb204dd423269d" + "url": "https://github.com/roots/soil/commit/0c9151e00ab047da253e5cdbfccb204dd423269d", + "refsource": "MISC", + "name": "https://github.com/roots/soil/commit/0c9151e00ab047da253e5cdbfccb204dd423269d" }, { - "url": "https:\/\/vuldb.com\/?id.215904" + "url": "https://vuldb.com/?id.215904", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215904" } ] } diff --git a/2022/4xxx/CVE-2022-4525.json b/2022/4xxx/CVE-2022-4525.json index c740e1405763..b4405ec522d0 100644 --- a/2022/4xxx/CVE-2022-4525.json +++ b/2022/4xxx/CVE-2022-4525.json @@ -63,19 +63,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/nsrr\/sleepdata.org\/commit\/da44a3893b407087829b006d09339780919714cd" + "url": "https://github.com/nsrr/sleepdata.org/commit/da44a3893b407087829b006d09339780919714cd", + "refsource": "MISC", + "name": "https://github.com/nsrr/sleepdata.org/commit/da44a3893b407087829b006d09339780919714cd" }, { - "url": "https:\/\/github.com\/nsrr\/sleepdata.org\/releases\/tag\/v59.0.0" + "url": "https://github.com/nsrr/sleepdata.org/releases/tag/v59.0.0", + "refsource": "MISC", + "name": "https://github.com/nsrr/sleepdata.org/releases/tag/v59.0.0" }, { - "url": "https:\/\/vuldb.com\/?id.215905" + "url": "https://vuldb.com/?id.215905", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215905" } ] } diff --git a/2022/4xxx/CVE-2022-4526.json b/2022/4xxx/CVE-2022-4526.json index 86dbac1bb9b5..3c9d54aaa730 100644 --- a/2022/4xxx/CVE-2022-4526.json +++ b/2022/4xxx/CVE-2022-4526.json @@ -52,7 +52,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue\/templates\/photologue\/photo_detail.html of the component Default Template Handler. The manipulation of the argument object.caption leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.16 is able to address this issue. The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7. It is recommended to apply a patch to fix this issue. VDB-215906 is the identifier assigned to this vulnerability." + "value": "A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photo_detail.html of the component Default Template Handler. The manipulation of the argument object.caption leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.16 is able to address this issue. The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7. It is recommended to apply a patch to fix this issue. VDB-215906 is the identifier assigned to this vulnerability." } ] }, @@ -60,19 +60,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/richardbarran\/django-photologue\/issues\/223" + "url": "https://github.com/richardbarran/django-photologue/issues/223", + "refsource": "MISC", + "name": "https://github.com/richardbarran/django-photologue/issues/223" }, { - "url": "https:\/\/github.com\/richardbarran\/django-photologue\/commit\/960cb060ce5e2964e6d716ff787c72fc18a371e7" + "url": "https://github.com/richardbarran/django-photologue/commit/960cb060ce5e2964e6d716ff787c72fc18a371e7", + "refsource": "MISC", + "name": "https://github.com/richardbarran/django-photologue/commit/960cb060ce5e2964e6d716ff787c72fc18a371e7" }, { - "url": "https:\/\/vuldb.com\/?id.215906" + "url": "https://vuldb.com/?id.215906", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215906" } ] } diff --git a/2022/4xxx/CVE-2022-4527.json b/2022/4xxx/CVE-2022-4527.json index cd25ee9d41a3..b46388f5eb93 100644 --- a/2022/4xxx/CVE-2022-4527.json +++ b/2022/4xxx/CVE-2022-4527.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell\/AssignedGroupColumn of the file src\/collective\/task\/browser\/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907." + "value": "A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907." } ] }, @@ -84,19 +84,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/collective\/collective.task\/commit\/1aac7f83fa2c2b41d59ba02748912953461f3fac" + "url": "https://github.com/collective/collective.task/commit/1aac7f83fa2c2b41d59ba02748912953461f3fac", + "refsource": "MISC", + "name": "https://github.com/collective/collective.task/commit/1aac7f83fa2c2b41d59ba02748912953461f3fac" }, { - "url": "https:\/\/github.com\/collective\/collective.task\/releases\/tag\/3.0.10" + "url": "https://github.com/collective/collective.task/releases/tag/3.0.10", + "refsource": "MISC", + "name": "https://github.com/collective/collective.task/releases/tag/3.0.10" }, { - "url": "https:\/\/vuldb.com\/?id.215907" + "url": "https://vuldb.com/?id.215907", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215907" } ] } From 9878ab67cf3ccf058a285f0b8baee5d8efe8dd36 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Dec 2022 23:00:39 +0000 Subject: [PATCH 032/754] "-Synchronized-Data." --- 2022/40xxx/CVE-2022-40004.json | 56 +++++++++++++++++++++++++---- 2022/45xxx/CVE-2022-45338.json | 56 +++++++++++++++++++++++++---- 2022/45xxx/CVE-2022-45969.json | 56 +++++++++++++++++++++++++---- 2022/46xxx/CVE-2022-46392.json | 61 +++++++++++++++++++++++++++---- 2022/46xxx/CVE-2022-46393.json | 66 ++++++++++++++++++++++++++++++---- 2022/4xxx/CVE-2022-4528.json | 18 ++++++++++ 2022/4xxx/CVE-2022-4529.json | 18 ++++++++++ 2022/4xxx/CVE-2022-4530.json | 18 ++++++++++ 8 files changed, 319 insertions(+), 30 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4528.json create mode 100644 2022/4xxx/CVE-2022-4529.json create mode 100644 2022/4xxx/CVE-2022-4530.json diff --git a/2022/40xxx/CVE-2022-40004.json b/2022/40xxx/CVE-2022-40004.json index c53bc946268e..e12737bf5255 100644 --- a/2022/40xxx/CVE-2022-40004.json +++ b/2022/40xxx/CVE-2022-40004.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40004", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40004", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/s3d113/bba63da007fcbe243615dd2a81690ffb", + "url": "https://gist.github.com/s3d113/bba63da007fcbe243615dd2a81690ffb" } ] } diff --git a/2022/45xxx/CVE-2022-45338.json b/2022/45xxx/CVE-2022-45338.json index e959e336a613..fbe0aef65d53 100644 --- a/2022/45xxx/CVE-2022-45338.json +++ b/2022/45xxx/CVE-2022-45338.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45338", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45338", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272", + "url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272" } ] } diff --git a/2022/45xxx/CVE-2022-45969.json b/2022/45xxx/CVE-2022-45969.json index f9614534bf8a..c8f4db1f68e2 100644 --- a/2022/45xxx/CVE-2022-45969.json +++ b/2022/45xxx/CVE-2022-45969.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45969", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45969", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Alist v3.4.0 is vulnerable to Directory Traversal," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alist-org/alist/issues/2449", + "refsource": "MISC", + "name": "https://github.com/alist-org/alist/issues/2449" } ] } diff --git a/2022/46xxx/CVE-2022-46392.json b/2022/46xxx/CVE-2022-46392.json index 44c13e801e8f..991628443991 100644 --- a/2022/46xxx/CVE-2022-46392.json +++ b/2022/46xxx/CVE-2022-46392.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0", + "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2", + "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2" } ] } diff --git a/2022/46xxx/CVE-2022-46393.json b/2022/46xxx/CVE-2022-46393.json index 7d7363f58a0b..0b97fee2957e 100644 --- a/2022/46xxx/CVE-2022-46393.json +++ b/2022/46xxx/CVE-2022-46393.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46393", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46393", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", + "refsource": "MISC", + "name": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0", + "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2", + "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2" } ] } diff --git a/2022/4xxx/CVE-2022-4528.json b/2022/4xxx/CVE-2022-4528.json new file mode 100644 index 000000000000..33b71eaf1d17 --- /dev/null +++ b/2022/4xxx/CVE-2022-4528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4529.json b/2022/4xxx/CVE-2022-4529.json new file mode 100644 index 000000000000..5e8d29372e4b --- /dev/null +++ b/2022/4xxx/CVE-2022-4529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4530.json b/2022/4xxx/CVE-2022-4530.json new file mode 100644 index 000000000000..4185c5b130ce --- /dev/null +++ b/2022/4xxx/CVE-2022-4530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f69a74d815ee7ae79c072427b6e674122f4f2cb5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 00:00:39 +0000 Subject: [PATCH 033/754] "-Synchronized-Data." --- 2022/41xxx/CVE-2022-41960.json | 86 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4531.json | 18 +++++++ 2022/4xxx/CVE-2022-4532.json | 18 +++++++ 3 files changed, 118 insertions(+), 4 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4531.json create mode 100644 2022/4xxx/CVE-2022-4532.json diff --git a/2022/41xxx/CVE-2022-41960.json b/2022/41xxx/CVE-2022-41960.json index 2a5b4f3a2b25..fb7fe78008f9 100644 --- a/2022/41xxx/CVE-2022-41960.json +++ b/2022/41xxx/CVE-2022-41960.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an invalid authToken. This forces the victim to leave the conference, because the resulting verification failure is also observed and handled by the victim's client. The attacker must be a participant in any meeting on the server. This issue is patched in version 2.4.3. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "< 2.4.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rgjp-3r74-g4cm", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rgjp-3r74-g4cm" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1" + } + ] + }, + "source": { + "advisory": "GHSA-rgjp-3r74-g4cm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4531.json b/2022/4xxx/CVE-2022-4531.json new file mode 100644 index 000000000000..e3d41a692e3e --- /dev/null +++ b/2022/4xxx/CVE-2022-4531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4532.json b/2022/4xxx/CVE-2022-4532.json new file mode 100644 index 000000000000..e0cb56fc46de --- /dev/null +++ b/2022/4xxx/CVE-2022-4532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 15c0cf9e4934fe30cafffb84e9f7604d43a5a853 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 02:00:38 +0000 Subject: [PATCH 034/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4533.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4534.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4535.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4536.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4537.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4538.json | 18 ++++++++++++++++++ 6 files changed, 108 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4533.json create mode 100644 2022/4xxx/CVE-2022-4534.json create mode 100644 2022/4xxx/CVE-2022-4535.json create mode 100644 2022/4xxx/CVE-2022-4536.json create mode 100644 2022/4xxx/CVE-2022-4537.json create mode 100644 2022/4xxx/CVE-2022-4538.json diff --git a/2022/4xxx/CVE-2022-4533.json b/2022/4xxx/CVE-2022-4533.json new file mode 100644 index 000000000000..6634c9e6df8a --- /dev/null +++ b/2022/4xxx/CVE-2022-4533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4534.json b/2022/4xxx/CVE-2022-4534.json new file mode 100644 index 000000000000..e125c9458ca7 --- /dev/null +++ b/2022/4xxx/CVE-2022-4534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4535.json b/2022/4xxx/CVE-2022-4535.json new file mode 100644 index 000000000000..fbdebae0c90c --- /dev/null +++ b/2022/4xxx/CVE-2022-4535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4536.json b/2022/4xxx/CVE-2022-4536.json new file mode 100644 index 000000000000..ff1a7dc2a0ed --- /dev/null +++ b/2022/4xxx/CVE-2022-4536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4537.json b/2022/4xxx/CVE-2022-4537.json new file mode 100644 index 000000000000..1bd46a5c21ba --- /dev/null +++ b/2022/4xxx/CVE-2022-4537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4538.json b/2022/4xxx/CVE-2022-4538.json new file mode 100644 index 000000000000..5a5e5883401c --- /dev/null +++ b/2022/4xxx/CVE-2022-4538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From c98f6f5dcee164ae4eff1deb35086a5449365dd6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 03:00:38 +0000 Subject: [PATCH 035/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4539.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4540.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4541.json | 18 ++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4539.json create mode 100644 2022/4xxx/CVE-2022-4540.json create mode 100644 2022/4xxx/CVE-2022-4541.json diff --git a/2022/4xxx/CVE-2022-4539.json b/2022/4xxx/CVE-2022-4539.json new file mode 100644 index 000000000000..3d169af856f2 --- /dev/null +++ b/2022/4xxx/CVE-2022-4539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4540.json b/2022/4xxx/CVE-2022-4540.json new file mode 100644 index 000000000000..07757b3ef1a7 --- /dev/null +++ b/2022/4xxx/CVE-2022-4540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4541.json b/2022/4xxx/CVE-2022-4541.json new file mode 100644 index 000000000000..91455f72e85e --- /dev/null +++ b/2022/4xxx/CVE-2022-4541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2c27911d74fdb2faab5913b74847c630f72efc24 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 04:00:43 +0000 Subject: [PATCH 036/754] "-Synchronized-Data." --- 2022/39xxx/CVE-2022-39282.json | 5 +++++ 2022/39xxx/CVE-2022-39283.json | 5 +++++ 2022/39xxx/CVE-2022-39316.json | 10 ++++++++++ 2022/39xxx/CVE-2022-39317.json | 10 ++++++++++ 2022/39xxx/CVE-2022-39318.json | 10 ++++++++++ 2022/39xxx/CVE-2022-39319.json | 10 ++++++++++ 2022/39xxx/CVE-2022-39320.json | 10 ++++++++++ 2022/39xxx/CVE-2022-39347.json | 10 ++++++++++ 2022/41xxx/CVE-2022-41262.json | 4 ++-- 2022/41xxx/CVE-2022-41274.json | 4 ++-- 2022/41xxx/CVE-2022-41877.json | 10 ++++++++++ 2022/45xxx/CVE-2022-45061.json | 20 ++++++++++++++++++++ 2022/46xxx/CVE-2022-46340.json | 5 +++++ 2022/46xxx/CVE-2022-46341.json | 5 +++++ 2022/46xxx/CVE-2022-46342.json | 5 +++++ 2022/46xxx/CVE-2022-46343.json | 5 +++++ 2022/46xxx/CVE-2022-46344.json | 5 +++++ 2022/4xxx/CVE-2022-4283.json | 5 +++++ 2022/4xxx/CVE-2022-4542.json | 18 ++++++++++++++++++ 2023/0xxx/CVE-2023-0012.json | 18 ++++++++++++++++++ 2023/0xxx/CVE-2023-0013.json | 18 ++++++++++++++++++ 2023/0xxx/CVE-2023-0014.json | 18 ++++++++++++++++++ 2023/0xxx/CVE-2023-0015.json | 18 ++++++++++++++++++ 2023/0xxx/CVE-2023-0016.json | 18 ++++++++++++++++++ 24 files changed, 242 insertions(+), 4 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4542.json create mode 100644 2023/0xxx/CVE-2023-0012.json create mode 100644 2023/0xxx/CVE-2023-0013.json create mode 100644 2023/0xxx/CVE-2023-0014.json create mode 100644 2023/0xxx/CVE-2023-0015.json create mode 100644 2023/0xxx/CVE-2023-0016.json diff --git a/2022/39xxx/CVE-2022-39282.json b/2022/39xxx/CVE-2022-39282.json index 4ad905ecd364..fe82c32e23b4 100644 --- a/2022/39xxx/CVE-2022-39282.json +++ b/2022/39xxx/CVE-2022-39282.json @@ -93,6 +93,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e733724edb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" } ] }, diff --git a/2022/39xxx/CVE-2022-39283.json b/2022/39xxx/CVE-2022-39283.json index 0adbefb98b96..9a36fc833642 100644 --- a/2022/39xxx/CVE-2022-39283.json +++ b/2022/39xxx/CVE-2022-39283.json @@ -93,6 +93,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e733724edb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" } ] }, diff --git a/2022/39xxx/CVE-2022-39316.json b/2022/39xxx/CVE-2022-39316.json index 2370d666dc70..99e7b19005e4 100644 --- a/2022/39xxx/CVE-2022-39316.json +++ b/2022/39xxx/CVE-2022-39316.json @@ -78,6 +78,16 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076b1c9978", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/" } ] }, diff --git a/2022/39xxx/CVE-2022-39317.json b/2022/39xxx/CVE-2022-39317.json index 130c28504d3f..def1273a1fe7 100644 --- a/2022/39xxx/CVE-2022-39317.json +++ b/2022/39xxx/CVE-2022-39317.json @@ -73,6 +73,16 @@ "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh", "refsource": "CONFIRM", "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076b1c9978", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/" } ] }, diff --git a/2022/39xxx/CVE-2022-39318.json b/2022/39xxx/CVE-2022-39318.json index 70cf9c60ac38..e20ce84ee601 100644 --- a/2022/39xxx/CVE-2022-39318.json +++ b/2022/39xxx/CVE-2022-39318.json @@ -86,6 +86,16 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076b1c9978", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/" } ] }, diff --git a/2022/39xxx/CVE-2022-39319.json b/2022/39xxx/CVE-2022-39319.json index 0d724de5310c..d4ca2fe07d87 100644 --- a/2022/39xxx/CVE-2022-39319.json +++ b/2022/39xxx/CVE-2022-39319.json @@ -78,6 +78,16 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076b1c9978", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/" } ] }, diff --git a/2022/39xxx/CVE-2022-39320.json b/2022/39xxx/CVE-2022-39320.json index 671e5e5fbd0d..b0ba2e467a5f 100644 --- a/2022/39xxx/CVE-2022-39320.json +++ b/2022/39xxx/CVE-2022-39320.json @@ -73,6 +73,16 @@ "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j", "refsource": "CONFIRM", "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076b1c9978", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/" } ] }, diff --git a/2022/39xxx/CVE-2022-39347.json b/2022/39xxx/CVE-2022-39347.json index ef27d0502e61..82d0bdcc4200 100644 --- a/2022/39xxx/CVE-2022-39347.json +++ b/2022/39xxx/CVE-2022-39347.json @@ -78,6 +78,16 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076b1c9978", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/" } ] }, diff --git a/2022/41xxx/CVE-2022-41262.json b/2022/41xxx/CVE-2022-41262.json index 02aac3db123f..fd90a7d7f96d 100644 --- a/2022/41xxx/CVE-2022-41262.json +++ b/2022/41xxx/CVE-2022-41262.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" } ] } diff --git a/2022/41xxx/CVE-2022-41274.json b/2022/41xxx/CVE-2022-41274.json index 026c86ecbbc7..b48215ed252e 100644 --- a/2022/41xxx/CVE-2022-41274.json +++ b/2022/41xxx/CVE-2022-41274.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", - "cweId": "CWE-200" + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" } ] } diff --git a/2022/41xxx/CVE-2022-41877.json b/2022/41xxx/CVE-2022-41877.json index 73c9fbdd0a51..d8abdcc92059 100644 --- a/2022/41xxx/CVE-2022-41877.json +++ b/2022/41xxx/CVE-2022-41877.json @@ -78,6 +78,16 @@ "name": "https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba", "refsource": "MISC", "url": "https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd6e43dec8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-076b1c9978", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/" } ] }, diff --git a/2022/45xxx/CVE-2022-45061.json b/2022/45xxx/CVE-2022-45061.json index 4503ba8b16cf..251d5960d8ff 100644 --- a/2022/45xxx/CVE-2022-45061.json +++ b/2022/45xxx/CVE-2022-45061.json @@ -91,6 +91,26 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e6d0495206", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-6d51289820", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-50deb53896", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-93c6916349", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-18b234c18b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/" } ] } diff --git a/2022/46xxx/CVE-2022-46340.json b/2022/46xxx/CVE-2022-46340.json index a9e34092a8a3..c56a737eb1c7 100644 --- a/2022/46xxx/CVE-2022-46340.json +++ b/2022/46xxx/CVE-2022-46340.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-c3a65f7c65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" } ] }, diff --git a/2022/46xxx/CVE-2022-46341.json b/2022/46xxx/CVE-2022-46341.json index bfdc184938c2..a8b65a769230 100644 --- a/2022/46xxx/CVE-2022-46341.json +++ b/2022/46xxx/CVE-2022-46341.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-46341", "url": "https://access.redhat.com/security/cve/CVE-2022-46341" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-c3a65f7c65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" } ] }, diff --git a/2022/46xxx/CVE-2022-46342.json b/2022/46xxx/CVE-2022-46342.json index f1a3cb6e4557..ac4743fa80dd 100644 --- a/2022/46xxx/CVE-2022-46342.json +++ b/2022/46xxx/CVE-2022-46342.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-46342", "url": "https://access.redhat.com/security/cve/CVE-2022-46342" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-c3a65f7c65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" } ] }, diff --git a/2022/46xxx/CVE-2022-46343.json b/2022/46xxx/CVE-2022-46343.json index 6758ebe0cbbf..8ab1426682a5 100644 --- a/2022/46xxx/CVE-2022-46343.json +++ b/2022/46xxx/CVE-2022-46343.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-c3a65f7c65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" } ] }, diff --git a/2022/46xxx/CVE-2022-46344.json b/2022/46xxx/CVE-2022-46344.json index cf783d9b5b57..0d3ffeb936eb 100644 --- a/2022/46xxx/CVE-2022-46344.json +++ b/2022/46xxx/CVE-2022-46344.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-c3a65f7c65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" } ] }, diff --git a/2022/4xxx/CVE-2022-4283.json b/2022/4xxx/CVE-2022-4283.json index 1ddd21e3f8f3..6b0c67d14cb1 100644 --- a/2022/4xxx/CVE-2022-4283.json +++ b/2022/4xxx/CVE-2022-4283.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-4283", "url": "https://access.redhat.com/security/cve/CVE-2022-4283" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-c3a65f7c65", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" } ] }, diff --git a/2022/4xxx/CVE-2022-4542.json b/2022/4xxx/CVE-2022-4542.json new file mode 100644 index 000000000000..2c6137717532 --- /dev/null +++ b/2022/4xxx/CVE-2022-4542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0012.json b/2023/0xxx/CVE-2023-0012.json new file mode 100644 index 000000000000..5cb1b08ae5ff --- /dev/null +++ b/2023/0xxx/CVE-2023-0012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0013.json b/2023/0xxx/CVE-2023-0013.json new file mode 100644 index 000000000000..e6d1934647b2 --- /dev/null +++ b/2023/0xxx/CVE-2023-0013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0014.json b/2023/0xxx/CVE-2023-0014.json new file mode 100644 index 000000000000..a9f6ae49fa40 --- /dev/null +++ b/2023/0xxx/CVE-2023-0014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0015.json b/2023/0xxx/CVE-2023-0015.json new file mode 100644 index 000000000000..915819136cfc --- /dev/null +++ b/2023/0xxx/CVE-2023-0015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0016.json b/2023/0xxx/CVE-2023-0016.json new file mode 100644 index 000000000000..e35e872be581 --- /dev/null +++ b/2023/0xxx/CVE-2023-0016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 73d747b64a92284678cb4975ce6939d669d8250d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 08:00:39 +0000 Subject: [PATCH 037/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4543.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4544.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4545.json | 18 ++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4543.json create mode 100644 2022/4xxx/CVE-2022-4544.json create mode 100644 2022/4xxx/CVE-2022-4545.json diff --git a/2022/4xxx/CVE-2022-4543.json b/2022/4xxx/CVE-2022-4543.json new file mode 100644 index 000000000000..1fb5effc8f96 --- /dev/null +++ b/2022/4xxx/CVE-2022-4543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4544.json b/2022/4xxx/CVE-2022-4544.json new file mode 100644 index 000000000000..d4399e0615ed --- /dev/null +++ b/2022/4xxx/CVE-2022-4544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4545.json b/2022/4xxx/CVE-2022-4545.json new file mode 100644 index 000000000000..0a7eb813aa94 --- /dev/null +++ b/2022/4xxx/CVE-2022-4545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e66c9b230c11a9a6332a4815c950d8551d2ee9a4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 09:00:40 +0000 Subject: [PATCH 038/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4546.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4547.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4548.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4549.json | 18 ++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4546.json create mode 100644 2022/4xxx/CVE-2022-4547.json create mode 100644 2022/4xxx/CVE-2022-4548.json create mode 100644 2022/4xxx/CVE-2022-4549.json diff --git a/2022/4xxx/CVE-2022-4546.json b/2022/4xxx/CVE-2022-4546.json new file mode 100644 index 000000000000..83a4f15a04b7 --- /dev/null +++ b/2022/4xxx/CVE-2022-4546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4547.json b/2022/4xxx/CVE-2022-4547.json new file mode 100644 index 000000000000..daf87b96acaf --- /dev/null +++ b/2022/4xxx/CVE-2022-4547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4548.json b/2022/4xxx/CVE-2022-4548.json new file mode 100644 index 000000000000..a1539167f8d4 --- /dev/null +++ b/2022/4xxx/CVE-2022-4548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4549.json b/2022/4xxx/CVE-2022-4549.json new file mode 100644 index 000000000000..3e9bf0befa24 --- /dev/null +++ b/2022/4xxx/CVE-2022-4549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 3d74a4e5bdf05afe7e6e34031d5f50613263729e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 10:00:39 +0000 Subject: [PATCH 039/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4550.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4551.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4550.json create mode 100644 2022/4xxx/CVE-2022-4551.json diff --git a/2022/4xxx/CVE-2022-4550.json b/2022/4xxx/CVE-2022-4550.json new file mode 100644 index 000000000000..7b02e460855a --- /dev/null +++ b/2022/4xxx/CVE-2022-4550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4551.json b/2022/4xxx/CVE-2022-4551.json new file mode 100644 index 000000000000..770c65f3b04f --- /dev/null +++ b/2022/4xxx/CVE-2022-4551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 3c7d02c80082580b08bb5a1901f783f1c8095e0a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 11:00:40 +0000 Subject: [PATCH 040/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4552.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4553.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4552.json create mode 100644 2022/4xxx/CVE-2022-4553.json diff --git a/2022/4xxx/CVE-2022-4552.json b/2022/4xxx/CVE-2022-4552.json new file mode 100644 index 000000000000..ad74423ff3f6 --- /dev/null +++ b/2022/4xxx/CVE-2022-4552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4553.json b/2022/4xxx/CVE-2022-4553.json new file mode 100644 index 000000000000..0f445c2582ff --- /dev/null +++ b/2022/4xxx/CVE-2022-4553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ec1fe4a2e1fa074b32480e8250ea50ff39c5666e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 13:00:37 +0000 Subject: [PATCH 041/754] "-Synchronized-Data." --- 2021/28xxx/CVE-2021-28655.json | 68 ++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41961.json | 95 ++++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41962.json | 86 ++++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46870.json | 63 ++++++++++++++++++++-- 4 files changed, 295 insertions(+), 17 deletions(-) diff --git a/2021/28xxx/CVE-2021-28655.json b/2021/28xxx/CVE-2021-28655.json index 0728d13e556b..54011db15cd3 100644 --- a/2021/28xxx/CVE-2021-28655.json +++ b/2021/28xxx/CVE-2021-28655.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-28655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The improper Input Validation vulnerability in \"\u201dMove folder to Trash\u201d feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Zeppelin", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Kai Zhao" + } + ] } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41961.json b/2022/41xxx/CVE-2022-41961.json index a63301d92df4..d3504c1dfa56 100644 --- a/2022/41xxx/CVE-2022-41961.json +++ b/2022/41xxx/CVE-2022-41961.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered users from the same extId. This issue has been fixed by improving permissions such that banning a user removes all users related to their extId, including registered users that have not joined the meeting. This issue is patched in versions 2.4-rc-6 and 2.5-alpha-1. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-346: Origin Validation Error", + "cweId": "CWE-346" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "< v2.4-rc-6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-wxjp-h88g-7fqg", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-wxjp-h88g-7fqg" + } + ] + }, + "source": { + "advisory": "GHSA-wxjp-h88g-7fqg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/41xxx/CVE-2022-41962.json b/2022/41xxx/CVE-2022-41962.json index 2a73440a6f92..936b88b18974 100644 --- a/2022/41xxx/CVE-2022-41962.json +++ b/2022/41xxx/CVE-2022-41962.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "<2.4-rc-6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-88qf-33qm-9mm7", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-88qf-33qm-9mm7" + } + ] + }, + "source": { + "advisory": "GHSA-88qf-33qm-9mm7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46870.json b/2022/46xxx/CVE-2022-46870.json index 933231eb0d34..1fb5947f5d74 100644 --- a/2022/46xxx/CVE-2022-46870.json +++ b/2022/46xxx/CVE-2022-46870.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Zeppelin", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/gb1wdnrm1095xw6qznpsycfrht4lwbwc", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/gb1wdnrm1095xw6qznpsycfrht4lwbwc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "ZEPPELIN-4333" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file From 416edee5f40ff2145ed6f5efe268aeabdd3fc80a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 14:00:39 +0000 Subject: [PATCH 042/754] "-Synchronized-Data." --- 2022/36xxx/CVE-2022-36223.json | 56 ++++++++++++++++++++--- 2022/41xxx/CVE-2022-41963.json | 81 ++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4554.json | 18 ++++++++ 2022/4xxx/CVE-2022-4555.json | 84 ++++++++++++++++++++++++++++++++++ 4 files changed, 229 insertions(+), 10 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4554.json create mode 100644 2022/4xxx/CVE-2022-4555.json diff --git a/2022/36xxx/CVE-2022-36223.json b/2022/36xxx/CVE-2022-36223.json index 2758eba8966f..71b6a9752e6e 100644 --- a/2022/36xxx/CVE-2022-36223.json +++ b/2022/36xxx/CVE-2022-36223.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-36223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-36223", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@cupc4k3/administrator-account-takeover-in-emby-media-server-616fc2a6704f", + "refsource": "MISC", + "name": "https://medium.com/@cupc4k3/administrator-account-takeover-in-emby-media-server-616fc2a6704f" } ] } diff --git a/2022/41xxx/CVE-2022-41963.json b/2022/41xxx/CVE-2022-41963.json index c135c3ca6b12..60eb0638a728 100644 --- a/2022/41xxx/CVE-2022-41963.json +++ b/2022/41xxx/CVE-2022-41963.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281: Improper Preservation of Permissions", + "cweId": "CWE-281" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "< 2.4.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-v6p9-926c-6qfp", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-v6p9-926c-6qfp" + } + ] + }, + "source": { + "advisory": "GHSA-v6p9-926c-6qfp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4554.json b/2022/4xxx/CVE-2022-4554.json new file mode 100644 index 000000000000..b067b69bf36c --- /dev/null +++ b/2022/4xxx/CVE-2022-4554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4555.json b/2022/4xxx/CVE-2022-4555.json new file mode 100644 index 000000000000..430c129e8259 --- /dev/null +++ b/2022/4xxx/CVE-2022-4555.json @@ -0,0 +1,84 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-4555", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpvar", + "product": { + "product_data": [ + { + "product_name": "WP Shamsi \u2013 \u0627\u0641\u0632\u0648\u0646\u0647 \u062a\u0627\u0631\u06cc\u062e \u0634\u0645\u0633\u06cc \u0648 \u0641\u0627\u0631\u0633\u06cc \u0633\u0627\u0632 \u0648\u0631\u062f\u067e\u0631\u0633", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b498c5a-9fd1-43b8-b456-f6cec65d5077", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b498c5a-9fd1-43b8-b456-f6cec65d5077" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2645044%40wp-shamsi&new=2645044%40wp-shamsi&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2645044%40wp-shamsi&new=2645044%40wp-shamsi&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Chloe Chamberland" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file From b8df0032c629cd8e5235b90f3e3da2dbc4e9b959 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 15:00:41 +0000 Subject: [PATCH 043/754] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3109.json | 55 ++++++++++++++++++++++++++++++++-- 2022/47xxx/CVE-2022-47377.json | 50 +++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4556.json | 18 +++++++++++ 2022/4xxx/CVE-2022-4557.json | 18 +++++++++++ 2022/4xxx/CVE-2022-4558.json | 18 +++++++++++ 2022/4xxx/CVE-2022-4559.json | 18 +++++++++++ 2022/4xxx/CVE-2022-4560.json | 18 +++++++++++ 2022/4xxx/CVE-2022-4561.json | 18 +++++++++++ 2022/4xxx/CVE-2022-4562.json | 18 +++++++++++ 9 files changed, 225 insertions(+), 6 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4556.json create mode 100644 2022/4xxx/CVE-2022-4557.json create mode 100644 2022/4xxx/CVE-2022-4558.json create mode 100644 2022/4xxx/CVE-2022-4559.json create mode 100644 2022/4xxx/CVE-2022-4560.json create mode 100644 2022/4xxx/CVE-2022-4561.json create mode 100644 2022/4xxx/CVE-2022-4562.json diff --git a/2022/3xxx/CVE-2022-3109.json b/2022/3xxx/CVE-2022-3109.json index b2a1d129828c..d122f718d5da 100644 --- a/2022/3xxx/CVE-2022-3109.json +++ b/2022/3xxx/CVE-2022-3109.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FFmpeg", + "version": { + "version_data": [ + { + "version_value": "FFmpg n5.2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568", + "url": "https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153551", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153551" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability." } ] } diff --git a/2022/47xxx/CVE-2022-47377.json b/2022/47xxx/CVE-2022-47377.json index 4bfb7bbab1b1..3ad9c22a22a0 100644 --- a/2022/47xxx/CVE-2022-47377.json +++ b/2022/47xxx/CVE-2022-47377.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@sick.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SICK SIM2000ST (LFT PPC)", + "version": { + "version_data": [ + { + "version_value": "Partnumber 2086502 with firmware version < 1.13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sick.com/psirt", + "url": "https://sick.com/psirt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal)." } ] } diff --git a/2022/4xxx/CVE-2022-4556.json b/2022/4xxx/CVE-2022-4556.json new file mode 100644 index 000000000000..7c5691e929f1 --- /dev/null +++ b/2022/4xxx/CVE-2022-4556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4557.json b/2022/4xxx/CVE-2022-4557.json new file mode 100644 index 000000000000..6ec5cb023bdf --- /dev/null +++ b/2022/4xxx/CVE-2022-4557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4558.json b/2022/4xxx/CVE-2022-4558.json new file mode 100644 index 000000000000..3ac4ccead2dc --- /dev/null +++ b/2022/4xxx/CVE-2022-4558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4559.json b/2022/4xxx/CVE-2022-4559.json new file mode 100644 index 000000000000..9735e83759a3 --- /dev/null +++ b/2022/4xxx/CVE-2022-4559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4560.json b/2022/4xxx/CVE-2022-4560.json new file mode 100644 index 000000000000..cec2eb2d48c6 --- /dev/null +++ b/2022/4xxx/CVE-2022-4560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4561.json b/2022/4xxx/CVE-2022-4561.json new file mode 100644 index 000000000000..6e7f79f3fbae --- /dev/null +++ b/2022/4xxx/CVE-2022-4561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4562.json b/2022/4xxx/CVE-2022-4562.json new file mode 100644 index 000000000000..bb7472a0833c --- /dev/null +++ b/2022/4xxx/CVE-2022-4562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 877212aefe87a99ad37028e714af2fc5ba87d5f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 15:00:52 +0000 Subject: [PATCH 044/754] "-Synchronized-Data." --- 2022/27xxx/CVE-2022-27585.json | 2 +- 2022/27xxx/CVE-2022-27586.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/2022/27xxx/CVE-2022-27585.json b/2022/27xxx/CVE-2022-27585.json index ac567aaab60a..e8991a82e43d 100644 --- a/2022/27xxx/CVE-2022-27585.json +++ b/2022/27xxx/CVE-2022-27585.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version < 1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible. (available in SICK Support Portal)" + "value": "Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal)." } ] } diff --git a/2022/27xxx/CVE-2022-27586.json b/2022/27xxx/CVE-2022-27586.json index 93dc80e97be3..2b40dfd0b350 100644 --- a/2022/27xxx/CVE-2022-27586.json +++ b/2022/27xxx/CVE-2022-27586.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version < 2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible." + "value": "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal)." } ] } From 5104b51b995c4c19649473071fe200f99e0a9812 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 16:00:40 +0000 Subject: [PATCH 045/754] "-Synchronized-Data." --- 2022/20xxx/CVE-2022-20199.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20503.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20504.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20505.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20506.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20507.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20508.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20509.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20510.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20511.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20512.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20513.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20514.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20515.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20516.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20517.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20518.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20519.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20520.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20521.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20522.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20523.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20524.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20525.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20526.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20527.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20528.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20529.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20530.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20531.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20533.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20535.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20536.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20537.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20538.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20539.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20540.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20541.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20543.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20544.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20545.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20546.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20547.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20548.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20549.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20550.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20552.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20553.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20554.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20555.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20556.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20557.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20558.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20559.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20560.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20561.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20562.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20563.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20564.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20566.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20567.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20568.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20569.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20570.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20571.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20572.json | 50 +++++++++++++++++-- 2022/20xxx/CVE-2022-20574.json | 50 +++++++++++++++++-- 2022/27xxx/CVE-2022-27582.json | 2 +- 2022/27xxx/CVE-2022-27584.json | 6 +-- 2022/42xxx/CVE-2022-42517.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42518.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42519.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42520.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42521.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42522.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42523.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42524.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42525.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42526.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42527.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42529.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42530.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42531.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42532.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42534.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42535.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42542.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42543.json | 50 +++++++++++++++++-- 2022/42xxx/CVE-2022-42544.json | 50 +++++++++++++++++-- 2022/43xxx/CVE-2022-43989.json | 4 +- 2022/43xxx/CVE-2022-43990.json | 2 +- 2022/44xxx/CVE-2022-44498.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44499.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44500.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44502.json | 90 +++++++++++++++++++++++++++++++--- 2022/45xxx/CVE-2022-45796.json | 50 +++++++++++++++++-- 2022/46xxx/CVE-2022-46135.json | 56 ++++++++++++++++++--- 2022/46xxx/CVE-2022-46137.json | 56 ++++++++++++++++++--- 2022/4xxx/CVE-2022-4130.json | 50 +++++++++++++++++-- 2022/4xxx/CVE-2022-4326.json | 88 +++++++++++++++++++++++++++++++-- 100 files changed, 4710 insertions(+), 314 deletions(-) diff --git a/2022/20xxx/CVE-2022-20199.json b/2022/20xxx/CVE-2022-20199.json index facf07ef098b..97f971a4669d 100644 --- a/2022/20xxx/CVE-2022-20199.json +++ b/2022/20xxx/CVE-2022-20199.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025" } ] } diff --git a/2022/20xxx/CVE-2022-20503.json b/2022/20xxx/CVE-2022-20503.json index b221d4409614..1c246ffb80f5 100644 --- a/2022/20xxx/CVE-2022-20503.json +++ b/2022/20xxx/CVE-2022-20503.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890" } ] } diff --git a/2022/20xxx/CVE-2022-20504.json b/2022/20xxx/CVE-2022-20504.json index c2b0b83b8579..300ed1991dc7 100644 --- a/2022/20xxx/CVE-2022-20504.json +++ b/2022/20xxx/CVE-2022-20504.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553" } ] } diff --git a/2022/20xxx/CVE-2022-20505.json b/2022/20xxx/CVE-2022-20505.json index 6a780c789678..ef7be7120ff6 100644 --- a/2022/20xxx/CVE-2022-20505.json +++ b/2022/20xxx/CVE-2022-20505.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754" } ] } diff --git a/2022/20xxx/CVE-2022-20506.json b/2022/20xxx/CVE-2022-20506.json index 065c2310ee24..bf3002b5e30d 100644 --- a/2022/20xxx/CVE-2022-20506.json +++ b/2022/20xxx/CVE-2022-20506.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034" } ] } diff --git a/2022/20xxx/CVE-2022-20507.json b/2022/20xxx/CVE-2022-20507.json index 6719daa83ec0..2bfce179c199 100644 --- a/2022/20xxx/CVE-2022-20507.json +++ b/2022/20xxx/CVE-2022-20507.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179" } ] } diff --git a/2022/20xxx/CVE-2022-20508.json b/2022/20xxx/CVE-2022-20508.json index 35e02dabb1f1..bec355aea8e7 100644 --- a/2022/20xxx/CVE-2022-20508.json +++ b/2022/20xxx/CVE-2022-20508.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614" } ] } diff --git a/2022/20xxx/CVE-2022-20509.json b/2022/20xxx/CVE-2022-20509.json index 05595a90abf7..8247a7229d9b 100644 --- a/2022/20xxx/CVE-2022-20509.json +++ b/2022/20xxx/CVE-2022-20509.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317" } ] } diff --git a/2022/20xxx/CVE-2022-20510.json b/2022/20xxx/CVE-2022-20510.json index 14983dfe6d1f..23f0649dd5ba 100644 --- a/2022/20xxx/CVE-2022-20510.json +++ b/2022/20xxx/CVE-2022-20510.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336" } ] } diff --git a/2022/20xxx/CVE-2022-20511.json b/2022/20xxx/CVE-2022-20511.json index 10496a5a628b..ad4ea3811336 100644 --- a/2022/20xxx/CVE-2022-20511.json +++ b/2022/20xxx/CVE-2022-20511.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829" } ] } diff --git a/2022/20xxx/CVE-2022-20512.json b/2022/20xxx/CVE-2022-20512.json index 0e8d058fcdbc..66973468dcf5 100644 --- a/2022/20xxx/CVE-2022-20512.json +++ b/2022/20xxx/CVE-2022-20512.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879" } ] } diff --git a/2022/20xxx/CVE-2022-20513.json b/2022/20xxx/CVE-2022-20513.json index c3551997d0eb..1f205cb3520c 100644 --- a/2022/20xxx/CVE-2022-20513.json +++ b/2022/20xxx/CVE-2022-20513.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759" } ] } diff --git a/2022/20xxx/CVE-2022-20514.json b/2022/20xxx/CVE-2022-20514.json index db12d8dd8b7c..d8e5e0c588df 100644 --- a/2022/20xxx/CVE-2022-20514.json +++ b/2022/20xxx/CVE-2022-20514.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875" } ] } diff --git a/2022/20xxx/CVE-2022-20515.json b/2022/20xxx/CVE-2022-20515.json index d0da9f618207..380fb84957f4 100644 --- a/2022/20xxx/CVE-2022-20515.json +++ b/2022/20xxx/CVE-2022-20515.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496" } ] } diff --git a/2022/20xxx/CVE-2022-20516.json b/2022/20xxx/CVE-2022-20516.json index 44a51c0936b4..82dfe0488160 100644 --- a/2022/20xxx/CVE-2022-20516.json +++ b/2022/20xxx/CVE-2022-20516.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331" } ] } diff --git a/2022/20xxx/CVE-2022-20517.json b/2022/20xxx/CVE-2022-20517.json index 106a32fe02b0..11c864e20917 100644 --- a/2022/20xxx/CVE-2022-20517.json +++ b/2022/20xxx/CVE-2022-20517.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956" } ] } diff --git a/2022/20xxx/CVE-2022-20518.json b/2022/20xxx/CVE-2022-20518.json index bfad0933f75a..34ab2512b2e2 100644 --- a/2022/20xxx/CVE-2022-20518.json +++ b/2022/20xxx/CVE-2022-20518.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203" } ] } diff --git a/2022/20xxx/CVE-2022-20519.json b/2022/20xxx/CVE-2022-20519.json index ee91f8bf8d8b..40ec019b503b 100644 --- a/2022/20xxx/CVE-2022-20519.json +++ b/2022/20xxx/CVE-2022-20519.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678" } ] } diff --git a/2022/20xxx/CVE-2022-20520.json b/2022/20xxx/CVE-2022-20520.json index f3c1abc8af6a..80e1ec7ee9e0 100644 --- a/2022/20xxx/CVE-2022-20520.json +++ b/2022/20xxx/CVE-2022-20520.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202" } ] } diff --git a/2022/20xxx/CVE-2022-20521.json b/2022/20xxx/CVE-2022-20521.json index e95913eacdde..77211619f1b7 100644 --- a/2022/20xxx/CVE-2022-20521.json +++ b/2022/20xxx/CVE-2022-20521.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684" } ] } diff --git a/2022/20xxx/CVE-2022-20522.json b/2022/20xxx/CVE-2022-20522.json index 2800d1110feb..cec72bc3fdd7 100644 --- a/2022/20xxx/CVE-2022-20522.json +++ b/2022/20xxx/CVE-2022-20522.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877" } ] } diff --git a/2022/20xxx/CVE-2022-20523.json b/2022/20xxx/CVE-2022-20523.json index d4109e0668de..ed11268d35c5 100644 --- a/2022/20xxx/CVE-2022-20523.json +++ b/2022/20xxx/CVE-2022-20523.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508" } ] } diff --git a/2022/20xxx/CVE-2022-20524.json b/2022/20xxx/CVE-2022-20524.json index e757068f9142..969a75786e5c 100644 --- a/2022/20xxx/CVE-2022-20524.json +++ b/2022/20xxx/CVE-2022-20524.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213" } ] } diff --git a/2022/20xxx/CVE-2022-20525.json b/2022/20xxx/CVE-2022-20525.json index d1826c72df62..edd9422ee07d 100644 --- a/2022/20xxx/CVE-2022-20525.json +++ b/2022/20xxx/CVE-2022-20525.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768" } ] } diff --git a/2022/20xxx/CVE-2022-20526.json b/2022/20xxx/CVE-2022-20526.json index 0a2412848c0f..379d18c46e56 100644 --- a/2022/20xxx/CVE-2022-20526.json +++ b/2022/20xxx/CVE-2022-20526.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774" } ] } diff --git a/2022/20xxx/CVE-2022-20527.json b/2022/20xxx/CVE-2022-20527.json index 8dd3a3a527c1..3ceece1e250f 100644 --- a/2022/20xxx/CVE-2022-20527.json +++ b/2022/20xxx/CVE-2022-20527.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861" } ] } diff --git a/2022/20xxx/CVE-2022-20528.json b/2022/20xxx/CVE-2022-20528.json index dd9f629e43ae..308655e6bfae 100644 --- a/2022/20xxx/CVE-2022-20528.json +++ b/2022/20xxx/CVE-2022-20528.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711" } ] } diff --git a/2022/20xxx/CVE-2022-20529.json b/2022/20xxx/CVE-2022-20529.json index 278e1473658c..1c5a9ff4e35a 100644 --- a/2022/20xxx/CVE-2022-20529.json +++ b/2022/20xxx/CVE-2022-20529.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603" } ] } diff --git a/2022/20xxx/CVE-2022-20530.json b/2022/20xxx/CVE-2022-20530.json index 88981f10d01e..8c3d63f0eb44 100644 --- a/2022/20xxx/CVE-2022-20530.json +++ b/2022/20xxx/CVE-2022-20530.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645" } ] } diff --git a/2022/20xxx/CVE-2022-20531.json b/2022/20xxx/CVE-2022-20531.json index 648245cc6656..0d3e59968425 100644 --- a/2022/20xxx/CVE-2022-20531.json +++ b/2022/20xxx/CVE-2022-20531.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In placeCall of TelecomManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231988638" } ] } diff --git a/2022/20xxx/CVE-2022-20533.json b/2022/20xxx/CVE-2022-20533.json index 63c0e0d242ea..6d3b01db2b26 100644 --- a/2022/20xxx/CVE-2022-20533.json +++ b/2022/20xxx/CVE-2022-20533.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363" } ] } diff --git a/2022/20xxx/CVE-2022-20535.json b/2022/20xxx/CVE-2022-20535.json index 766ef50a295f..ae2e13007d3d 100644 --- a/2022/20xxx/CVE-2022-20535.json +++ b/2022/20xxx/CVE-2022-20535.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242" } ] } diff --git a/2022/20xxx/CVE-2022-20536.json b/2022/20xxx/CVE-2022-20536.json index ff16d33a1659..7c791fe65a4e 100644 --- a/2022/20xxx/CVE-2022-20536.json +++ b/2022/20xxx/CVE-2022-20536.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180" } ] } diff --git a/2022/20xxx/CVE-2022-20537.json b/2022/20xxx/CVE-2022-20537.json index ef2bdd57f494..4e282d7602d6 100644 --- a/2022/20xxx/CVE-2022-20537.json +++ b/2022/20xxx/CVE-2022-20537.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169" } ] } diff --git a/2022/20xxx/CVE-2022-20538.json b/2022/20xxx/CVE-2022-20538.json index d95630f06755..e6f591196102 100644 --- a/2022/20xxx/CVE-2022-20538.json +++ b/2022/20xxx/CVE-2022-20538.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770" } ] } diff --git a/2022/20xxx/CVE-2022-20539.json b/2022/20xxx/CVE-2022-20539.json index 09d1cfbf1676..57c9e651ab4e 100644 --- a/2022/20xxx/CVE-2022-20539.json +++ b/2022/20xxx/CVE-2022-20539.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425" } ] } diff --git a/2022/20xxx/CVE-2022-20540.json b/2022/20xxx/CVE-2022-20540.json index 3402ef73d8a6..a731d1c013e3 100644 --- a/2022/20xxx/CVE-2022-20540.json +++ b/2022/20xxx/CVE-2022-20540.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506" } ] } diff --git a/2022/20xxx/CVE-2022-20541.json b/2022/20xxx/CVE-2022-20541.json index 533892bd39c7..4071edbaa543 100644 --- a/2022/20xxx/CVE-2022-20541.json +++ b/2022/20xxx/CVE-2022-20541.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126" } ] } diff --git a/2022/20xxx/CVE-2022-20543.json b/2022/20xxx/CVE-2022-20543.json index c9939fc22b6b..0b4e987d7c5d 100644 --- a/2022/20xxx/CVE-2022-20543.json +++ b/2022/20xxx/CVE-2022-20543.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261" } ] } diff --git a/2022/20xxx/CVE-2022-20544.json b/2022/20xxx/CVE-2022-20544.json index 01046048c8c3..469970bda5ad 100644 --- a/2022/20xxx/CVE-2022-20544.json +++ b/2022/20xxx/CVE-2022-20544.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070" } ] } diff --git a/2022/20xxx/CVE-2022-20545.json b/2022/20xxx/CVE-2022-20545.json index 799934207314..10fbc9aee85f 100644 --- a/2022/20xxx/CVE-2022-20545.json +++ b/2022/20xxx/CVE-2022-20545.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697" } ] } diff --git a/2022/20xxx/CVE-2022-20546.json b/2022/20xxx/CVE-2022-20546.json index 4f9c304d3386..850c267a23c4 100644 --- a/2022/20xxx/CVE-2022-20546.json +++ b/2022/20xxx/CVE-2022-20546.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798" } ] } diff --git a/2022/20xxx/CVE-2022-20547.json b/2022/20xxx/CVE-2022-20547.json index f0c7714222a9..aaab0475ac44 100644 --- a/2022/20xxx/CVE-2022-20547.json +++ b/2022/20xxx/CVE-2022-20547.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753" } ] } diff --git a/2022/20xxx/CVE-2022-20548.json b/2022/20xxx/CVE-2022-20548.json index d920a4bdc078..c6538d696a99 100644 --- a/2022/20xxx/CVE-2022-20548.json +++ b/2022/20xxx/CVE-2022-20548.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398" } ] } diff --git a/2022/20xxx/CVE-2022-20549.json b/2022/20xxx/CVE-2022-20549.json index f91516993cb8..f04ebd2967a5 100644 --- a/2022/20xxx/CVE-2022-20549.json +++ b/2022/20xxx/CVE-2022-20549.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451" } ] } diff --git a/2022/20xxx/CVE-2022-20550.json b/2022/20xxx/CVE-2022-20550.json index 89d2a96e8b2a..2874953be807 100644 --- a/2022/20xxx/CVE-2022-20550.json +++ b/2022/20xxx/CVE-2022-20550.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514" } ] } diff --git a/2022/20xxx/CVE-2022-20552.json b/2022/20xxx/CVE-2022-20552.json index 828e0efc85d8..76e1b469b2c5 100644 --- a/2022/20xxx/CVE-2022-20552.json +++ b/2022/20xxx/CVE-2022-20552.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806" } ] } diff --git a/2022/20xxx/CVE-2022-20553.json b/2022/20xxx/CVE-2022-20553.json index d517a661985a..8aea6a1feed7 100644 --- a/2022/20xxx/CVE-2022-20553.json +++ b/2022/20xxx/CVE-2022-20553.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265" } ] } diff --git a/2022/20xxx/CVE-2022-20554.json b/2022/20xxx/CVE-2022-20554.json index c55257780bc2..d9b266d05988 100644 --- a/2022/20xxx/CVE-2022-20554.json +++ b/2022/20xxx/CVE-2022-20554.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20554", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596" } ] } diff --git a/2022/20xxx/CVE-2022-20555.json b/2022/20xxx/CVE-2022-20555.json index 699481646a52..d3d84bb03b9a 100644 --- a/2022/20xxx/CVE-2022-20555.json +++ b/2022/20xxx/CVE-2022-20555.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233" } ] } diff --git a/2022/20xxx/CVE-2022-20556.json b/2022/20xxx/CVE-2022-20556.json index ce351507ca3e..52f32c5181ec 100644 --- a/2022/20xxx/CVE-2022-20556.json +++ b/2022/20xxx/CVE-2022-20556.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667" } ] } diff --git a/2022/20xxx/CVE-2022-20557.json b/2022/20xxx/CVE-2022-20557.json index ceba525347f5..53583fe7ebb5 100644 --- a/2022/20xxx/CVE-2022-20557.json +++ b/2022/20xxx/CVE-2022-20557.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734" } ] } diff --git a/2022/20xxx/CVE-2022-20558.json b/2022/20xxx/CVE-2022-20558.json index 69faf4e6fc52..a3d5b67c1bf2 100644 --- a/2022/20xxx/CVE-2022-20558.json +++ b/2022/20xxx/CVE-2022-20558.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289" } ] } diff --git a/2022/20xxx/CVE-2022-20559.json b/2022/20xxx/CVE-2022-20559.json index 89850280fdf3..80c5bfba62ce 100644 --- a/2022/20xxx/CVE-2022-20559.json +++ b/2022/20xxx/CVE-2022-20559.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967" } ] } diff --git a/2022/20xxx/CVE-2022-20560.json b/2022/20xxx/CVE-2022-20560.json index ede84ad64db1..655990471742 100644 --- a/2022/20xxx/CVE-2022-20560.json +++ b/2022/20xxx/CVE-2022-20560.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20561.json b/2022/20xxx/CVE-2022-20561.json index 2a4d9a7edbe9..87664ef9fde9 100644 --- a/2022/20xxx/CVE-2022-20561.json +++ b/2022/20xxx/CVE-2022-20561.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20562.json b/2022/20xxx/CVE-2022-20562.json index 66b0ff1754bd..55b507c035f3 100644 --- a/2022/20xxx/CVE-2022-20562.json +++ b/2022/20xxx/CVE-2022-20562.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20563.json b/2022/20xxx/CVE-2022-20563.json index b06a1d9a6e78..9c1dd85057fa 100644 --- a/2022/20xxx/CVE-2022-20563.json +++ b/2022/20xxx/CVE-2022-20563.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20564.json b/2022/20xxx/CVE-2022-20564.json index c367225ca1cc..a67dd8b84cb3 100644 --- a/2022/20xxx/CVE-2022-20564.json +++ b/2022/20xxx/CVE-2022-20564.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20566.json b/2022/20xxx/CVE-2022-20566.json index f4d9dcd5ee44..02066f425567 100644 --- a/2022/20xxx/CVE-2022-20566.json +++ b/2022/20xxx/CVE-2022-20566.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20567.json b/2022/20xxx/CVE-2022-20567.json index 07cc70b9458e..1643a184e1cc 100644 --- a/2022/20xxx/CVE-2022-20567.json +++ b/2022/20xxx/CVE-2022-20567.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20568.json b/2022/20xxx/CVE-2022-20568.json index d3f42e35d747..749aacb521fd 100644 --- a/2022/20xxx/CVE-2022-20568.json +++ b/2022/20xxx/CVE-2022-20568.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20569.json b/2022/20xxx/CVE-2022-20569.json index f45b488d2520..74e522a8fc5a 100644 --- a/2022/20xxx/CVE-2022-20569.json +++ b/2022/20xxx/CVE-2022-20569.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20570.json b/2022/20xxx/CVE-2022-20570.json index a515ccc0d5ef..8a626da06815 100644 --- a/2022/20xxx/CVE-2022-20570.json +++ b/2022/20xxx/CVE-2022-20570.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20571.json b/2022/20xxx/CVE-2022-20571.json index 56c47c7c1597..9a74483354db 100644 --- a/2022/20xxx/CVE-2022-20571.json +++ b/2022/20xxx/CVE-2022-20571.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20572.json b/2022/20xxx/CVE-2022-20572.json index aa6217307a57..b68131a9d84f 100644 --- a/2022/20xxx/CVE-2022-20572.json +++ b/2022/20xxx/CVE-2022-20572.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20574.json b/2022/20xxx/CVE-2022-20574.json index bb28fe065794..fb9757db29eb 100644 --- a/2022/20xxx/CVE-2022-20574.json +++ b/2022/20xxx/CVE-2022-20574.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A" } ] } diff --git a/2022/27xxx/CVE-2022-27582.json b/2022/27xxx/CVE-2022-27582.json index 1e0458f3d768..ce32cf10a2ca 100644 --- a/2022/27xxx/CVE-2022-27582.json +++ b/2022/27xxx/CVE-2022-27582.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Password recovery vulnerability in SICK SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM4000. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled." + "value": "Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled." } ] } diff --git a/2022/27xxx/CVE-2022-27584.json b/2022/27xxx/CVE-2022-27584.json index 53e71524834b..079ace333f98 100644 --- a/2022/27xxx/CVE-2022-27584.json +++ b/2022/27xxx/CVE-2022-27584.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "SICK SIM2000ST", + "product_name": "SICK SIM2000ST (PPC)", "version": { "version_data": [ { - "version_value": "Partnumber 2086502 and 1080579" + "version_value": "Partnumber 1080579" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 and 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to a increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. Please make sure that you apply general security practices when operating the SIM2000ST. The following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled." + "value": "Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled." } ] } diff --git a/2022/42xxx/CVE-2022-42517.json b/2022/42xxx/CVE-2022-42517.json index 68ddebcb5230..d2f085c3c429 100644 --- a/2022/42xxx/CVE-2022-42517.json +++ b/2022/42xxx/CVE-2022-42517.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763682References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42518.json b/2022/42xxx/CVE-2022-42518.json index cf2ee1db9165..0fda7fd0f0ed 100644 --- a/2022/42xxx/CVE-2022-42518.json +++ b/2022/42xxx/CVE-2022-42518.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42519.json b/2022/42xxx/CVE-2022-42519.json index faf69b55fe67..27fa848eedd1 100644 --- a/2022/42xxx/CVE-2022-42519.json +++ b/2022/42xxx/CVE-2022-42519.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42520.json b/2022/42xxx/CVE-2022-42520.json index 2c8b66720d6d..8d118a91e05f 100644 --- a/2022/42xxx/CVE-2022-42520.json +++ b/2022/42xxx/CVE-2022-42520.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42521.json b/2022/42xxx/CVE-2022-42521.json index 7d4a33576479..eb1cdcfcec74 100644 --- a/2022/42xxx/CVE-2022-42521.json +++ b/2022/42xxx/CVE-2022-42521.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42522.json b/2022/42xxx/CVE-2022-42522.json index e88f9205933a..39c8dd7cbcf9 100644 --- a/2022/42xxx/CVE-2022-42522.json +++ b/2022/42xxx/CVE-2022-42522.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42523.json b/2022/42xxx/CVE-2022-42523.json index bb0dbd7226cb..88663749a42a 100644 --- a/2022/42xxx/CVE-2022-42523.json +++ b/2022/42xxx/CVE-2022-42523.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376893References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42524.json b/2022/42xxx/CVE-2022-42524.json index f64b229c8787..c0db7575583a 100644 --- a/2022/42xxx/CVE-2022-42524.json +++ b/2022/42xxx/CVE-2022-42524.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42525.json b/2022/42xxx/CVE-2022-42525.json index 450ee7eb9309..a20d6b7245fc 100644 --- a/2022/42xxx/CVE-2022-42525.json +++ b/2022/42xxx/CVE-2022-42525.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509750References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42526.json b/2022/42xxx/CVE-2022-42526.json index 1f5aec142d7a..4317175f32d1 100644 --- a/2022/42xxx/CVE-2022-42526.json +++ b/2022/42xxx/CVE-2022-42526.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509880References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42527.json b/2022/42xxx/CVE-2022-42527.json index 53319b7849d9..4f33bf8a3482 100644 --- a/2022/42xxx/CVE-2022-42527.json +++ b/2022/42xxx/CVE-2022-42527.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42529.json b/2022/42xxx/CVE-2022-42529.json index 6d877e098848..d7c4f76dd264 100644 --- a/2022/42xxx/CVE-2022-42529.json +++ b/2022/42xxx/CVE-2022-42529.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42530.json b/2022/42xxx/CVE-2022-42530.json index e84f25d0d678..027cd2cab2ad 100644 --- a/2022/42xxx/CVE-2022-42530.json +++ b/2022/42xxx/CVE-2022-42530.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42531.json b/2022/42xxx/CVE-2022-42531.json index fc240ab6e7d5..6d46f9344b9a 100644 --- a/2022/42xxx/CVE-2022-42531.json +++ b/2022/42xxx/CVE-2022-42531.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42532.json b/2022/42xxx/CVE-2022-42532.json index 7b45a39529c0..cfc3ab6d87d2 100644 --- a/2022/42xxx/CVE-2022-42532.json +++ b/2022/42xxx/CVE-2022-42532.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42534.json b/2022/42xxx/CVE-2022-42534.json index b246f06456b4..d37856fb55b2 100644 --- a/2022/42xxx/CVE-2022-42534.json +++ b/2022/42xxx/CVE-2022-42534.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42535.json b/2022/42xxx/CVE-2022-42535.json index 6dc4ad31bf24..7cb40c0af60e 100644 --- a/2022/42xxx/CVE-2022-42535.json +++ b/2022/42xxx/CVE-2022-42535.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183" } ] } diff --git a/2022/42xxx/CVE-2022-42542.json b/2022/42xxx/CVE-2022-42542.json index 8c2d2e031eeb..acaeedaca2f1 100644 --- a/2022/42xxx/CVE-2022-42542.json +++ b/2022/42xxx/CVE-2022-42542.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184" } ] } diff --git a/2022/42xxx/CVE-2022-42543.json b/2022/42xxx/CVE-2022-42543.json index ee9ee2ab779c..5af199260cd5 100644 --- a/2022/42xxx/CVE-2022-42543.json +++ b/2022/42xxx/CVE-2022-42543.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42544.json b/2022/42xxx/CVE-2022-42544.json index 282177acca30..68e1684aef66 100644 --- a/2022/42xxx/CVE-2022-42544.json +++ b/2022/42xxx/CVE-2022-42544.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390" } ] } diff --git a/2022/43xxx/CVE-2022-43989.json b/2022/43xxx/CVE-2022-43989.json index c9fb6dd10967..95a37513cbfc 100644 --- a/2022/43xxx/CVE-2022-43989.json +++ b/2022/43xxx/CVE-2022-43989.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Partnumber 1092673 and 1081902 with firmware version <= 1.2.0" + "version_value": "Partnumber 1092673 and 1081902 with firmware version < 1.2.0" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version <= 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >1.2.0 as soon as possible." + "value": "Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal)." } ] } diff --git a/2022/43xxx/CVE-2022-43990.json b/2022/43xxx/CVE-2022-43990.json index f0e510f07259..d3bb41feac4c 100644 --- a/2022/43xxx/CVE-2022-43990.json +++ b/2022/43xxx/CVE-2022-43990.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal)" + "value": "Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal)." } ] } diff --git a/2022/44xxx/CVE-2022-44498.json b/2022/44xxx/CVE-2022-44498.json index 84bb2191bc5c..f7c2332572ef 100644 --- a/2022/44xxx/CVE-2022-44498.json +++ b/2022/44xxx/CVE-2022-44498.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Illustrator Out-of-Bound Read Memory leak" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Illustrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "27.0" + }, + { + "version_affected": "<=", + "version_value": "26.5.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html", + "name": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44499.json b/2022/44xxx/CVE-2022-44499.json index b20ffba2b2e7..1e0b9a5cbf8f 100644 --- a/2022/44xxx/CVE-2022-44499.json +++ b/2022/44xxx/CVE-2022-44499.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44499", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Illustrator Out-of-Bound Read Memory leak" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Illustrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "27.0" + }, + { + "version_affected": "<=", + "version_value": "26.5.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html", + "name": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44500.json b/2022/44xxx/CVE-2022-44500.json index 022f7ee33599..47ce8ef924d8 100644 --- a/2022/44xxx/CVE-2022-44500.json +++ b/2022/44xxx/CVE-2022-44500.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Illustrator Out-of-Bound Read Memory leak" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Illustrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "27.0" + }, + { + "version_affected": "<=", + "version_value": "26.5.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html", + "name": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44502.json b/2022/44xxx/CVE-2022-44502.json index 7c6e9c3fadd7..ee6df059a91c 100644 --- a/2022/44xxx/CVE-2022-44502.json +++ b/2022/44xxx/CVE-2022-44502.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Illustrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "27.0" + }, + { + "version_affected": "<=", + "version_value": "26.5.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html", + "name": "https://helpx.adobe.com/security/products/illustrator/apsb22-60.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45796.json b/2022/45xxx/CVE-2022-45796.json index 0101e7041afa..ea8c08dcf4db 100644 --- a/2022/45xxx/CVE-2022-45796.json +++ b/2022/45xxx/CVE-2022-45796.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ART@zuso.ai", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SHARP multifunction printers (MFPs)", + "version": { + "version_data": [ + { + "version_value": "Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2022-11.html", + "url": "https://global.sharp/products/copier/info/info_security_2022-11.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors." } ] } diff --git a/2022/46xxx/CVE-2022-46135.json b/2022/46xxx/CVE-2022-46135.json index 85ada1ba74bf..c8730e4fcc33 100644 --- a/2022/46xxx/CVE-2022-46135.json +++ b/2022/46xxx/CVE-2022-46135.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46135", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46135", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MegaTKC/AeroCMS/issues/5", + "refsource": "MISC", + "name": "https://github.com/MegaTKC/AeroCMS/issues/5" } ] } diff --git a/2022/46xxx/CVE-2022-46137.json b/2022/46xxx/CVE-2022-46137.json index 3d41bcf92f23..c7567d8a6d04 100644 --- a/2022/46xxx/CVE-2022-46137.json +++ b/2022/46xxx/CVE-2022-46137.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46137", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46137", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MegaTKC/AeroCMS/issues/7", + "refsource": "MISC", + "name": "https://github.com/MegaTKC/AeroCMS/issues/7" } ] } diff --git a/2022/4xxx/CVE-2022-4130.json b/2022/4xxx/CVE-2022-4130.json index 48d4d537efac..f09e1225d854 100644 --- a/2022/4xxx/CVE-2022-4130.json +++ b/2022/4xxx/CVE-2022-4130.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Satellite Server", + "version": { + "version_data": [ + { + "version_value": "Satellite Server 6.9,6.10,6.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Blind Site-to-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145254" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server." } ] } diff --git a/2022/4xxx/CVE-2022-4326.json b/2022/4xxx/CVE-2022-4326.json index 9d86594fe3f2..ae1af02bb62e 100644 --- a/2022/4xxx/CVE-2022-4326.json +++ b/2022/4xxx/CVE-2022-4326.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4326", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281 Improper Preservation of Permissions", + "cweId": "CWE-281" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trellix", + "product": { + "product_data": [ + { + "product_name": "xAgent", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.trellix.com/bundle/xagent_35-31-22_rn/page/UUID-73c848e7-6107-fe11-d83d-b17bd5b1449c.html", + "refsource": "MISC", + "name": "https://docs.trellix.com/bundle/xagent_35-31-22_rn/page/UUID-73c848e7-6107-fe11-d83d-b17bd5b1449c.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Matt DePaepe" + }, + { + "lang": "en", + "value": "Matt Espy " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } From b6ac545b4119e7bcb4ee2c0116415a179ff7a0fd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 16:00:53 +0000 Subject: [PATCH 046/754] "-Synchronized-Data." --- 2021/35xxx/CVE-2021-35252.json | 107 +++++++++++++++++++++++++++++++-- 2022/20xxx/CVE-2022-20575.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20576.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20577.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20578.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20579.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20580.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20581.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20582.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20583.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20584.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20585.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20586.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20587.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20588.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20589.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20590.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20591.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20592.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20593.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20594.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20595.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20596.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20597.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20598.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20599.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20600.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20601.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20602.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20603.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20604.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20605.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20606.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20607.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20608.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20609.json | 50 ++++++++++++++- 2022/20xxx/CVE-2022-20610.json | 50 ++++++++++++++- 2022/25xxx/CVE-2022-25626.json | 50 ++++++++++++++- 2022/25xxx/CVE-2022-25627.json | 50 ++++++++++++++- 2022/25xxx/CVE-2022-25628.json | 50 ++++++++++++++- 2022/31xxx/CVE-2022-31707.json | 50 ++++++++++++++- 2022/31xxx/CVE-2022-31708.json | 50 ++++++++++++++- 2022/35xxx/CVE-2022-35694.json | 90 +++++++++++++++++++++++++-- 2022/35xxx/CVE-2022-35696.json | 90 +++++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38106.json | 101 +++++++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42343.json | 90 +++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42351.json | 90 +++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42360.json | 90 +++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42366.json | 90 +++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42367.json | 90 +++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42501.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42502.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42503.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42504.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42505.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42506.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42507.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42508.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42509.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42510.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42511.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42512.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42513.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42514.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42515.json | 50 ++++++++++++++- 2022/42xxx/CVE-2022-42516.json | 50 ++++++++++++++- 2022/44xxx/CVE-2022-44462.json | 90 +++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44468.json | 90 +++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44469.json | 90 +++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44473.json | 90 +++++++++++++++++++++++++-- 70 files changed, 3803 insertions(+), 245 deletions(-) diff --git a/2021/35xxx/CVE-2021-35252.json b/2021/35xxx/CVE-2021-35252.json index 19747be80fec..861a4082d1f8 100644 --- a/2021/35xxx/CVE-2021-35252.json +++ b/2021/35xxx/CVE-2021-35252.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolarWinds", + "product": { + "product_data": [ + { + "product_name": "Serv-U FTP Server", + "version": { + "version_data": [ + { + "version_value": "15.3.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "SolarWinds advises to upgrade to the latest version of Serv-U 15.3.2 once became generally available." + } + ], + "value": "SolarWinds advises to upgrade to the latest version of Serv-U 15.3.2 once became generally available." + } + ], + "credits": [ + { + "lang": "en", + "value": "SecureWorks Disclosure Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/20xxx/CVE-2022-20575.json b/2022/20xxx/CVE-2022-20575.json index 0168e263c5bc..2f115c1830b3 100644 --- a/2022/20xxx/CVE-2022-20575.json +++ b/2022/20xxx/CVE-2022-20575.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20576.json b/2022/20xxx/CVE-2022-20576.json index 7b98fbbe64ff..5648effb8d0c 100644 --- a/2022/20xxx/CVE-2022-20576.json +++ b/2022/20xxx/CVE-2022-20576.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20577.json b/2022/20xxx/CVE-2022-20577.json index 591ae942687f..0c2b2269cd7a 100644 --- a/2022/20xxx/CVE-2022-20577.json +++ b/2022/20xxx/CVE-2022-20577.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20578.json b/2022/20xxx/CVE-2022-20578.json index 51e32a22b4b4..f8b4f3f67de0 100644 --- a/2022/20xxx/CVE-2022-20578.json +++ b/2022/20xxx/CVE-2022-20578.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20579.json b/2022/20xxx/CVE-2022-20579.json index 8ad2c3f657b7..6a9beda40510 100644 --- a/2022/20xxx/CVE-2022-20579.json +++ b/2022/20xxx/CVE-2022-20579.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20580.json b/2022/20xxx/CVE-2022-20580.json index cab9782135bd..fa1b3e932dd0 100644 --- a/2022/20xxx/CVE-2022-20580.json +++ b/2022/20xxx/CVE-2022-20580.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20581.json b/2022/20xxx/CVE-2022-20581.json index d7db286a42c5..4b50632abe0f 100644 --- a/2022/20xxx/CVE-2022-20581.json +++ b/2022/20xxx/CVE-2022-20581.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20582.json b/2022/20xxx/CVE-2022-20582.json index 23af71b4b80c..c8c94c6178bc 100644 --- a/2022/20xxx/CVE-2022-20582.json +++ b/2022/20xxx/CVE-2022-20582.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20583.json b/2022/20xxx/CVE-2022-20583.json index 091d6f2de479..d1e096335293 100644 --- a/2022/20xxx/CVE-2022-20583.json +++ b/2022/20xxx/CVE-2022-20583.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20584.json b/2022/20xxx/CVE-2022-20584.json index bdf733b249e2..7f8709e7988d 100644 --- a/2022/20xxx/CVE-2022-20584.json +++ b/2022/20xxx/CVE-2022-20584.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20585.json b/2022/20xxx/CVE-2022-20585.json index 778f9a145c50..52c282bfde85 100644 --- a/2022/20xxx/CVE-2022-20585.json +++ b/2022/20xxx/CVE-2022-20585.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20586.json b/2022/20xxx/CVE-2022-20586.json index 0e0e9b8c68f9..2e0ec4a31d9c 100644 --- a/2022/20xxx/CVE-2022-20586.json +++ b/2022/20xxx/CVE-2022-20586.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20587.json b/2022/20xxx/CVE-2022-20587.json index 8352fcd06402..e6c517cc0cc6 100644 --- a/2022/20xxx/CVE-2022-20587.json +++ b/2022/20xxx/CVE-2022-20587.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20588.json b/2022/20xxx/CVE-2022-20588.json index 809ac326dcaf..75f1577817b4 100644 --- a/2022/20xxx/CVE-2022-20588.json +++ b/2022/20xxx/CVE-2022-20588.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20589.json b/2022/20xxx/CVE-2022-20589.json index d3436c32eba6..2665bc3cc23a 100644 --- a/2022/20xxx/CVE-2022-20589.json +++ b/2022/20xxx/CVE-2022-20589.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20590.json b/2022/20xxx/CVE-2022-20590.json index 83bdfb4f57c0..44960824924f 100644 --- a/2022/20xxx/CVE-2022-20590.json +++ b/2022/20xxx/CVE-2022-20590.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20591.json b/2022/20xxx/CVE-2022-20591.json index 610e7c367e69..33dc861d6a47 100644 --- a/2022/20xxx/CVE-2022-20591.json +++ b/2022/20xxx/CVE-2022-20591.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20592.json b/2022/20xxx/CVE-2022-20592.json index 705f667842e3..f9d122beee0c 100644 --- a/2022/20xxx/CVE-2022-20592.json +++ b/2022/20xxx/CVE-2022-20592.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20593.json b/2022/20xxx/CVE-2022-20593.json index dd7d18c2f152..ed77c14bcbfc 100644 --- a/2022/20xxx/CVE-2022-20593.json +++ b/2022/20xxx/CVE-2022-20593.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20594.json b/2022/20xxx/CVE-2022-20594.json index 40ed80b08240..448f76dfbf16 100644 --- a/2022/20xxx/CVE-2022-20594.json +++ b/2022/20xxx/CVE-2022-20594.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239567689References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20595.json b/2022/20xxx/CVE-2022-20595.json index 1bb27f6481c9..a9a07bf24ed6 100644 --- a/2022/20xxx/CVE-2022-20595.json +++ b/2022/20xxx/CVE-2022-20595.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700137References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20596.json b/2022/20xxx/CVE-2022-20596.json index e859f47e9763..fc4dc4c8ae98 100644 --- a/2022/20xxx/CVE-2022-20596.json +++ b/2022/20xxx/CVE-2022-20596.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20597.json b/2022/20xxx/CVE-2022-20597.json index 2c15b2e1ce32..3496e661881e 100644 --- a/2022/20xxx/CVE-2022-20597.json +++ b/2022/20xxx/CVE-2022-20597.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20598.json b/2022/20xxx/CVE-2022-20598.json index 89bb859a843d..0fae34f7de72 100644 --- a/2022/20xxx/CVE-2022-20598.json +++ b/2022/20xxx/CVE-2022-20598.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20599.json b/2022/20xxx/CVE-2022-20599.json index 7d58cccd8a97..aea479238d84 100644 --- a/2022/20xxx/CVE-2022-20599.json +++ b/2022/20xxx/CVE-2022-20599.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332706References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20600.json b/2022/20xxx/CVE-2022-20600.json index 95d7cf5b14cd..ee6268d86b35 100644 --- a/2022/20xxx/CVE-2022-20600.json +++ b/2022/20xxx/CVE-2022-20600.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20601.json b/2022/20xxx/CVE-2022-20601.json index 2f45f24726ad..aaac3fa47829 100644 --- a/2022/20xxx/CVE-2022-20601.json +++ b/2022/20xxx/CVE-2022-20601.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20602.json b/2022/20xxx/CVE-2022-20602.json index 3801696ce301..7bf7e8025182 100644 --- a/2022/20xxx/CVE-2022-20602.json +++ b/2022/20xxx/CVE-2022-20602.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20603.json b/2022/20xxx/CVE-2022-20603.json index 8d0a9a7bd3ac..604c16bfb0e3 100644 --- a/2022/20xxx/CVE-2022-20603.json +++ b/2022/20xxx/CVE-2022-20603.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219265339References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20604.json b/2022/20xxx/CVE-2022-20604.json index e7f1b638ccda..70f3b1b70913 100644 --- a/2022/20xxx/CVE-2022-20604.json +++ b/2022/20xxx/CVE-2022-20604.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20605.json b/2022/20xxx/CVE-2022-20605.json index 778ef3fc53a2..19486453bbec 100644 --- a/2022/20xxx/CVE-2022-20605.json +++ b/2022/20xxx/CVE-2022-20605.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20606.json b/2022/20xxx/CVE-2022-20606.json index f14681471238..61832dfd1016 100644 --- a/2022/20xxx/CVE-2022-20606.json +++ b/2022/20xxx/CVE-2022-20606.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20607.json b/2022/20xxx/CVE-2022-20607.json index 550afa9c7dc8..b49df5ff5c30 100644 --- a/2022/20xxx/CVE-2022-20607.json +++ b/2022/20xxx/CVE-2022-20607.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20608.json b/2022/20xxx/CVE-2022-20608.json index 473596cf3778..3e176670f02a 100644 --- a/2022/20xxx/CVE-2022-20608.json +++ b/2022/20xxx/CVE-2022-20608.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20609.json b/2022/20xxx/CVE-2022-20609.json index 0009a1ba965a..ceaf43f0bda9 100644 --- a/2022/20xxx/CVE-2022-20609.json +++ b/2022/20xxx/CVE-2022-20609.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239240808References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20610.json b/2022/20xxx/CVE-2022-20610.json index 89715c784b05..44bc7097e74c 100644 --- a/2022/20xxx/CVE-2022-20610.json +++ b/2022/20xxx/CVE-2022-20610.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A" } ] } diff --git a/2022/25xxx/CVE-2022-25626.json b/2022/25xxx/CVE-2022-25626.json index e92e36435672..efb93338a2bc 100644 --- a/2022/25xxx/CVE-2022-25626.json +++ b/2022/25xxx/CVE-2022-25626.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Identity Governance and Administration", + "version": { + "version_data": [ + { + "version_value": "14.3, 14.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21136", + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21136" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated user can access Identity Manager\u2019s management console specific page URLs. However, the system doesn\u2019t allow the user to carry out server side tasks without a valid web session." } ] } diff --git a/2022/25xxx/CVE-2022-25627.json b/2022/25xxx/CVE-2022-25627.json index 84331cce961f..b86808eeda01 100644 --- a/2022/25xxx/CVE-2022-25627.json +++ b/2022/25xxx/CVE-2022-25627.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Identity Governance and Administration", + "version": { + "version_data": [ + { + "version_value": "14.3, 14.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Command Execution (RCE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21136", + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21136" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4" } ] } diff --git a/2022/25xxx/CVE-2022-25628.json b/2022/25xxx/CVE-2022-25628.json index 96be12629e79..7568ef95ab0d 100644 --- a/2022/25xxx/CVE-2022-25628.json +++ b/2022/25xxx/CVE-2022-25628.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Symantec Identity Governance and Administration", + "version": { + "version_data": [ + { + "version_value": "14.3, 14.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML eXternal Entity injection (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21136", + "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21136" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4" } ] } diff --git a/2022/31xxx/CVE-2022-31707.json b/2022/31xxx/CVE-2022-31707.json index 59f6580bbf7f..a0b84fa1b647 100644 --- a/2022/31xxx/CVE-2022-31707.json +++ b/2022/31xxx/CVE-2022-31707.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vRealize Operations (vROps)", + "version": { + "version_data": [ + { + "version_value": "VMware vRealize Operations (vROps) (Multiple Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware vRealize Operations (vROps) privilege escalation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0034.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0034.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2." } ] } diff --git a/2022/31xxx/CVE-2022-31708.json b/2022/31xxx/CVE-2022-31708.json index 646481258826..fb8c1b48dd30 100644 --- a/2022/31xxx/CVE-2022-31708.json +++ b/2022/31xxx/CVE-2022-31708.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vRealize Operations (vROps)", + "version": { + "version_data": [ + { + "version_value": "VMware vRealize Operations (vROps) (Multiple Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware vRealize Operations (vROps) contains an access control vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0034.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0034.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4." } ] } diff --git a/2022/35xxx/CVE-2022-35694.json b/2022/35xxx/CVE-2022-35694.json index 14dc10223504..02ed490c3001 100644 --- a/2022/35xxx/CVE-2022-35694.json +++ b/2022/35xxx/CVE-2022-35694.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-35694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35696.json b/2022/35xxx/CVE-2022-35696.json index 46db1bb6f484..ca7b7bd847e6 100644 --- a/2022/35xxx/CVE-2022-35696.json +++ b/2022/35xxx/CVE-2022-35696.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-35696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38106.json b/2022/38xxx/CVE-2022-38106.json index 93c5f0fc460f..2b7097cfb74f 100644 --- a/2022/38xxx/CVE-2022-38106.json +++ b/2022/38xxx/CVE-2022-38106.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolarWinds", + "product": { + "product_data": [ + { + "product_name": "Serv-U File Server", + "version": { + "version_data": [ + { + "version_value": "15.3.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106" + }, + { + "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nSolarWinds advises to upgrade to the latest version of Serv-U File Server 15.3.2 once became generally available.\n\n
" + } + ], + "value": "\nSolarWinds advises to upgrade to the latest version of Serv-U File Server 15.3.2 once became generally available.\n\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/42xxx/CVE-2022-42343.json b/2022/42xxx/CVE-2022-42343.json index 816f0fa7072f..ee878b03cd8b 100644 --- a/2022/42xxx/CVE-2022-42343.json +++ b/2022/42xxx/CVE-2022-42343.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42343", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Campaign Classic Server-Side Request Forgery Arbitrary file system read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Campaign Classic (ACC)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.3.1" + }, + { + "version_affected": "<=", + "version_value": "8.3.9" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 6.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF) (CWE-918)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/campaign/apsb22-58.html", + "name": "https://helpx.adobe.com/security/products/campaign/apsb22-58.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42351.json b/2022/42xxx/CVE-2022-42351.json index 14ca323cbc54..eb7b5017e3fe 100644 --- a/2022/42xxx/CVE-2022-42351.json +++ b/2022/42xxx/CVE-2022-42351.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Incorrect Authorization Security feature bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to disclose low level confidentiality information. Exploitation of this issue does not require user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 4.3, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization (CWE-863)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42360.json b/2022/42xxx/CVE-2022-42360.json index bf87981981a8..9ed6daed8033 100644 --- a/2022/42xxx/CVE-2022-42360.json +++ b/2022/42xxx/CVE-2022-42360.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42366.json b/2022/42xxx/CVE-2022-42366.json index d4a8240b04ff..2322eb4af9de 100644 --- a/2022/42xxx/CVE-2022-42366.json +++ b/2022/42xxx/CVE-2022-42366.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42366", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42367.json b/2022/42xxx/CVE-2022-42367.json index 01df3278693e..7379cc524510 100644 --- a/2022/42xxx/CVE-2022-42367.json +++ b/2022/42xxx/CVE-2022-42367.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42367", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42501.json b/2022/42xxx/CVE-2022-42501.json index 1ffdcbe088e7..27375679fe6d 100644 --- a/2022/42xxx/CVE-2022-42501.json +++ b/2022/42xxx/CVE-2022-42501.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42502.json b/2022/42xxx/CVE-2022-42502.json index 9cde694c8e58..d2660691b78a 100644 --- a/2022/42xxx/CVE-2022-42502.json +++ b/2022/42xxx/CVE-2022-42502.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42503.json b/2022/42xxx/CVE-2022-42503.json index 88c5f381e521..58c6c2f0f961 100644 --- a/2022/42xxx/CVE-2022-42503.json +++ b/2022/42xxx/CVE-2022-42503.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42504.json b/2022/42xxx/CVE-2022-42504.json index 40ff3b8398b4..e32567c48acd 100644 --- a/2022/42xxx/CVE-2022-42504.json +++ b/2022/42xxx/CVE-2022-42504.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42505.json b/2022/42xxx/CVE-2022-42505.json index a5ba4ab6f8ff..a4f0f136e887 100644 --- a/2022/42xxx/CVE-2022-42505.json +++ b/2022/42xxx/CVE-2022-42505.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232492References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42506.json b/2022/42xxx/CVE-2022-42506.json index c4744a7af604..26af96474051 100644 --- a/2022/42xxx/CVE-2022-42506.json +++ b/2022/42xxx/CVE-2022-42506.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388399References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42507.json b/2022/42xxx/CVE-2022-42507.json index 778387174c63..24934a553b69 100644 --- a/2022/42xxx/CVE-2022-42507.json +++ b/2022/42xxx/CVE-2022-42507.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42508.json b/2022/42xxx/CVE-2022-42508.json index 082b5916c288..2bc791fd6a9c 100644 --- a/2022/42xxx/CVE-2022-42508.json +++ b/2022/42xxx/CVE-2022-42508.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388966References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42509.json b/2022/42xxx/CVE-2022-42509.json index 214d53187365..778bb645ed8f 100644 --- a/2022/42xxx/CVE-2022-42509.json +++ b/2022/42xxx/CVE-2022-42509.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42510.json b/2022/42xxx/CVE-2022-42510.json index a158f5dcf9d0..d309afa26e05 100644 --- a/2022/42xxx/CVE-2022-42510.json +++ b/2022/42xxx/CVE-2022-42510.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762656References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42511.json b/2022/42xxx/CVE-2022-42511.json index c34caf38f575..c27af7702a04 100644 --- a/2022/42xxx/CVE-2022-42511.json +++ b/2022/42xxx/CVE-2022-42511.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762712References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42512.json b/2022/42xxx/CVE-2022-42512.json index 336589491f8d..8b952d63647c 100644 --- a/2022/42xxx/CVE-2022-42512.json +++ b/2022/42xxx/CVE-2022-42512.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763050References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42513.json b/2022/42xxx/CVE-2022-42513.json index 57e08ac93592..c74a9787e593 100644 --- a/2022/42xxx/CVE-2022-42513.json +++ b/2022/42xxx/CVE-2022-42513.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42514.json b/2022/42xxx/CVE-2022-42514.json index 161e0bb690ad..af36bed7a078 100644 --- a/2022/42xxx/CVE-2022-42514.json +++ b/2022/42xxx/CVE-2022-42514.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42515.json b/2022/42xxx/CVE-2022-42515.json index 63cc548e0e52..27bb812661cf 100644 --- a/2022/42xxx/CVE-2022-42515.json +++ b/2022/42xxx/CVE-2022-42515.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763503References: N/A" } ] } diff --git a/2022/42xxx/CVE-2022-42516.json b/2022/42xxx/CVE-2022-42516.json index 1d8cf665ded0..f5d7c39a9835 100644 --- a/2022/42xxx/CVE-2022-42516.json +++ b/2022/42xxx/CVE-2022-42516.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763577References: N/A" } ] } diff --git a/2022/44xxx/CVE-2022-44462.json b/2022/44xxx/CVE-2022-44462.json index a7ca19b441e9..637159e24fe4 100644 --- a/2022/44xxx/CVE-2022-44462.json +++ b/2022/44xxx/CVE-2022-44462.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44462", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44468.json b/2022/44xxx/CVE-2022-44468.json index 11494c59f4e6..921ee2bc97da 100644 --- a/2022/44xxx/CVE-2022-44468.json +++ b/2022/44xxx/CVE-2022-44468.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44468", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44469.json b/2022/44xxx/CVE-2022-44469.json index a296fd84c391..65ae095e09c2 100644 --- a/2022/44xxx/CVE-2022-44469.json +++ b/2022/44xxx/CVE-2022-44469.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44473.json b/2022/44xxx/CVE-2022-44473.json index 1ed2a2e13d4b..f7bd2da3d458 100644 --- a/2022/44xxx/CVE-2022-44473.json +++ b/2022/44xxx/CVE-2022-44473.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44473", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file From 6ba67eed6b4863db48bd952a51a0c9d6cd64824d Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Fri, 16 Dec 2022 17:41:15 +0100 Subject: [PATCH 047/754] CVE-2022-4556 + CVE-2022-4558 - CVE-2022-4561 --- 2022/4xxx/CVE-2022-4556.json | 67 ++++++++++++++- 2022/4xxx/CVE-2022-4558.json | 67 ++++++++++++++- 2022/4xxx/CVE-2022-4559.json | 70 ++++++++++++++- 2022/4xxx/CVE-2022-4560.json | 160 ++++++++++++++++++++++++++++++++++- 2022/4xxx/CVE-2022-4561.json | 61 ++++++++++++- 5 files changed, 410 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4556.json b/2022/4xxx/CVE-2022-4556.json index 7c5691e929f1..f5f25b602f13 100644 --- a/2022/4xxx/CVE-2022-4556.json +++ b/2022/4xxx/CVE-2022-4556.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Alinto SOGo Identity SOGoUserDefaults.m _migrateMailIdentities cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Alinto", + "product": { + "product_data": [ + { + "product_name": "SOGo", + "version": { + "version_data": [ + { + "version_value": "5.7.0" + }, + { + "version_value": "5.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects\/SOGo\/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/Alinto\/sogo\/commit\/efac49ae91a4a325df9931e78e543f707a0f8e5e" + }, + { + "url": "https:\/\/github.com\/Alinto\/sogo\/releases\/tag\/SOGo-5.8.0" + }, + { + "url": "https:\/\/vuldb.com\/?id.215960" } ] } diff --git a/2022/4xxx/CVE-2022-4558.json b/2022/4xxx/CVE-2022-4558.json index 3ac4ccead2dc..593b5e544a78 100644 --- a/2022/4xxx/CVE-2022-4558.json +++ b/2022/4xxx/CVE-2022-4558.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Alinto SOGo Folder\/Mail NSString+Utilities.m cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Alinto", + "product": { + "product_data": [ + { + "product_name": "SOGo", + "version": { + "version_data": [ + { + "version_value": "5.7.0" + }, + { + "version_value": "5.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects\/SOGo\/NSString+Utilities.m of the component Folder\/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/Alinto\/sogo\/commit\/1e0f5f00890f751e84d67be4f139dd7f00faa5f3" + }, + { + "url": "https:\/\/github.com\/Alinto\/sogo\/releases\/tag\/SOGo-5.8.0" + }, + { + "url": "https:\/\/vuldb.com\/?id.215961" } ] } diff --git a/2022/4xxx/CVE-2022-4559.json b/2022/4xxx/CVE-2022-4559.json index 9735e83759a3..bc31a403ee52 100644 --- a/2022/4xxx/CVE-2022-4559.json +++ b/2022/4xxx/CVE-2022-4559.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "INEX IPX-Manager list.foil.php cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "INEX", + "product": { + "product_data": [ + { + "product_name": "IPX-Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been declared as problematic. This vulnerability affects unknown code of the file resources\/views\/customer\/list.foil.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.3.0 is able to address this issue. The name of the patch is bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243. It is recommended to upgrade the affected component. VDB-215962 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/inex\/IXP-Manager\/commit\/bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243" + }, + { + "url": "https:\/\/github.com\/inex\/IXP-Manager\/releases\/tag\/v6.3.0" + }, + { + "url": "https:\/\/vuldb.com\/?id.215962" } ] } diff --git a/2022/4xxx/CVE-2022-4560.json b/2022/4xxx/CVE-2022-4560.json index cec2eb2d48c6..f147c992dd24 100644 --- a/2022/4xxx/CVE-2022-4560.json +++ b/2022/4xxx/CVE-2022-4560.json @@ -4,14 +4,168 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Joget wflow-core UniversalTheme.java getInternalJsCssLib cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Joget", + "version": { + "version_data": [ + { + "version_value": "7.0.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + }, + { + "version_value": "7.0.3" + }, + { + "version_value": "7.0.4" + }, + { + "version_value": "7.0.5" + }, + { + "version_value": "7.0.6" + }, + { + "version_value": "7.0.7" + }, + { + "version_value": "7.0.8" + }, + { + "version_value": "7.0.9" + }, + { + "version_value": "7.0.10" + }, + { + "version_value": "7.0.11" + }, + { + "version_value": "7.0.12" + }, + { + "version_value": "7.0.13" + }, + { + "version_value": "7.0.14" + }, + { + "version_value": "7.0.15" + }, + { + "version_value": "7.0.16" + }, + { + "version_value": "7.0.17" + }, + { + "version_value": "7.0.18" + }, + { + "version_value": "7.0.19" + }, + { + "version_value": "7.0.20" + }, + { + "version_value": "7.0.21" + }, + { + "version_value": "7.0.22" + }, + { + "version_value": "7.0.23" + }, + { + "version_value": "7.0.24" + }, + { + "version_value": "7.0.25" + }, + { + "version_value": "7.0.26" + }, + { + "version_value": "7.0.27" + }, + { + "version_value": "7.0.28" + }, + { + "version_value": "7.0.29" + }, + { + "version_value": "7.0.30" + }, + { + "version_value": "7.0.31" + }, + { + "version_value": "7.0.32" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Joget up to 7.0.32. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core\/src\/main\/java\/org\/joget\/plugin\/enterprise\/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 8.0-BETA is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/jogetworkflow\/jw-community\/commit\/ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b" + }, + { + "url": "https:\/\/github.com\/jogetworkflow\/jw-community\/releases\/tag\/8.0-BETA" + }, + { + "url": "https:\/\/vuldb.com\/?id.215963" } ] } diff --git a/2022/4xxx/CVE-2022-4561.json b/2022/4xxx/CVE-2022-4561.json index 6e7f79f3fbae..df7d0717c22a 100644 --- a/2022/4xxx/CVE-2022-4561.json +++ b/2022/4xxx/CVE-2022-4561.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SemanticDrilldown Extension GET Parameter SDBrowseDataPage.php printFilterLine cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "SemanticDrilldown Extension", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes\/specials\/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/wikimedia\/mediawiki-extensions-SemanticDrilldown\/commit\/6e18cf740a4548166c1d95f6d3a28541d298a3aa" + }, + { + "url": "https:\/\/vuldb.com\/?id.215964" } ] } From f03575cdf996bf5af59698343df10b0b04bb3e8b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 17:00:42 +0000 Subject: [PATCH 048/754] "-Synchronized-Data." --- 2022/46xxx/CVE-2022-46109.json | 56 ++++++++++++++++++++++++++++++---- 2022/4xxx/CVE-2022-4556.json | 16 +++++++--- 2022/4xxx/CVE-2022-4558.json | 18 +++++++---- 2022/4xxx/CVE-2022-4559.json | 16 +++++++--- 2022/4xxx/CVE-2022-4560.json | 16 +++++++--- 2022/4xxx/CVE-2022-4561.json | 14 ++++++--- 6 files changed, 104 insertions(+), 32 deletions(-) diff --git a/2022/46xxx/CVE-2022-46109.json b/2022/46xxx/CVE-2022-46109.json index e9ebae2d8e9b..6bd5c82cdcaa 100644 --- a/2022/46xxx/CVE-2022-46109.json +++ b/2022/46xxx/CVE-2022-46109.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46109", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/z1r00/IOT_Vul/tree/main/Tenda/AC10/formSetClientState", + "refsource": "MISC", + "name": "https://github.com/z1r00/IOT_Vul/tree/main/Tenda/AC10/formSetClientState" } ] } diff --git a/2022/4xxx/CVE-2022-4556.json b/2022/4xxx/CVE-2022-4556.json index f5f25b602f13..2ace0b53f481 100644 --- a/2022/4xxx/CVE-2022-4556.json +++ b/2022/4xxx/CVE-2022-4556.json @@ -52,7 +52,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects\/SOGo\/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960." + "value": "A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960." } ] }, @@ -60,19 +60,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/Alinto\/sogo\/commit\/efac49ae91a4a325df9931e78e543f707a0f8e5e" + "url": "https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e", + "refsource": "MISC", + "name": "https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e" }, { - "url": "https:\/\/github.com\/Alinto\/sogo\/releases\/tag\/SOGo-5.8.0" + "url": "https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0", + "refsource": "MISC", + "name": "https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0" }, { - "url": "https:\/\/vuldb.com\/?id.215960" + "url": "https://vuldb.com/?id.215960", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215960" } ] } diff --git a/2022/4xxx/CVE-2022-4558.json b/2022/4xxx/CVE-2022-4558.json index 593b5e544a78..9afaece24104 100644 --- a/2022/4xxx/CVE-2022-4558.json +++ b/2022/4xxx/CVE-2022-4558.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4558", - "TITLE": "Alinto SOGo Folder\/Mail NSString+Utilities.m cross site scripting", + "TITLE": "Alinto SOGo Folder/Mail NSString+Utilities.m cross site scripting", "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" @@ -52,7 +52,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects\/SOGo\/NSString+Utilities.m of the component Folder\/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability." + "value": "A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability." } ] }, @@ -60,19 +60,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/Alinto\/sogo\/commit\/1e0f5f00890f751e84d67be4f139dd7f00faa5f3" + "url": "https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0", + "refsource": "MISC", + "name": "https://github.com/Alinto/sogo/releases/tag/SOGo-5.8.0" }, { - "url": "https:\/\/github.com\/Alinto\/sogo\/releases\/tag\/SOGo-5.8.0" + "url": "https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3", + "refsource": "MISC", + "name": "https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3" }, { - "url": "https:\/\/vuldb.com\/?id.215961" + "url": "https://vuldb.com/?id.215961", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215961" } ] } diff --git a/2022/4xxx/CVE-2022-4559.json b/2022/4xxx/CVE-2022-4559.json index bc31a403ee52..57ddf30034ba 100644 --- a/2022/4xxx/CVE-2022-4559.json +++ b/2022/4xxx/CVE-2022-4559.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been declared as problematic. This vulnerability affects unknown code of the file resources\/views\/customer\/list.foil.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.3.0 is able to address this issue. The name of the patch is bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243. It is recommended to upgrade the affected component. VDB-215962 is the identifier assigned to this vulnerability." + "value": "A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been declared as problematic. This vulnerability affects unknown code of the file resources/views/customer/list.foil.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.3.0 is able to address this issue. The name of the patch is bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243. It is recommended to upgrade the affected component. VDB-215962 is the identifier assigned to this vulnerability." } ] }, @@ -63,19 +63,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/inex\/IXP-Manager\/commit\/bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243" + "url": "https://github.com/inex/IXP-Manager/commit/bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243", + "refsource": "MISC", + "name": "https://github.com/inex/IXP-Manager/commit/bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243" }, { - "url": "https:\/\/github.com\/inex\/IXP-Manager\/releases\/tag\/v6.3.0" + "url": "https://github.com/inex/IXP-Manager/releases/tag/v6.3.0", + "refsource": "MISC", + "name": "https://github.com/inex/IXP-Manager/releases/tag/v6.3.0" }, { - "url": "https:\/\/vuldb.com\/?id.215962" + "url": "https://vuldb.com/?id.215962", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215962" } ] } diff --git a/2022/4xxx/CVE-2022-4560.json b/2022/4xxx/CVE-2022-4560.json index f147c992dd24..3c6d7cd1b143 100644 --- a/2022/4xxx/CVE-2022-4560.json +++ b/2022/4xxx/CVE-2022-4560.json @@ -145,7 +145,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Joget up to 7.0.32. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core\/src\/main\/java\/org\/joget\/plugin\/enterprise\/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 8.0-BETA is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963." + "value": "A vulnerability was found in Joget up to 7.0.32. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 8.0-BETA is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963." } ] }, @@ -153,19 +153,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/jogetworkflow\/jw-community\/commit\/ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b" + "url": "https://github.com/jogetworkflow/jw-community/commit/ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b", + "refsource": "MISC", + "name": "https://github.com/jogetworkflow/jw-community/commit/ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b" }, { - "url": "https:\/\/github.com\/jogetworkflow\/jw-community\/releases\/tag\/8.0-BETA" + "url": "https://github.com/jogetworkflow/jw-community/releases/tag/8.0-BETA", + "refsource": "MISC", + "name": "https://github.com/jogetworkflow/jw-community/releases/tag/8.0-BETA" }, { - "url": "https:\/\/vuldb.com\/?id.215963" + "url": "https://vuldb.com/?id.215963", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215963" } ] } diff --git a/2022/4xxx/CVE-2022-4561.json b/2022/4xxx/CVE-2022-4561.json index df7d0717c22a..55e3c1a6ba13 100644 --- a/2022/4xxx/CVE-2022-4561.json +++ b/2022/4xxx/CVE-2022-4561.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes\/specials\/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964." + "value": "A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/wikimedia\/mediawiki-extensions-SemanticDrilldown\/commit\/6e18cf740a4548166c1d95f6d3a28541d298a3aa" + "url": "https://github.com/wikimedia/mediawiki-extensions-SemanticDrilldown/commit/6e18cf740a4548166c1d95f6d3a28541d298a3aa", + "refsource": "MISC", + "name": "https://github.com/wikimedia/mediawiki-extensions-SemanticDrilldown/commit/6e18cf740a4548166c1d95f6d3a28541d298a3aa" }, { - "url": "https:\/\/vuldb.com\/?id.215964" + "url": "https://vuldb.com/?id.215964", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215964" } ] } From d3427a65a3f4d3797b7b96bff038797c5f7b0a4b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 17:00:53 +0000 Subject: [PATCH 049/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4563.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4564.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4563.json create mode 100644 2022/4xxx/CVE-2022-4564.json diff --git a/2022/4xxx/CVE-2022-4563.json b/2022/4xxx/CVE-2022-4563.json new file mode 100644 index 000000000000..7be16905813c --- /dev/null +++ b/2022/4xxx/CVE-2022-4563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4564.json b/2022/4xxx/CVE-2022-4564.json new file mode 100644 index 000000000000..1bc331962aca --- /dev/null +++ b/2022/4xxx/CVE-2022-4564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2777ae1ffb58dea502b9c68432f545140ee4a975 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Fri, 16 Dec 2022 18:04:53 +0100 Subject: [PATCH 050/754] CVE-2022-4563 + CVE-2022-4564 --- 2022/4xxx/CVE-2022-4563.json | 64 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4564.json | 67 ++++++++++++++++++++++++++++++++++-- 2 files changed, 125 insertions(+), 6 deletions(-) diff --git a/2022/4xxx/CVE-2022-4563.json b/2022/4xxx/CVE-2022-4563.json index 7be16905813c..10fece6a3fcb 100644 --- a/2022/4xxx/CVE-2022-4563.json +++ b/2022/4xxx/CVE-2022-4563.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Freedom of the Press SecureDrop gpg-agent.conf symlink", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Freedom of the Press", + "product": { + "product_data": [ + { + "product_name": "SecureDrop", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59 Link Following -> CWE-61 Symlink Following" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.8", + "vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/freedomofpress\/securedrop\/pull\/6704" + }, + { + "url": "https:\/\/github.com\/freedomofpress\/securedrop\/commit\/b0526a06f8ca713cce74b63e00d3730618d89691" + }, + { + "url": "https:\/\/vuldb.com\/?id.215972" } ] } diff --git a/2022/4xxx/CVE-2022-4564.json b/2022/4xxx/CVE-2022-4564.json index 1bc331962aca..bb3679354f3f 100644 --- a/2022/4xxx/CVE-2022-4564.json +++ b/2022/4xxx/CVE-2022-4564.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "University of Central Florida Materia API Controller api.php before cross-site request forgery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "University of Central Florida", + "product": { + "product_data": [ + { + "product_name": "Materia", + "version": { + "version_data": [ + { + "version_value": "9.0.1-alpha1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel\/app\/classes\/controller\/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ucfopen\/Materia\/pull\/1371" + }, + { + "url": "https:\/\/github.com\/ucfopen\/Materia\/releases\/tag\/v9.0.2-alpha2" + }, + { + "url": "https:\/\/github.com\/ucfopen\/Materia\/commit\/af259115d2e8f17068e61902151ee8a9dbac397b" + }, + { + "url": "https:\/\/vuldb.com\/?id.215973" } ] } From c74d15d72d02eddd6d64d4e563295f19ffe47237 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 18:00:43 +0000 Subject: [PATCH 051/754] "-Synchronized-Data." --- 2022/41xxx/CVE-2022-41964.json | 81 ++++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41972.json | 81 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4563.json | 16 ++++--- 2022/4xxx/CVE-2022-4564.json | 20 ++++++--- 2022/4xxx/CVE-2022-4565.json | 18 ++++++++ 2022/4xxx/CVE-2022-4566.json | 18 ++++++++ 6 files changed, 215 insertions(+), 19 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4565.json create mode 100644 2022/4xxx/CVE-2022-4566.json diff --git a/2022/41xxx/CVE-2022-41964.json b/2022/41xxx/CVE-2022-41964.json index 0ec8abc63bfe..4927f8db80d5 100644 --- a/2022/41xxx/CVE-2022-41964.json +++ b/2022/41xxx/CVE-2022-41964.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": ">= 2.4-alpha-1, < 2.4.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0" + } + ] + }, + "source": { + "advisory": "GHSA-fgmj-rx7j-fqr4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/41xxx/CVE-2022-41972.json b/2022/41xxx/CVE-2022-41972.json index 5466960e5e05..457bcf5bb8b7 100644 --- a/2022/41xxx/CVE-2022-41972.json +++ b/2022/41xxx/CVE-2022-41972.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its metadata structure. In this structure, state information regarding credits is managed through calls to the function input_l2cap_credit in the module os/net/mac/ble/ble-l2cap.c. Unfortunately, the input_l2cap_credit function does not check that the metadata corresponding to the user-supplied channel ID actually exists, which can lead to the channel variable being set to NULL before a pointer dereferencing operation is performed. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. Users can apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "contiki-ng", + "product": { + "product_data": [ + { + "product_name": "contiki-ng", + "version": { + "version_data": [ + { + "version_value": "<= 4.8", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm", + "refsource": "MISC", + "name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-24xp-g5gf-6vvm" + }, + { + "url": "https://github.com/contiki-ng/contiki-ng/pull/2253", + "refsource": "MISC", + "name": "https://github.com/contiki-ng/contiki-ng/pull/2253" + } + ] + }, + "source": { + "advisory": "GHSA-24xp-g5gf-6vvm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 2.9, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4563.json b/2022/4xxx/CVE-2022-4563.json index 10fece6a3fcb..a588e76d1f89 100644 --- a/2022/4xxx/CVE-2022-4563.json +++ b/2022/4xxx/CVE-2022-4563.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "7.8", - "vectorString": "CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H" + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/freedomofpress\/securedrop\/pull\/6704" + "url": "https://github.com/freedomofpress/securedrop/pull/6704", + "refsource": "MISC", + "name": "https://github.com/freedomofpress/securedrop/pull/6704" }, { - "url": "https:\/\/github.com\/freedomofpress\/securedrop\/commit\/b0526a06f8ca713cce74b63e00d3730618d89691" + "url": "https://github.com/freedomofpress/securedrop/commit/b0526a06f8ca713cce74b63e00d3730618d89691", + "refsource": "MISC", + "name": "https://github.com/freedomofpress/securedrop/commit/b0526a06f8ca713cce74b63e00d3730618d89691" }, { - "url": "https:\/\/vuldb.com\/?id.215972" + "url": "https://vuldb.com/?id.215972", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215972" } ] } diff --git a/2022/4xxx/CVE-2022-4564.json b/2022/4xxx/CVE-2022-4564.json index bb3679354f3f..96104a2f7d14 100644 --- a/2022/4xxx/CVE-2022-4564.json +++ b/2022/4xxx/CVE-2022-4564.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel\/app\/classes\/controller\/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability." + "value": "A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability." } ] }, @@ -57,22 +57,30 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ucfopen\/Materia\/pull\/1371" + "url": "https://github.com/ucfopen/Materia/pull/1371", + "refsource": "MISC", + "name": "https://github.com/ucfopen/Materia/pull/1371" }, { - "url": "https:\/\/github.com\/ucfopen\/Materia\/releases\/tag\/v9.0.2-alpha2" + "url": "https://github.com/ucfopen/Materia/releases/tag/v9.0.2-alpha2", + "refsource": "MISC", + "name": "https://github.com/ucfopen/Materia/releases/tag/v9.0.2-alpha2" }, { - "url": "https:\/\/github.com\/ucfopen\/Materia\/commit\/af259115d2e8f17068e61902151ee8a9dbac397b" + "url": "https://github.com/ucfopen/Materia/commit/af259115d2e8f17068e61902151ee8a9dbac397b", + "refsource": "MISC", + "name": "https://github.com/ucfopen/Materia/commit/af259115d2e8f17068e61902151ee8a9dbac397b" }, { - "url": "https:\/\/vuldb.com\/?id.215973" + "url": "https://vuldb.com/?id.215973", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215973" } ] } diff --git a/2022/4xxx/CVE-2022-4565.json b/2022/4xxx/CVE-2022-4565.json new file mode 100644 index 000000000000..c9bca831bbdc --- /dev/null +++ b/2022/4xxx/CVE-2022-4565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4566.json b/2022/4xxx/CVE-2022-4566.json new file mode 100644 index 000000000000..cd2b4a1b13b4 --- /dev/null +++ b/2022/4xxx/CVE-2022-4566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From b43e271fac3cf7619d76435d088e93a2f6782807 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Fri, 16 Dec 2022 19:16:15 +0100 Subject: [PATCH 052/754] CVE-2022-4565 + CVE-2022-4566 --- 2022/4xxx/CVE-2022-4565.json | 91 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4566.json | 67 ++++++++++++++++++++++++-- 2 files changed, 152 insertions(+), 6 deletions(-) diff --git a/2022/4xxx/CVE-2022-4565.json b/2022/4xxx/CVE-2022-4565.json index c9bca831bbdc..3337f0691372 100644 --- a/2022/4xxx/CVE-2022-4565.json +++ b/2022/4xxx/CVE-2022-4565.json @@ -4,14 +4,99 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4565", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dromara", + "product": { + "product_data": [ + { + "product_name": "HuTool", + "version": { + "version_data": [ + { + "version_value": "5.8.0" + }, + { + "version_value": "5.8.1" + }, + { + "version_value": "5.8.2" + }, + { + "version_value": "5.8.3" + }, + { + "version_value": "5.8.4" + }, + { + "version_value": "5.8.5" + }, + { + "version_value": "5.8.6" + }, + { + "version_value": "5.8.7" + }, + { + "version_value": "5.8.8" + }, + { + "version_value": "5.8.9" + }, + { + "version_value": "5.8.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-400 Resource Consumption" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/dromara\/hutool\/issues\/2797" + }, + { + "url": "https:\/\/vuldb.com\/?id.215974" } ] } diff --git a/2022/4xxx/CVE-2022-4566.json b/2022/4xxx/CVE-2022-4566.json index cd2b4a1b13b4..b7ac58da89e4 100644 --- a/2022/4xxx/CVE-2022-4566.json +++ b/2022/4xxx/CVE-2022-4566.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "y_project RuoYi GenController sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "y_project", + "product": { + "product_data": [ + { + "product_name": "RuoYi", + "version": { + "version_data": [ + { + "version_value": "4.7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com\/ruoyi\/generator\/controller\/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/luelueking\/ruoyi-4.7.5-vuln-poc" + }, + { + "url": "https:\/\/gitee.com\/y_project\/RuoYi\/issues\/I65V2B" + }, + { + "url": "https:\/\/gitee.com\/y_project\/RuoYi\/commit\/167970e5c4da7bb46217f576dc50622b83f32b40" + }, + { + "url": "https:\/\/vuldb.com\/?id.215975" } ] } From fe9b0d1f6c90c1d1b40cbd0f631a980de9cc3ffe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 19:00:41 +0000 Subject: [PATCH 053/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4565.json | 10 +++++++--- 2022/4xxx/CVE-2022-4566.json | 20 ++++++++++++++------ 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/2022/4xxx/CVE-2022-4565.json b/2022/4xxx/CVE-2022-4565.json index 3337f0691372..f500e6844789 100644 --- a/2022/4xxx/CVE-2022-4565.json +++ b/2022/4xxx/CVE-2022-4565.json @@ -87,16 +87,20 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/dromara\/hutool\/issues\/2797" + "url": "https://github.com/dromara/hutool/issues/2797", + "refsource": "MISC", + "name": "https://github.com/dromara/hutool/issues/2797" }, { - "url": "https:\/\/vuldb.com\/?id.215974" + "url": "https://vuldb.com/?id.215974", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215974" } ] } diff --git a/2022/4xxx/CVE-2022-4566.json b/2022/4xxx/CVE-2022-4566.json index b7ac58da89e4..21781a3e3518 100644 --- a/2022/4xxx/CVE-2022-4566.json +++ b/2022/4xxx/CVE-2022-4566.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com\/ruoyi\/generator\/controller\/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975." + "value": "A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975." } ] }, @@ -57,22 +57,30 @@ "cvss": { "version": "3.1", "baseScore": "5.5", - "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/luelueking\/ruoyi-4.7.5-vuln-poc" + "url": "https://github.com/luelueking/ruoyi-4.7.5-vuln-poc", + "refsource": "MISC", + "name": "https://github.com/luelueking/ruoyi-4.7.5-vuln-poc" }, { - "url": "https:\/\/gitee.com\/y_project\/RuoYi\/issues\/I65V2B" + "url": "https://gitee.com/y_project/RuoYi/issues/I65V2B", + "refsource": "MISC", + "name": "https://gitee.com/y_project/RuoYi/issues/I65V2B" }, { - "url": "https:\/\/gitee.com\/y_project\/RuoYi\/commit\/167970e5c4da7bb46217f576dc50622b83f32b40" + "url": "https://gitee.com/y_project/RuoYi/commit/167970e5c4da7bb46217f576dc50622b83f32b40", + "refsource": "MISC", + "name": "https://gitee.com/y_project/RuoYi/commit/167970e5c4da7bb46217f576dc50622b83f32b40" }, { - "url": "https:\/\/vuldb.com\/?id.215975" + "url": "https://vuldb.com/?id.215975", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215975" } ] } From 8847458fcc76148c8bcd84e9a67b1884873e8adc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 20:00:40 +0000 Subject: [PATCH 054/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47208.json | 50 ++++++++++++++++++++++++++++++++-- 2022/47xxx/CVE-2022-47209.json | 50 ++++++++++++++++++++++++++++++++-- 2022/47xxx/CVE-2022-47210.json | 50 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4567.json | 18 ++++++++++++ 2022/4xxx/CVE-2022-4568.json | 18 ++++++++++++ 2022/4xxx/CVE-2022-4569.json | 18 ++++++++++++ 6 files changed, 195 insertions(+), 9 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4567.json create mode 100644 2022/4xxx/CVE-2022-4568.json create mode 100644 2022/4xxx/CVE-2022-4569.json diff --git a/2022/47xxx/CVE-2022-47208.json b/2022/47xxx/CVE-2022-47208.json index bd2266c8cca2..60dd9b8282a8 100644 --- a/2022/47xxx/CVE-2022-47208.json +++ b/2022/47xxx/CVE-2022-47208.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NETGEAR Nighthawk WiFi6 Router", + "version": { + "version_data": [ + { + "version_value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2022-37", + "url": "https://www.tenable.com/security/research/tra-2022-37" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \u201cpuhttpsniff\u201d service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication." } ] } diff --git a/2022/47xxx/CVE-2022-47209.json b/2022/47xxx/CVE-2022-47209.json index a19275f19015..6f686e8b304f 100644 --- a/2022/47xxx/CVE-2022-47209.json +++ b/2022/47xxx/CVE-2022-47209.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NETGEAR Nighthawk WiFi6 Router", + "version": { + "version_data": [ + { + "version_value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hardcoded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2022-37", + "url": "https://www.tenable.com/security/research/tra-2022-37" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is \u201csupport\u201d and cannot be changed by a user via any normally accessible means." } ] } diff --git a/2022/47xxx/CVE-2022-47210.json b/2022/47xxx/CVE-2022-47210.json index 3ef23df7c2ff..9d8dabd9f2d5 100644 --- a/2022/47xxx/CVE-2022-47210.json +++ b/2022/47xxx/CVE-2022-47210.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NETGEAR Nighthawk WiFi6 Router", + "version": { + "version_data": [ + { + "version_value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2022-37", + "url": "https://www.tenable.com/security/research/tra-2022-37" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device." } ] } diff --git a/2022/4xxx/CVE-2022-4567.json b/2022/4xxx/CVE-2022-4567.json new file mode 100644 index 000000000000..b2f7cc6e0b98 --- /dev/null +++ b/2022/4xxx/CVE-2022-4567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4568.json b/2022/4xxx/CVE-2022-4568.json new file mode 100644 index 000000000000..36e802f43df6 --- /dev/null +++ b/2022/4xxx/CVE-2022-4568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4569.json b/2022/4xxx/CVE-2022-4569.json new file mode 100644 index 000000000000..4f5bd0f023e8 --- /dev/null +++ b/2022/4xxx/CVE-2022-4569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 4f1df194f475e367a8540802f08f15c9241599ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 20:00:51 +0000 Subject: [PATCH 055/754] "-Synchronized-Data." --- 2021/46xxx/CVE-2021-46857.json | 18 ++++++ 2021/46xxx/CVE-2021-46858.json | 18 ++++++ 2021/46xxx/CVE-2021-46859.json | 18 ++++++ 2021/46xxx/CVE-2021-46860.json | 18 ++++++ 2021/46xxx/CVE-2021-46861.json | 18 ++++++ 2021/46xxx/CVE-2021-46862.json | 18 ++++++ 2021/46xxx/CVE-2021-46863.json | 18 ++++++ 2021/46xxx/CVE-2021-46864.json | 18 ++++++ 2021/46xxx/CVE-2021-46865.json | 18 ++++++ 2021/46xxx/CVE-2021-46866.json | 18 ++++++ 2022/2xxx/CVE-2022-2966.json | 79 ++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3166.json | 106 +++++++++++++++++++++++++++++++-- 12 files changed, 357 insertions(+), 8 deletions(-) create mode 100644 2021/46xxx/CVE-2021-46857.json create mode 100644 2021/46xxx/CVE-2021-46858.json create mode 100644 2021/46xxx/CVE-2021-46859.json create mode 100644 2021/46xxx/CVE-2021-46860.json create mode 100644 2021/46xxx/CVE-2021-46861.json create mode 100644 2021/46xxx/CVE-2021-46862.json create mode 100644 2021/46xxx/CVE-2021-46863.json create mode 100644 2021/46xxx/CVE-2021-46864.json create mode 100644 2021/46xxx/CVE-2021-46865.json create mode 100644 2021/46xxx/CVE-2021-46866.json diff --git a/2021/46xxx/CVE-2021-46857.json b/2021/46xxx/CVE-2021-46857.json new file mode 100644 index 000000000000..e43437bb40e0 --- /dev/null +++ b/2021/46xxx/CVE-2021-46857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46858.json b/2021/46xxx/CVE-2021-46858.json new file mode 100644 index 000000000000..c706df22176b --- /dev/null +++ b/2021/46xxx/CVE-2021-46858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46859.json b/2021/46xxx/CVE-2021-46859.json new file mode 100644 index 000000000000..0ff8ca57f5e2 --- /dev/null +++ b/2021/46xxx/CVE-2021-46859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46860.json b/2021/46xxx/CVE-2021-46860.json new file mode 100644 index 000000000000..e90f62084d52 --- /dev/null +++ b/2021/46xxx/CVE-2021-46860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46861.json b/2021/46xxx/CVE-2021-46861.json new file mode 100644 index 000000000000..26d7ee19dae2 --- /dev/null +++ b/2021/46xxx/CVE-2021-46861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46862.json b/2021/46xxx/CVE-2021-46862.json new file mode 100644 index 000000000000..d0986a564c3e --- /dev/null +++ b/2021/46xxx/CVE-2021-46862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46863.json b/2021/46xxx/CVE-2021-46863.json new file mode 100644 index 000000000000..793d882b2432 --- /dev/null +++ b/2021/46xxx/CVE-2021-46863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46864.json b/2021/46xxx/CVE-2021-46864.json new file mode 100644 index 000000000000..c80d7e607ce4 --- /dev/null +++ b/2021/46xxx/CVE-2021-46864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46865.json b/2021/46xxx/CVE-2021-46865.json new file mode 100644 index 000000000000..018da5c34869 --- /dev/null +++ b/2021/46xxx/CVE-2021-46865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46866.json b/2021/46xxx/CVE-2021-46866.json new file mode 100644 index 000000000000..f075ced3a6c1 --- /dev/null +++ b/2021/46xxx/CVE-2021-46866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2966.json b/2022/2xxx/CVE-2022-2966.json index 9aaba9ee1051..0dbb4e358ddc 100644 --- a/2022/2xxx/CVE-2022-2966.json +++ b/2022/2xxx/CVE-2022-2966.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "DOPSoft", + "version": { + "version_data": [ + { + "version_value": "All Versions", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-244-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-244-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-22-244-01", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3166.json b/2022/3xxx/CVE-2022-3166.json index f3fe33524f6c..06f8b795f436 100644 --- a/2022/3xxx/CVE-2022-3166.json +++ b/2022/3xxx/CVE-2022-3166.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", + "cweId": "CWE-924" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "MicroLogix 1100", + "version": { + "version_data": [ + { + "version_value": "All", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "MicroLogix 1400-B/C", + "version": { + "version_data": [ + { + "version_value": "21.007 and below", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "MicroLogix 1400-A", + "version": { + "version_data": [ + { + "version_value": "7.000 and below", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137678", + "refsource": "MISC", + "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137678" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Parul Jajal & Dr Faruk Kazi from Veermata Jijabai Technological Institute" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } From 5a473cc08fe5c02cc54ac1224dae1709e3ec1323 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 21:00:40 +0000 Subject: [PATCH 056/754] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3157.json | 122 +++++++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46670.json | 106 ++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4570.json | 18 +++++ 3 files changed, 238 insertions(+), 8 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4570.json diff --git a/2022/3xxx/CVE-2022-3157.json b/2022/3xxx/CVE-2022-3157.json index eade7b95330a..6670b4233fe7 100644 --- a/2022/3xxx/CVE-2022-3157.json +++ b/2022/3xxx/CVE-2022-3157.json @@ -1,17 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "CompactLogix 5370", + "version": { + "version_data": [ + { + "version_value": "20", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "Compact GuardLogix", + "version": { + "version_data": [ + { + "version_value": "28", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "ControlLogix 5570", + "version": { + "version_data": [ + { + "version_value": "20", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "ControlLogix 5570 Redundancy", + "version": { + "version_data": [ + { + "version_value": "20", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "GuardLogix 5570", + "version": { + "version_data": [ + { + "version_value": "20", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757", + "refsource": "MISC", + "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46670.json b/2022/46xxx/CVE-2022-46670.json index c6506093e241..f4d846f2d845 100644 --- a/2022/46xxx/CVE-2022-46670.json +++ b/2022/46xxx/CVE-2022-46670.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "MicroLogix 1100 & 1400 Controllers", + "version": { + "version_data": [ + { + "version_value": "All", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "MicroLogix 1400-B/C", + "version": { + "version_data": [ + { + "version_value": "21.007 and below", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "MicroLogix 1400-A", + "version": { + "version_data": [ + { + "version_value": "7.000 and below", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679", + "refsource": "MISC", + "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137679" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ryan Pickren, a security researcher from Georgia Institute of Technology" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4570.json b/2022/4xxx/CVE-2022-4570.json new file mode 100644 index 000000000000..11eb1f3cc6e8 --- /dev/null +++ b/2022/4xxx/CVE-2022-4570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 69931487e2e72fa95645468392de2d8f19bd9a70 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 22:00:38 +0000 Subject: [PATCH 057/754] "-Synchronized-Data." --- 2019/25xxx/CVE-2019-25079.json | 18 +++++++ 2019/25xxx/CVE-2019-25080.json | 18 +++++++ 2019/25xxx/CVE-2019-25081.json | 18 +++++++ 2019/25xxx/CVE-2019-25082.json | 18 +++++++ 2019/25xxx/CVE-2019-25083.json | 18 +++++++ 2020/36xxx/CVE-2020-36612.json | 18 +++++++ 2020/36xxx/CVE-2020-36613.json | 18 +++++++ 2020/36xxx/CVE-2020-36614.json | 18 +++++++ 2020/36xxx/CVE-2020-36615.json | 18 +++++++ 2020/36xxx/CVE-2020-36616.json | 18 +++++++ 2021/31xxx/CVE-2021-31650.json | 56 ++++++++++++++++++--- 2021/38xxx/CVE-2021-38241.json | 56 ++++++++++++++++++--- 2022/23xxx/CVE-2022-23490.json | 90 ++++++++++++++++++++++++++++++++-- 2022/26xxx/CVE-2022-26579.json | 56 ++++++++++++++++++--- 2022/26xxx/CVE-2022-26580.json | 56 ++++++++++++++++++--- 2022/26xxx/CVE-2022-26581.json | 56 ++++++++++++++++++--- 2022/26xxx/CVE-2022-26582.json | 56 ++++++++++++++++++--- 2022/37xxx/CVE-2022-37832.json | 56 ++++++++++++++++++--- 2022/4xxx/CVE-2022-4571.json | 18 +++++++ 2022/4xxx/CVE-2022-4572.json | 18 +++++++ 2022/4xxx/CVE-2022-4573.json | 18 +++++++ 2022/4xxx/CVE-2022-4574.json | 18 +++++++ 2022/4xxx/CVE-2022-4575.json | 18 +++++++ 2022/4xxx/CVE-2022-4576.json | 18 +++++++ 2022/4xxx/CVE-2022-4577.json | 18 +++++++ 25 files changed, 742 insertions(+), 46 deletions(-) create mode 100644 2019/25xxx/CVE-2019-25079.json create mode 100644 2019/25xxx/CVE-2019-25080.json create mode 100644 2019/25xxx/CVE-2019-25081.json create mode 100644 2019/25xxx/CVE-2019-25082.json create mode 100644 2019/25xxx/CVE-2019-25083.json create mode 100644 2020/36xxx/CVE-2020-36612.json create mode 100644 2020/36xxx/CVE-2020-36613.json create mode 100644 2020/36xxx/CVE-2020-36614.json create mode 100644 2020/36xxx/CVE-2020-36615.json create mode 100644 2020/36xxx/CVE-2020-36616.json create mode 100644 2022/4xxx/CVE-2022-4571.json create mode 100644 2022/4xxx/CVE-2022-4572.json create mode 100644 2022/4xxx/CVE-2022-4573.json create mode 100644 2022/4xxx/CVE-2022-4574.json create mode 100644 2022/4xxx/CVE-2022-4575.json create mode 100644 2022/4xxx/CVE-2022-4576.json create mode 100644 2022/4xxx/CVE-2022-4577.json diff --git a/2019/25xxx/CVE-2019-25079.json b/2019/25xxx/CVE-2019-25079.json new file mode 100644 index 000000000000..d8881ebacee9 --- /dev/null +++ b/2019/25xxx/CVE-2019-25079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25080.json b/2019/25xxx/CVE-2019-25080.json new file mode 100644 index 000000000000..25c523ab4437 --- /dev/null +++ b/2019/25xxx/CVE-2019-25080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25081.json b/2019/25xxx/CVE-2019-25081.json new file mode 100644 index 000000000000..37262e3e3a2b --- /dev/null +++ b/2019/25xxx/CVE-2019-25081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25082.json b/2019/25xxx/CVE-2019-25082.json new file mode 100644 index 000000000000..41ccde75778f --- /dev/null +++ b/2019/25xxx/CVE-2019-25082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25083.json b/2019/25xxx/CVE-2019-25083.json new file mode 100644 index 000000000000..052b9e83ab98 --- /dev/null +++ b/2019/25xxx/CVE-2019-25083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36612.json b/2020/36xxx/CVE-2020-36612.json new file mode 100644 index 000000000000..ee0d697b50f4 --- /dev/null +++ b/2020/36xxx/CVE-2020-36612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36613.json b/2020/36xxx/CVE-2020-36613.json new file mode 100644 index 000000000000..ff7fe727b2d8 --- /dev/null +++ b/2020/36xxx/CVE-2020-36613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36614.json b/2020/36xxx/CVE-2020-36614.json new file mode 100644 index 000000000000..a97987aab2b6 --- /dev/null +++ b/2020/36xxx/CVE-2020-36614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36615.json b/2020/36xxx/CVE-2020-36615.json new file mode 100644 index 000000000000..825fb3f333d1 --- /dev/null +++ b/2020/36xxx/CVE-2020-36615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36616.json b/2020/36xxx/CVE-2020-36616.json new file mode 100644 index 000000000000..1fb1fe4275ae --- /dev/null +++ b/2020/36xxx/CVE-2020-36616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31650.json b/2021/31xxx/CVE-2021-31650.json index 532b98b921ba..72b769836ab7 100644 --- a/2021/31xxx/CVE-2021-31650.json +++ b/2021/31xxx/CVE-2021-31650.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49493", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49493" } ] } diff --git a/2021/38xxx/CVE-2021-38241.json b/2021/38xxx/CVE-2021-38241.json index b46c58265e8c..95f7e95d6d09 100644 --- a/2021/38xxx/CVE-2021-38241.json +++ b/2021/38xxx/CVE-2021-38241.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38241", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38241", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.du1ge.com/archives/CVE-2021-38241", + "url": "https://www.du1ge.com/archives/CVE-2021-38241" } ] } diff --git a/2022/23xxx/CVE-2022-23490.json b/2022/23xxx/CVE-2022-23490.json index 6d15430ac341..adcb113b2f01 100644 --- a/2022/23xxx/CVE-2022-23490.json +++ b/2022/23xxx/CVE-2022-23490.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "< 2.4.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg" + } + ] + }, + "source": { + "advisory": "GHSA-4qgc-xhw5-6qfg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/26xxx/CVE-2022-26579.json b/2022/26xxx/CVE-2022-26579.json index aa7c34d16c5b..d8dc19fbad17 100644 --- a/2022/26xxx/CVE-2022-26579.json +++ b/2022/26xxx/CVE-2022-26579.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26579", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26579", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to install an unsigned application by copying the APK to /data/app, setting the appropriate permissions and rebooting the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c", + "url": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c" } ] } diff --git a/2022/26xxx/CVE-2022-26580.json b/2022/26xxx/CVE-2022-26580.json index c0d44a0927d2..a7f4a7cdd3a1 100644 --- a/2022/26xxx/CVE-2022-26580.json +++ b/2022/26xxx/CVE-2022-26580.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26580", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26580", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was discovered to be vulnerable to command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c", + "url": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c" } ] } diff --git a/2022/26xxx/CVE-2022-26581.json b/2022/26xxx/CVE-2022-26581.json index a6b62d52853b..512060256a69 100644 --- a/2022/26xxx/CVE-2022-26581.json +++ b/2022/26xxx/CVE-2022-26581.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26581", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26581", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows the execution of the systool utility in production mode, allowing unauthenticated attackers to perform privileged actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c", + "url": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c" } ] } diff --git a/2022/26xxx/CVE-2022-26582.json b/2022/26xxx/CVE-2022-26582.json index c86e44b4e0fe..c6169f79742a 100644 --- a/2022/26xxx/CVE-2022-26582.json +++ b/2022/26xxx/CVE-2022-26582.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26582", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26582", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c", + "url": "https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c" } ] } diff --git a/2022/37xxx/CVE-2022-37832.json b/2022/37xxx/CVE-2022-37832.json index 1c4a952c733e..e6f63f1074ea 100644 --- a/2022/37xxx/CVE-2022-37832.json +++ b/2022/37xxx/CVE-2022-37832.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-37832", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-37832", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mutiny 7.2.0-10788 suffers from Hardcoded root password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.jumpsec.com/advisory-cve-2022-37832-mutiny-network-monitoring-appliance-hardcoded-credentials/", + "url": "https://labs.jumpsec.com/advisory-cve-2022-37832-mutiny-network-monitoring-appliance-hardcoded-credentials/" } ] } diff --git a/2022/4xxx/CVE-2022-4571.json b/2022/4xxx/CVE-2022-4571.json new file mode 100644 index 000000000000..92c1118ede76 --- /dev/null +++ b/2022/4xxx/CVE-2022-4571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4572.json b/2022/4xxx/CVE-2022-4572.json new file mode 100644 index 000000000000..5aa64b64ce81 --- /dev/null +++ b/2022/4xxx/CVE-2022-4572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4573.json b/2022/4xxx/CVE-2022-4573.json new file mode 100644 index 000000000000..a5e3594094d8 --- /dev/null +++ b/2022/4xxx/CVE-2022-4573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4574.json b/2022/4xxx/CVE-2022-4574.json new file mode 100644 index 000000000000..6638d45f02ae --- /dev/null +++ b/2022/4xxx/CVE-2022-4574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4575.json b/2022/4xxx/CVE-2022-4575.json new file mode 100644 index 000000000000..de08f25caa3b --- /dev/null +++ b/2022/4xxx/CVE-2022-4575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4576.json b/2022/4xxx/CVE-2022-4576.json new file mode 100644 index 000000000000..42e9c26148a1 --- /dev/null +++ b/2022/4xxx/CVE-2022-4576.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4576", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4577.json b/2022/4xxx/CVE-2022-4577.json new file mode 100644 index 000000000000..0687b1da6d57 --- /dev/null +++ b/2022/4xxx/CVE-2022-4577.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4577", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From bfa12d95dd90564567c85dd2228b90c435479abc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Dec 2022 23:00:39 +0000 Subject: [PATCH 058/754] "-Synchronized-Data." --- 2022/20xxx/CVE-2022-20463.json | 50 ++---------------- 2022/23xxx/CVE-2022-23530.json | 86 +++++++++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38756.json | 92 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4578.json | 18 +++++++ 2023/21xxx/CVE-2023-21774.json | 18 +++++++ 2023/21xxx/CVE-2023-21775.json | 18 +++++++ 2023/21xxx/CVE-2023-21776.json | 18 +++++++ 2023/21xxx/CVE-2023-21777.json | 18 +++++++ 2023/21xxx/CVE-2023-21778.json | 18 +++++++ 2023/21xxx/CVE-2023-21779.json | 18 +++++++ 2023/21xxx/CVE-2023-21780.json | 18 +++++++ 2023/21xxx/CVE-2023-21781.json | 18 +++++++ 2023/21xxx/CVE-2023-21782.json | 18 +++++++ 2023/21xxx/CVE-2023-21783.json | 18 +++++++ 2023/21xxx/CVE-2023-21784.json | 18 +++++++ 2023/21xxx/CVE-2023-21785.json | 18 +++++++ 2023/21xxx/CVE-2023-21786.json | 18 +++++++ 2023/21xxx/CVE-2023-21787.json | 18 +++++++ 2023/21xxx/CVE-2023-21788.json | 18 +++++++ 2023/21xxx/CVE-2023-21789.json | 18 +++++++ 2023/21xxx/CVE-2023-21790.json | 18 +++++++ 2023/21xxx/CVE-2023-21791.json | 18 +++++++ 2023/21xxx/CVE-2023-21792.json | 18 +++++++ 2023/21xxx/CVE-2023-21793.json | 18 +++++++ 2023/21xxx/CVE-2023-21794.json | 18 +++++++ 2023/21xxx/CVE-2023-21795.json | 18 +++++++ 2023/21xxx/CVE-2023-21796.json | 18 +++++++ 2023/21xxx/CVE-2023-21797.json | 18 +++++++ 2023/21xxx/CVE-2023-21798.json | 18 +++++++ 2023/21xxx/CVE-2023-21799.json | 18 +++++++ 2023/21xxx/CVE-2023-21800.json | 18 +++++++ 2023/21xxx/CVE-2023-21801.json | 18 +++++++ 2023/21xxx/CVE-2023-21802.json | 18 +++++++ 2023/21xxx/CVE-2023-21803.json | 18 +++++++ 2023/21xxx/CVE-2023-21804.json | 18 +++++++ 2023/21xxx/CVE-2023-21805.json | 18 +++++++ 2023/21xxx/CVE-2023-21806.json | 18 +++++++ 2023/21xxx/CVE-2023-21807.json | 18 +++++++ 2023/21xxx/CVE-2023-21808.json | 18 +++++++ 2023/21xxx/CVE-2023-21809.json | 18 +++++++ 2023/21xxx/CVE-2023-21810.json | 18 +++++++ 2023/21xxx/CVE-2023-21811.json | 18 +++++++ 2023/21xxx/CVE-2023-21812.json | 18 +++++++ 2023/21xxx/CVE-2023-21813.json | 18 +++++++ 2023/21xxx/CVE-2023-21814.json | 18 +++++++ 2023/21xxx/CVE-2023-21815.json | 18 +++++++ 2023/21xxx/CVE-2023-21816.json | 18 +++++++ 2023/21xxx/CVE-2023-21817.json | 18 +++++++ 2023/21xxx/CVE-2023-21818.json | 18 +++++++ 2023/21xxx/CVE-2023-21819.json | 18 +++++++ 2023/21xxx/CVE-2023-21820.json | 18 +++++++ 2023/21xxx/CVE-2023-21821.json | 18 +++++++ 2023/21xxx/CVE-2023-21822.json | 18 +++++++ 2023/21xxx/CVE-2023-21823.json | 18 +++++++ 54 files changed, 1089 insertions(+), 57 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4578.json create mode 100644 2023/21xxx/CVE-2023-21774.json create mode 100644 2023/21xxx/CVE-2023-21775.json create mode 100644 2023/21xxx/CVE-2023-21776.json create mode 100644 2023/21xxx/CVE-2023-21777.json create mode 100644 2023/21xxx/CVE-2023-21778.json create mode 100644 2023/21xxx/CVE-2023-21779.json create mode 100644 2023/21xxx/CVE-2023-21780.json create mode 100644 2023/21xxx/CVE-2023-21781.json create mode 100644 2023/21xxx/CVE-2023-21782.json create mode 100644 2023/21xxx/CVE-2023-21783.json create mode 100644 2023/21xxx/CVE-2023-21784.json create mode 100644 2023/21xxx/CVE-2023-21785.json create mode 100644 2023/21xxx/CVE-2023-21786.json create mode 100644 2023/21xxx/CVE-2023-21787.json create mode 100644 2023/21xxx/CVE-2023-21788.json create mode 100644 2023/21xxx/CVE-2023-21789.json create mode 100644 2023/21xxx/CVE-2023-21790.json create mode 100644 2023/21xxx/CVE-2023-21791.json create mode 100644 2023/21xxx/CVE-2023-21792.json create mode 100644 2023/21xxx/CVE-2023-21793.json create mode 100644 2023/21xxx/CVE-2023-21794.json create mode 100644 2023/21xxx/CVE-2023-21795.json create mode 100644 2023/21xxx/CVE-2023-21796.json create mode 100644 2023/21xxx/CVE-2023-21797.json create mode 100644 2023/21xxx/CVE-2023-21798.json create mode 100644 2023/21xxx/CVE-2023-21799.json create mode 100644 2023/21xxx/CVE-2023-21800.json create mode 100644 2023/21xxx/CVE-2023-21801.json create mode 100644 2023/21xxx/CVE-2023-21802.json create mode 100644 2023/21xxx/CVE-2023-21803.json create mode 100644 2023/21xxx/CVE-2023-21804.json create mode 100644 2023/21xxx/CVE-2023-21805.json create mode 100644 2023/21xxx/CVE-2023-21806.json create mode 100644 2023/21xxx/CVE-2023-21807.json create mode 100644 2023/21xxx/CVE-2023-21808.json create mode 100644 2023/21xxx/CVE-2023-21809.json create mode 100644 2023/21xxx/CVE-2023-21810.json create mode 100644 2023/21xxx/CVE-2023-21811.json create mode 100644 2023/21xxx/CVE-2023-21812.json create mode 100644 2023/21xxx/CVE-2023-21813.json create mode 100644 2023/21xxx/CVE-2023-21814.json create mode 100644 2023/21xxx/CVE-2023-21815.json create mode 100644 2023/21xxx/CVE-2023-21816.json create mode 100644 2023/21xxx/CVE-2023-21817.json create mode 100644 2023/21xxx/CVE-2023-21818.json create mode 100644 2023/21xxx/CVE-2023-21819.json create mode 100644 2023/21xxx/CVE-2023-21820.json create mode 100644 2023/21xxx/CVE-2023-21821.json create mode 100644 2023/21xxx/CVE-2023-21822.json create mode 100644 2023/21xxx/CVE-2023-21823.json diff --git a/2022/20xxx/CVE-2022-20463.json b/2022/20xxx/CVE-2022-20463.json index b309baad48bc..049e0b892e88 100644 --- a/2022/20xxx/CVE-2022-20463.json +++ b/2022/20xxx/CVE-2022-20463.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20463", - "ASSIGNER": "security@android.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Android", - "version": { - "version_data": [ - { - "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of privilege" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2022-11-01", - "url": "https://source.android.com/security/bulletin/2022-11-01" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/23xxx/CVE-2022-23530.json b/2022/23xxx/CVE-2022-23530.json index 6af7ff780497..9f297bd5326b 100644 --- a/2022/23xxx/CVE-2022-23530.json +++ b/2022/23xxx/CVE-2022-23530.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DataDog", + "product": { + "product_data": [ + { + "product_name": "guarddog", + "version": { + "version_data": [ + { + "version_value": "< 0.1.8", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DataDog/guarddog/security/advisories/GHSA-78m5-jpmf-ch7v", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/security/advisories/GHSA-78m5-jpmf-ch7v" + }, + { + "url": "https://github.com/DataDog/guarddog/commit/37c7d0767ba28f4df46117d478f97652594c491c", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/commit/37c7d0767ba28f4df46117d478f97652594c491c" + }, + { + "url": "https://github.com/DataDog/guarddog/blob/a1d064ceb09d39bb28deb6972bc0a278756ea91f/guarddog/scanners/package_scanner.py#L153..158", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/blob/a1d064ceb09d39bb28deb6972bc0a278756ea91f/guarddog/scanners/package_scanner.py#L153..158" + } + ] + }, + "source": { + "advisory": "GHSA-78m5-jpmf-ch7v", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/38xxx/CVE-2022-38756.json b/2022/38xxx/CVE-2022-38756.json index 2bcaa3ecae2c..5f76495a3f3d 100644 --- a/2022/38xxx/CVE-2022-38756.json +++ b/2022/38xxx/CVE-2022-38756.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@microfocus.com", "ID": "CVE-2022-38756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CVE-2022-38756 vulnerability in GW Web prior to 18.4.2" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Micro Focus GroupWise Web", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "18.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": " Micro Focus would like to thank Stefan Pietsch from Trovent Security GmbH for their work discovering and reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies." + } + ] } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://portal.microfocus.com/s/article/KM000012374?language=en_US", + "name": "https://portal.microfocus.com/s/article/KM000012374?language=en_US" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus GroupWise:\n\n Please update to Micro Focus GroupWise 18.4.2 or newer" + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4578.json b/2022/4xxx/CVE-2022-4578.json new file mode 100644 index 000000000000..cf0ca600a663 --- /dev/null +++ b/2022/4xxx/CVE-2022-4578.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4578", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21774.json b/2023/21xxx/CVE-2023-21774.json new file mode 100644 index 000000000000..f0204d2624ab --- /dev/null +++ b/2023/21xxx/CVE-2023-21774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21775.json b/2023/21xxx/CVE-2023-21775.json new file mode 100644 index 000000000000..a7d9db62e58a --- /dev/null +++ b/2023/21xxx/CVE-2023-21775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21776.json b/2023/21xxx/CVE-2023-21776.json new file mode 100644 index 000000000000..86503f45aad7 --- /dev/null +++ b/2023/21xxx/CVE-2023-21776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21777.json b/2023/21xxx/CVE-2023-21777.json new file mode 100644 index 000000000000..d5b77fc65016 --- /dev/null +++ b/2023/21xxx/CVE-2023-21777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21778.json b/2023/21xxx/CVE-2023-21778.json new file mode 100644 index 000000000000..bbaf5d23e84f --- /dev/null +++ b/2023/21xxx/CVE-2023-21778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21779.json b/2023/21xxx/CVE-2023-21779.json new file mode 100644 index 000000000000..3dbfe824af60 --- /dev/null +++ b/2023/21xxx/CVE-2023-21779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21780.json b/2023/21xxx/CVE-2023-21780.json new file mode 100644 index 000000000000..1bc69e285c05 --- /dev/null +++ b/2023/21xxx/CVE-2023-21780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21781.json b/2023/21xxx/CVE-2023-21781.json new file mode 100644 index 000000000000..ded77c620e5e --- /dev/null +++ b/2023/21xxx/CVE-2023-21781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21782.json b/2023/21xxx/CVE-2023-21782.json new file mode 100644 index 000000000000..18ca266c2459 --- /dev/null +++ b/2023/21xxx/CVE-2023-21782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21783.json b/2023/21xxx/CVE-2023-21783.json new file mode 100644 index 000000000000..a9a9aeaf3d43 --- /dev/null +++ b/2023/21xxx/CVE-2023-21783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21784.json b/2023/21xxx/CVE-2023-21784.json new file mode 100644 index 000000000000..d3121c20911c --- /dev/null +++ b/2023/21xxx/CVE-2023-21784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21785.json b/2023/21xxx/CVE-2023-21785.json new file mode 100644 index 000000000000..9a369084f39e --- /dev/null +++ b/2023/21xxx/CVE-2023-21785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21786.json b/2023/21xxx/CVE-2023-21786.json new file mode 100644 index 000000000000..95927fb4358c --- /dev/null +++ b/2023/21xxx/CVE-2023-21786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21787.json b/2023/21xxx/CVE-2023-21787.json new file mode 100644 index 000000000000..9e27d92ac455 --- /dev/null +++ b/2023/21xxx/CVE-2023-21787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21788.json b/2023/21xxx/CVE-2023-21788.json new file mode 100644 index 000000000000..36a7cb3174f6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21789.json b/2023/21xxx/CVE-2023-21789.json new file mode 100644 index 000000000000..cab5fa152b58 --- /dev/null +++ b/2023/21xxx/CVE-2023-21789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21790.json b/2023/21xxx/CVE-2023-21790.json new file mode 100644 index 000000000000..039a276df8ce --- /dev/null +++ b/2023/21xxx/CVE-2023-21790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21791.json b/2023/21xxx/CVE-2023-21791.json new file mode 100644 index 000000000000..6c2d2b3a8050 --- /dev/null +++ b/2023/21xxx/CVE-2023-21791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21792.json b/2023/21xxx/CVE-2023-21792.json new file mode 100644 index 000000000000..e5632dd09ce5 --- /dev/null +++ b/2023/21xxx/CVE-2023-21792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21793.json b/2023/21xxx/CVE-2023-21793.json new file mode 100644 index 000000000000..744186e2ffa8 --- /dev/null +++ b/2023/21xxx/CVE-2023-21793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21794.json b/2023/21xxx/CVE-2023-21794.json new file mode 100644 index 000000000000..9aa0d510181d --- /dev/null +++ b/2023/21xxx/CVE-2023-21794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21795.json b/2023/21xxx/CVE-2023-21795.json new file mode 100644 index 000000000000..e0f06f17aba6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21796.json b/2023/21xxx/CVE-2023-21796.json new file mode 100644 index 000000000000..be70684696cd --- /dev/null +++ b/2023/21xxx/CVE-2023-21796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21797.json b/2023/21xxx/CVE-2023-21797.json new file mode 100644 index 000000000000..a5a53e52f043 --- /dev/null +++ b/2023/21xxx/CVE-2023-21797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21798.json b/2023/21xxx/CVE-2023-21798.json new file mode 100644 index 000000000000..c49809977dc2 --- /dev/null +++ b/2023/21xxx/CVE-2023-21798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21799.json b/2023/21xxx/CVE-2023-21799.json new file mode 100644 index 000000000000..8e97b7845bfd --- /dev/null +++ b/2023/21xxx/CVE-2023-21799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21800.json b/2023/21xxx/CVE-2023-21800.json new file mode 100644 index 000000000000..9fa6b7c47eac --- /dev/null +++ b/2023/21xxx/CVE-2023-21800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21801.json b/2023/21xxx/CVE-2023-21801.json new file mode 100644 index 000000000000..9893632a67a4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21802.json b/2023/21xxx/CVE-2023-21802.json new file mode 100644 index 000000000000..67a328257d87 --- /dev/null +++ b/2023/21xxx/CVE-2023-21802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21803.json b/2023/21xxx/CVE-2023-21803.json new file mode 100644 index 000000000000..fb135018f42f --- /dev/null +++ b/2023/21xxx/CVE-2023-21803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21804.json b/2023/21xxx/CVE-2023-21804.json new file mode 100644 index 000000000000..7c19b60675d4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21805.json b/2023/21xxx/CVE-2023-21805.json new file mode 100644 index 000000000000..fe392893d4c6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21806.json b/2023/21xxx/CVE-2023-21806.json new file mode 100644 index 000000000000..b5a47044a3e5 --- /dev/null +++ b/2023/21xxx/CVE-2023-21806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21807.json b/2023/21xxx/CVE-2023-21807.json new file mode 100644 index 000000000000..6260ded81934 --- /dev/null +++ b/2023/21xxx/CVE-2023-21807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21808.json b/2023/21xxx/CVE-2023-21808.json new file mode 100644 index 000000000000..7d66656d433b --- /dev/null +++ b/2023/21xxx/CVE-2023-21808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21809.json b/2023/21xxx/CVE-2023-21809.json new file mode 100644 index 000000000000..d5afde61a497 --- /dev/null +++ b/2023/21xxx/CVE-2023-21809.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21809", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21810.json b/2023/21xxx/CVE-2023-21810.json new file mode 100644 index 000000000000..deca58f12e8d --- /dev/null +++ b/2023/21xxx/CVE-2023-21810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21811.json b/2023/21xxx/CVE-2023-21811.json new file mode 100644 index 000000000000..8872e9bf1961 --- /dev/null +++ b/2023/21xxx/CVE-2023-21811.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21811", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21812.json b/2023/21xxx/CVE-2023-21812.json new file mode 100644 index 000000000000..e9851b2e403f --- /dev/null +++ b/2023/21xxx/CVE-2023-21812.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21812", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21813.json b/2023/21xxx/CVE-2023-21813.json new file mode 100644 index 000000000000..005fac4de9da --- /dev/null +++ b/2023/21xxx/CVE-2023-21813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21814.json b/2023/21xxx/CVE-2023-21814.json new file mode 100644 index 000000000000..5e95fe39507f --- /dev/null +++ b/2023/21xxx/CVE-2023-21814.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21814", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21815.json b/2023/21xxx/CVE-2023-21815.json new file mode 100644 index 000000000000..58df2a3b463b --- /dev/null +++ b/2023/21xxx/CVE-2023-21815.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21815", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21816.json b/2023/21xxx/CVE-2023-21816.json new file mode 100644 index 000000000000..1e227b600669 --- /dev/null +++ b/2023/21xxx/CVE-2023-21816.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21816", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21817.json b/2023/21xxx/CVE-2023-21817.json new file mode 100644 index 000000000000..89ba3b956c6f --- /dev/null +++ b/2023/21xxx/CVE-2023-21817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21818.json b/2023/21xxx/CVE-2023-21818.json new file mode 100644 index 000000000000..754137f74c7a --- /dev/null +++ b/2023/21xxx/CVE-2023-21818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21819.json b/2023/21xxx/CVE-2023-21819.json new file mode 100644 index 000000000000..c8de56b24f7d --- /dev/null +++ b/2023/21xxx/CVE-2023-21819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21820.json b/2023/21xxx/CVE-2023-21820.json new file mode 100644 index 000000000000..b8068a2f49dd --- /dev/null +++ b/2023/21xxx/CVE-2023-21820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21821.json b/2023/21xxx/CVE-2023-21821.json new file mode 100644 index 000000000000..36b754c3df4d --- /dev/null +++ b/2023/21xxx/CVE-2023-21821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21822.json b/2023/21xxx/CVE-2023-21822.json new file mode 100644 index 000000000000..74e243215d2f --- /dev/null +++ b/2023/21xxx/CVE-2023-21822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21823.json b/2023/21xxx/CVE-2023-21823.json new file mode 100644 index 000000000000..3137a1da8437 --- /dev/null +++ b/2023/21xxx/CVE-2023-21823.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21823", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 1f2f427ecb9fb882744965f05d63119d476bb961 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 00:00:40 +0000 Subject: [PATCH 059/754] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23531.json | 86 ++++++++++++++++++++++++++++++++-- 1 file changed, 82 insertions(+), 4 deletions(-) diff --git a/2022/23xxx/CVE-2022-23531.json b/2022/23xxx/CVE-2022-23531.json index 90ca67b1ca90..022b0c04e4ac 100644 --- a/2022/23xxx/CVE-2022-23531.json +++ b/2022/23xxx/CVE-2022-23531.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DataDog", + "product": { + "product_data": [ + { + "product_name": "guarddog", + "version": { + "version_data": [ + { + "version_value": "< 0.1.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DataDog/guarddog/security/advisories/GHSA-rp2v-v467-q9vq", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/security/advisories/GHSA-rp2v-v467-q9vq" + }, + { + "url": "https://github.com/DataDog/guarddog/pull/89/commits/a56aff58264cb6b7855d71b00dc10c39a5dbd306", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/pull/89/commits/a56aff58264cb6b7855d71b00dc10c39a5dbd306" + }, + { + "url": "https://github.com/DataDog/guarddog/releases/tag/v0.1.5", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/releases/tag/v0.1.5" + } + ] + }, + "source": { + "advisory": "GHSA-rp2v-v467-q9vq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } From d738b33c4c4bdd802a21fa191228363edef75a46 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 01:00:42 +0000 Subject: [PATCH 060/754] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23488.json | 90 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4579.json | 18 +++++++ 2 files changed, 104 insertions(+), 4 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4579.json diff --git a/2022/23xxx/CVE-2022-23488.json b/2022/23xxx/CVE-2022-23488.json index c42dfc673ee2..def59b5c7fca 100644 --- a/2022/23xxx/CVE-2022-23488.json +++ b/2022/23xxx/CVE-2022-23488.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-201: Insertion of Sensitive Information Into Sent Data", + "cweId": "CWE-201" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "< 2.4-rc-6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-j5g3-f74q-rvfq", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-j5g3-f74q-rvfq" + } + ] + }, + "source": { + "advisory": "GHSA-j5g3-f74q-rvfq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4579.json b/2022/4xxx/CVE-2022-4579.json new file mode 100644 index 000000000000..e15814a5a611 --- /dev/null +++ b/2022/4xxx/CVE-2022-4579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From d3ce693defb3c263b580409a8535ed3cc239ce3a Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sat, 17 Dec 2022 02:19:58 +0100 Subject: [PATCH 061/754] CVE-2022-4572 --- 2022/4xxx/CVE-2022-4572.json | 88 ++++++++++++++++++++++++++++++++++-- 1 file changed, 85 insertions(+), 3 deletions(-) diff --git a/2022/4xxx/CVE-2022-4572.json b/2022/4xxx/CVE-2022-4572.json index 5aa64b64ce81..028fd69dc02a 100644 --- a/2022/4xxx/CVE-2022-4572.json +++ b/2022/4xxx/CVE-2022-4572.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "UBI Reader UBIFS File output.py ubireader_extract_files path traversal", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "UBI Reader", + "version": { + "version_data": [ + { + "version_value": "0.1" + }, + { + "version_value": "0.2" + }, + { + "version_value": "0.3" + }, + { + "version_value": "0.4" + }, + { + "version_value": "0.5" + }, + { + "version_value": "0.6" + }, + { + "version_value": "0.7" + }, + { + "version_value": "0.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader\/ubifs\/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-216146 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.4", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/jrspruitt\/ubi_reader\/pull\/57" + }, + { + "url": "https:\/\/github.com\/jrspruitt\/ubi_reader\/releases\/tag\/v0.8.5-master" + }, + { + "url": "https:\/\/github.com\/jrspruitt\/ubi_reader\/commit\/d5d68e6b1b9f7070c29df5f67fc060f579ae9139" + }, + { + "url": "https:\/\/vuldb.com\/?id.216146" } ] } From 5a1479ad0b8cf08a00bdf6a6920fb449cf65a6bd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 02:00:37 +0000 Subject: [PATCH 062/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4572.json | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/2022/4xxx/CVE-2022-4572.json b/2022/4xxx/CVE-2022-4572.json index 028fd69dc02a..d1ce76b31ee5 100644 --- a/2022/4xxx/CVE-2022-4572.json +++ b/2022/4xxx/CVE-2022-4572.json @@ -70,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader\/ubifs\/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-216146 is the identifier assigned to this vulnerability." + "value": "A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-216146 is the identifier assigned to this vulnerability." } ] }, @@ -78,22 +78,30 @@ "cvss": { "version": "3.1", "baseScore": "5.4", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/jrspruitt\/ubi_reader\/pull\/57" + "url": "https://github.com/jrspruitt/ubi_reader/pull/57", + "refsource": "MISC", + "name": "https://github.com/jrspruitt/ubi_reader/pull/57" }, { - "url": "https:\/\/github.com\/jrspruitt\/ubi_reader\/releases\/tag\/v0.8.5-master" + "url": "https://github.com/jrspruitt/ubi_reader/releases/tag/v0.8.5-master", + "refsource": "MISC", + "name": "https://github.com/jrspruitt/ubi_reader/releases/tag/v0.8.5-master" }, { - "url": "https:\/\/github.com\/jrspruitt\/ubi_reader\/commit\/d5d68e6b1b9f7070c29df5f67fc060f579ae9139" + "url": "https://github.com/jrspruitt/ubi_reader/commit/d5d68e6b1b9f7070c29df5f67fc060f579ae9139", + "refsource": "MISC", + "name": "https://github.com/jrspruitt/ubi_reader/commit/d5d68e6b1b9f7070c29df5f67fc060f579ae9139" }, { - "url": "https:\/\/vuldb.com\/?id.216146" + "url": "https://vuldb.com/?id.216146", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216146" } ] } From 13d49c3764f7302e9848d117b5696b6203b5ad26 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 03:00:41 +0000 Subject: [PATCH 063/754] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3190.json | 5 +++++ 2022/3xxx/CVE-2022-3275.json | 5 +++++ 2022/45xxx/CVE-2022-45061.json | 10 ++++++++++ 3 files changed, 20 insertions(+) diff --git a/2022/3xxx/CVE-2022-3190.json b/2022/3xxx/CVE-2022-3190.json index 41cdd5cacf21..b663f05559d5 100644 --- a/2022/3xxx/CVE-2022-3190.json +++ b/2022/3xxx/CVE-2022-3190.json @@ -61,6 +61,11 @@ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json", "refsource": "CONFIRM" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-1f2fbb087e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/" } ] }, diff --git a/2022/3xxx/CVE-2022-3275.json b/2022/3xxx/CVE-2022-3275.json index d365fe5f8c24..bae73e8b2df8 100644 --- a/2022/3xxx/CVE-2022-3275.json +++ b/2022/3xxx/CVE-2022-3275.json @@ -83,6 +83,11 @@ "refsource": "MISC", "url": "https://puppet.com/security/cve/CVE-2022-3275", "name": "https://puppet.com/security/cve/CVE-2022-3275" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-1f2fbb087e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/" } ] }, diff --git a/2022/45xxx/CVE-2022-45061.json b/2022/45xxx/CVE-2022-45061.json index 251d5960d8ff..09b3f9f565f3 100644 --- a/2022/45xxx/CVE-2022-45061.json +++ b/2022/45xxx/CVE-2022-45061.json @@ -111,6 +111,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-18b234c18b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-de755fd092", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-fd3771db30", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/" } ] } From f99d5d58730f9cb3196ed181c7e40ddfdf5c545e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 04:00:40 +0000 Subject: [PATCH 064/754] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3190.json | 5 +++++ 2022/3xxx/CVE-2022-3275.json | 5 +++++ 2022/45xxx/CVE-2022-45061.json | 15 +++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/2022/3xxx/CVE-2022-3190.json b/2022/3xxx/CVE-2022-3190.json index b663f05559d5..9feadf703fbb 100644 --- a/2022/3xxx/CVE-2022-3190.json +++ b/2022/3xxx/CVE-2022-3190.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-1f2fbb087e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-9d4aa8a486", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/" } ] }, diff --git a/2022/3xxx/CVE-2022-3275.json b/2022/3xxx/CVE-2022-3275.json index bae73e8b2df8..0c6adada58de 100644 --- a/2022/3xxx/CVE-2022-3275.json +++ b/2022/3xxx/CVE-2022-3275.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-1f2fbb087e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-9d4aa8a486", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/" } ] }, diff --git a/2022/45xxx/CVE-2022-45061.json b/2022/45xxx/CVE-2022-45061.json index 09b3f9f565f3..4269b2a20d16 100644 --- a/2022/45xxx/CVE-2022-45061.json +++ b/2022/45xxx/CVE-2022-45061.json @@ -121,6 +121,21 @@ "refsource": "FEDORA", "name": "FEDORA-2022-fd3771db30", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-6b8b96f883", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-3d7e44dbd5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-b2f06fbb62", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/" } ] } From aebcc5d852c52527d5ee46c079881a74ad4886dc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 06:00:39 +0000 Subject: [PATCH 065/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4580.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4580.json diff --git a/2022/4xxx/CVE-2022-4580.json b/2022/4xxx/CVE-2022-4580.json new file mode 100644 index 000000000000..6104a7482e7a --- /dev/null +++ b/2022/4xxx/CVE-2022-4580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 981f41b6bb7bb67fb74da18667e8f9d616d9fd5a Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Fri, 16 Dec 2022 22:01:34 -0800 Subject: [PATCH 066/754] 1ac677c4-ec0a-4788-9465-51d9b6bd8fd2 --- 2022/4xxx/CVE-2022-4567.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4567.json b/2022/4xxx/CVE-2022-4567.json index b2f7cc6e0b98..85b550dc368c 100644 --- a/2022/4xxx/CVE-2022-4567.json +++ b/2022/4xxx/CVE-2022-4567.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4567", + "STATE": "PUBLIC", + "TITLE": "Improper Access Control in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2" + }, + { + "name": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4" + } + ] + }, + "source": { + "advisory": "1ac677c4-ec0a-4788-9465-51d9b6bd8fd2", + "discovery": "EXTERNAL" + } } \ No newline at end of file From cb526a171efed06aecd9be1226ebfd297645152d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 08:00:36 +0000 Subject: [PATCH 067/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47513.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2022/47xxx/CVE-2022-47513.json diff --git a/2022/47xxx/CVE-2022-47513.json b/2022/47xxx/CVE-2022-47513.json new file mode 100644 index 000000000000..8823bafc344d --- /dev/null +++ b/2022/47xxx/CVE-2022-47513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 34cd27ca65fada0651747eb0e10471e87c87d24c Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sat, 17 Dec 2022 11:30:09 +0100 Subject: [PATCH 068/754] Revoke CVE-2022-3531 + CVE-2022-3532 --- 2022/3xxx/CVE-2022-3531.json | 73 ++++-------------------------------- 2022/3xxx/CVE-2022-3532.json | 73 ++++-------------------------------- 2 files changed, 14 insertions(+), 132 deletions(-) diff --git a/2022/3xxx/CVE-2022-3531.json b/2022/3xxx/CVE-2022-3531.json index 95bef7bd07b2..89f1a06f9197 100644 --- a/2022/3xxx/CVE-2022-3531.json +++ b/2022/3xxx/CVE-2022-3531.json @@ -1,77 +1,18 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-3531", - "TITLE": "Linux Kernel BPF kprobe_multi_test.c get_syms memory leak", - "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Kernel", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" - } - ] - } - ] + "ID": "CVE-2022-3531", + "STATE": "REJECT" }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function get_syms of the file tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211029 was assigned to this vulnerability." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6d2e21dc4db3933db65293552ecc1ede26febeca", - "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6d2e21dc4db3933db65293552ecc1ede26febeca" - }, - { - "url": "https://vuldb.com/?id.211029", - "refsource": "MISC", - "name": "https://vuldb.com/?id.211029" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2022/3xxx/CVE-2022-3532.json b/2022/3xxx/CVE-2022-3532.json index 53168e623c45..fa09a753b02c 100644 --- a/2022/3xxx/CVE-2022-3532.json +++ b/2022/3xxx/CVE-2022-3532.json @@ -1,77 +1,18 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-3532", - "TITLE": "Linux Kernel BPF test_fentry memory leak", - "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Kernel", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-404 Denial of Service -> CWE-401 Memory Leak" - } - ] - } - ] + "ID": "CVE-2022-3532", + "STATE": "REJECT" }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function test_map_kptr_success/test_fentry of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211030 is the identifier assigned to this vulnerability." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6e8280b958c5d7edc514cf347a800b23b7732b2b", - "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=6e8280b958c5d7edc514cf347a800b23b7732b2b" - }, - { - "url": "https://vuldb.com/?id.211030", - "refsource": "MISC", - "name": "https://vuldb.com/?id.211030" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} From 37c79c5c17c43b0c9157b421a2600f9e5ba43d40 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 11:00:38 +0000 Subject: [PATCH 069/754] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3531.json | 10 +++++----- 2022/3xxx/CVE-2022-3532.json | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/2022/3xxx/CVE-2022-3531.json b/2022/3xxx/CVE-2022-3531.json index 89f1a06f9197..35428d7b6ec4 100644 --- a/2022/3xxx/CVE-2022-3531.json +++ b/2022/3xxx/CVE-2022-3531.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3531", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3532.json b/2022/3xxx/CVE-2022-3532.json index fa09a753b02c..93898c82bf24 100644 --- a/2022/3xxx/CVE-2022-3532.json +++ b/2022/3xxx/CVE-2022-3532.json @@ -1,12 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-3532", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file From fea2585c19d81aa5661ef52de0d6961a7e534269 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 13:00:40 +0000 Subject: [PATCH 070/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4581.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4582.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4583.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4584.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4585.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4586.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4587.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4588.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4589.json | 18 ++++++++++++++++++ 9 files changed, 162 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4581.json create mode 100644 2022/4xxx/CVE-2022-4582.json create mode 100644 2022/4xxx/CVE-2022-4583.json create mode 100644 2022/4xxx/CVE-2022-4584.json create mode 100644 2022/4xxx/CVE-2022-4585.json create mode 100644 2022/4xxx/CVE-2022-4586.json create mode 100644 2022/4xxx/CVE-2022-4587.json create mode 100644 2022/4xxx/CVE-2022-4588.json create mode 100644 2022/4xxx/CVE-2022-4589.json diff --git a/2022/4xxx/CVE-2022-4581.json b/2022/4xxx/CVE-2022-4581.json new file mode 100644 index 000000000000..8e5f5010abe1 --- /dev/null +++ b/2022/4xxx/CVE-2022-4581.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4581", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4582.json b/2022/4xxx/CVE-2022-4582.json new file mode 100644 index 000000000000..e65538411252 --- /dev/null +++ b/2022/4xxx/CVE-2022-4582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4583.json b/2022/4xxx/CVE-2022-4583.json new file mode 100644 index 000000000000..aa1982199fe1 --- /dev/null +++ b/2022/4xxx/CVE-2022-4583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4584.json b/2022/4xxx/CVE-2022-4584.json new file mode 100644 index 000000000000..394ab2b09c01 --- /dev/null +++ b/2022/4xxx/CVE-2022-4584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4585.json b/2022/4xxx/CVE-2022-4585.json new file mode 100644 index 000000000000..1b844e6025a9 --- /dev/null +++ b/2022/4xxx/CVE-2022-4585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4586.json b/2022/4xxx/CVE-2022-4586.json new file mode 100644 index 000000000000..3263d2c70573 --- /dev/null +++ b/2022/4xxx/CVE-2022-4586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4587.json b/2022/4xxx/CVE-2022-4587.json new file mode 100644 index 000000000000..be8ed1e10f8e --- /dev/null +++ b/2022/4xxx/CVE-2022-4587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4588.json b/2022/4xxx/CVE-2022-4588.json new file mode 100644 index 000000000000..5351d59daba7 --- /dev/null +++ b/2022/4xxx/CVE-2022-4588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4589.json b/2022/4xxx/CVE-2022-4589.json new file mode 100644 index 000000000000..9fa6f0cdbd30 --- /dev/null +++ b/2022/4xxx/CVE-2022-4589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 4f0223ccedf4277a5317116c91b8a4adaa2cb8b0 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sat, 17 Dec 2022 14:02:28 +0100 Subject: [PATCH 071/754] CVE-2022-4581 - CVE-2022-4589 --- 2022/4xxx/CVE-2022-4581.json | 61 +++++++++++++++++++++-- 2022/4xxx/CVE-2022-4582.json | 94 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4583.json | 64 ++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4584.json | 64 ++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4585.json | 64 ++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4586.json | 64 ++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4587.json | 64 ++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4588.json | 70 ++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4589.json | 97 ++++++++++++++++++++++++++++++++++-- 9 files changed, 615 insertions(+), 27 deletions(-) diff --git a/2022/4xxx/CVE-2022-4581.json b/2022/4xxx/CVE-2022-4581.json index 8e5f5010abe1..d16d37dbbefb 100644 --- a/2022/4xxx/CVE-2022-4581.json +++ b/2022/4xxx/CVE-2022-4581.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "1j01 mind-map app.coffee cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "1j01", + "product": { + "product_data": [ + { + "product_name": "mind-map", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in 1j01 mind-map and classified as problematic. This issue affects some unknown processing of the file app.coffee. The manipulation of the argument html leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9617e6084dfeccd92079ab4d7f439300a4b24394. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216167." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/1j01\/mind-map\/commit\/9617e6084dfeccd92079ab4d7f439300a4b24394" + }, + { + "url": "https:\/\/vuldb.com\/?id.216167" } ] } diff --git a/2022/4xxx/CVE-2022-4582.json b/2022/4xxx/CVE-2022-4582.json index e65538411252..979cff407f22 100644 --- a/2022/4xxx/CVE-2022-4582.json +++ b/2022/4xxx/CVE-2022-4582.json @@ -4,14 +4,102 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "starter-public-edition-4 cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "starter-public-edition-4", + "version": { + "version_data": [ + { + "version_value": "4.6.0" + }, + { + "version_value": "4.6.1" + }, + { + "version_value": "4.6.2" + }, + { + "version_value": "4.6.3" + }, + { + "version_value": "4.6.4" + }, + { + "version_value": "4.6.5" + }, + { + "version_value": "4.6.6" + }, + { + "version_value": "4.6.7" + }, + { + "version_value": "4.6.8" + }, + { + "version_value": "4.6.9" + }, + { + "version_value": "4.6.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in starter-public-edition-4 up to 4.6.10. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.6.11 is able to address this issue. The name of the patch is 2606983c20f6ea3430ac4b36b3d2e88aafef45da. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216168." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ivantcholakov\/starter-public-edition-4\/commit\/2606983c20f6ea3430ac4b36b3d2e88aafef45da" + }, + { + "url": "https:\/\/github.com\/ivantcholakov\/starter-public-edition-4\/releases\/tag\/v4.6.11" + }, + { + "url": "https:\/\/vuldb.com\/?id.216168" } ] } diff --git a/2022/4xxx/CVE-2022-4583.json b/2022/4xxx/CVE-2022-4583.json index aa1982199fe1..9f0d2d3db20c 100644 --- a/2022/4xxx/CVE-2022-4583.json +++ b/2022/4xxx/CVE-2022-4583.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "jLEMS JUtil.java unpackJar path traversal", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "jLEMS", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src\/main\/java\/org\/lemsml\/jlems\/io\/util\/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/LEMS\/jLEMS\/pull\/103" + }, + { + "url": "https:\/\/github.com\/LEMS\/jLEMS\/commit\/8c224637d7d561076364a9e3c2c375daeaf463dc" + }, + { + "url": "https:\/\/vuldb.com\/?id.216169" } ] } diff --git a/2022/4xxx/CVE-2022-4584.json b/2022/4xxx/CVE-2022-4584.json index 394ab2b09c01..998c327e4a82 100644 --- a/2022/4xxx/CVE-2022-4584.json +++ b/2022/4xxx/CVE-2022-4584.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Axiomatic Bento4 mp42aac heap-based overflow", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axiomatic", + "product": { + "product_data": [ + { + "product_name": "Bento4", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Axiomatic Bento4. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/818" + }, + { + "url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/10095915\/POC2.tar.gz" + }, + { + "url": "https:\/\/vuldb.com\/?id.216170" } ] } diff --git a/2022/4xxx/CVE-2022-4585.json b/2022/4xxx/CVE-2022-4585.json index 1b844e6025a9..74b71e47f905 100644 --- a/2022/4xxx/CVE-2022-4585.json +++ b/2022/4xxx/CVE-2022-4585.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Opencaching Deutschland oc-server3 Cookie start.tpl cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Opencaching Deutschland", + "product": { + "product_data": [ + { + "product_name": "oc-server3", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3. This affects an unknown part of the file htdocs\/templates2\/ocstyle\/start.tpl of the component Cookie Handler. The manipulation of the argument usercountryCode leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is c720f2777a452186c67ef30db3679dd409556544. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216171." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/894" + }, + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/c720f2777a452186c67ef30db3679dd409556544" + }, + { + "url": "https:\/\/vuldb.com\/?id.216171" } ] } diff --git a/2022/4xxx/CVE-2022-4586.json b/2022/4xxx/CVE-2022-4586.json index 3263d2c70573..6907aee6be22 100644 --- a/2022/4xxx/CVE-2022-4586.json +++ b/2022/4xxx/CVE-2022-4586.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Opencaching Deutschland oc-server3 Cachelist cachelists.tpl cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Opencaching Deutschland", + "product": { + "product_data": [ + { + "product_name": "oc-server3", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs\/templates2\/ocstyle\/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument name_filter\/by_filter leads to cross site scripting. The attack can be initiated remotely. The name of the patch is a9f79c7da78cd24a7ef1d298e6bc86006972ea73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216172." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/894" + }, + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/a9f79c7da78cd24a7ef1d298e6bc86006972ea73" + }, + { + "url": "https:\/\/vuldb.com\/?id.216172" } ] } diff --git a/2022/4xxx/CVE-2022-4587.json b/2022/4xxx/CVE-2022-4587.json index be8ed1e10f8e..2f52c000c321 100644 --- a/2022/4xxx/CVE-2022-4587.json +++ b/2022/4xxx/CVE-2022-4587.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Opencaching Deutschland oc-server3 Login Page login.tpl cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Opencaching Deutschland", + "product": { + "product_data": [ + { + "product_name": "oc-server3", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs\/templates2\/ocstyle\/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/893" + }, + { + "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/3296ebd61e7fe49e93b5755d5d7766d6e94a7667" + }, + { + "url": "https:\/\/vuldb.com\/?id.216173" } ] } diff --git a/2022/4xxx/CVE-2022-4588.json b/2022/4xxx/CVE-2022-4588.json index 5351d59daba7..3cf374a6a1f4 100644 --- a/2022/4xxx/CVE-2022-4588.json +++ b/2022/4xxx/CVE-2022-4588.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Boston Sleep slice Layout cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Boston Sleep", + "product": { + "product_data": [ + { + "product_name": "slice", + "version": { + "version_data": [ + { + "version_value": "84.0" + }, + { + "version_value": "84.1" + }, + { + "version_value": "84.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.2.0. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 85.0.0 is able to address this issue. The name of the patch is 6523bb17d889e2ab13d767f38afefdb37083f1d0. It is recommended to upgrade the affected component. VDB-216174 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.4", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/sleepepi\/slice\/commit\/6523bb17d889e2ab13d767f38afefdb37083f1d0" + }, + { + "url": "https:\/\/github.com\/sleepepi\/slice\/releases\/tag\/v85.0.0" + }, + { + "url": "https:\/\/vuldb.com\/?id.216174" } ] } diff --git a/2022/4xxx/CVE-2022-4589.json b/2022/4xxx/CVE-2022-4589.json index 9fa6f0cdbd30..77d34c010472 100644 --- a/2022/4xxx/CVE-2022-4589.json +++ b/2022/4xxx/CVE-2022-4589.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "cyface Terms and Conditions Module views.py returnTo redirect", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cyface", + "product": { + "product_data": [ + { + "product_name": "Terms and Conditions Module", + "version": { + "version_data": [ + { + "version_value": "2.0.0" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.0.2" + }, + { + "version_value": "2.0.3" + }, + { + "version_value": "2.0.4" + }, + { + "version_value": "2.0.5" + }, + { + "version_value": "2.0.6" + }, + { + "version_value": "2.0.7" + }, + { + "version_value": "2.0.8" + }, + { + "version_value": "2.0.9" + }, + { + "version_value": "2.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 Open Redirect" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.10 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions\/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.11 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/cyface\/django-termsandconditions\/pull\/239" + }, + { + "url": "https:\/\/github.com\/cyface\/django-termsandconditions\/releases\/tag\/v2.0.11" + }, + { + "url": "https:\/\/github.com\/cyface\/django-termsandconditions\/commit\/03396a1c2e0af95e12a45c5faef7e47a4b513e1a" + }, + { + "url": "https:\/\/vuldb.com\/?id.216175" } ] } From 717e017a69811aca3340969003c6b0aadd4a117b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 14:00:39 +0000 Subject: [PATCH 072/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4581.json | 12 ++++++++---- 2022/4xxx/CVE-2022-4582.json | 14 ++++++++++---- 2022/4xxx/CVE-2022-4583.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4584.json | 16 +++++++++++----- 2022/4xxx/CVE-2022-4585.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4586.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4587.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4588.json | 14 ++++++++++---- 2022/4xxx/CVE-2022-4589.json | 20 ++++++++++++++------ 9 files changed, 101 insertions(+), 47 deletions(-) diff --git a/2022/4xxx/CVE-2022-4581.json b/2022/4xxx/CVE-2022-4581.json index d16d37dbbefb..31e7b62e4f5d 100644 --- a/2022/4xxx/CVE-2022-4581.json +++ b/2022/4xxx/CVE-2022-4581.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/1j01\/mind-map\/commit\/9617e6084dfeccd92079ab4d7f439300a4b24394" + "url": "https://github.com/1j01/mind-map/commit/9617e6084dfeccd92079ab4d7f439300a4b24394", + "refsource": "MISC", + "name": "https://github.com/1j01/mind-map/commit/9617e6084dfeccd92079ab4d7f439300a4b24394" }, { - "url": "https:\/\/vuldb.com\/?id.216167" + "url": "https://vuldb.com/?id.216167", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216167" } ] } diff --git a/2022/4xxx/CVE-2022-4582.json b/2022/4xxx/CVE-2022-4582.json index 979cff407f22..2e03d51cb96a 100644 --- a/2022/4xxx/CVE-2022-4582.json +++ b/2022/4xxx/CVE-2022-4582.json @@ -87,19 +87,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ivantcholakov\/starter-public-edition-4\/commit\/2606983c20f6ea3430ac4b36b3d2e88aafef45da" + "url": "https://github.com/ivantcholakov/starter-public-edition-4/commit/2606983c20f6ea3430ac4b36b3d2e88aafef45da", + "refsource": "MISC", + "name": "https://github.com/ivantcholakov/starter-public-edition-4/commit/2606983c20f6ea3430ac4b36b3d2e88aafef45da" }, { - "url": "https:\/\/github.com\/ivantcholakov\/starter-public-edition-4\/releases\/tag\/v4.6.11" + "url": "https://github.com/ivantcholakov/starter-public-edition-4/releases/tag/v4.6.11", + "refsource": "MISC", + "name": "https://github.com/ivantcholakov/starter-public-edition-4/releases/tag/v4.6.11" }, { - "url": "https:\/\/vuldb.com\/?id.216168" + "url": "https://vuldb.com/?id.216168", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216168" } ] } diff --git a/2022/4xxx/CVE-2022-4583.json b/2022/4xxx/CVE-2022-4583.json index 9f0d2d3db20c..3a4c5d6593fd 100644 --- a/2022/4xxx/CVE-2022-4583.json +++ b/2022/4xxx/CVE-2022-4583.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src\/main\/java\/org\/lemsml\/jlems\/io\/util\/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability." + "value": "A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src/main/java/org/lemsml/jlems/io/util/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/LEMS\/jLEMS\/pull\/103" + "url": "https://github.com/LEMS/jLEMS/pull/103", + "refsource": "MISC", + "name": "https://github.com/LEMS/jLEMS/pull/103" }, { - "url": "https:\/\/github.com\/LEMS\/jLEMS\/commit\/8c224637d7d561076364a9e3c2c375daeaf463dc" + "url": "https://github.com/LEMS/jLEMS/commit/8c224637d7d561076364a9e3c2c375daeaf463dc", + "refsource": "MISC", + "name": "https://github.com/LEMS/jLEMS/commit/8c224637d7d561076364a9e3c2c375daeaf463dc" }, { - "url": "https:\/\/vuldb.com\/?id.216169" + "url": "https://vuldb.com/?id.216169", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216169" } ] } diff --git a/2022/4xxx/CVE-2022-4584.json b/2022/4xxx/CVE-2022-4584.json index 998c327e4a82..03151cec2e7d 100644 --- a/2022/4xxx/CVE-2022-4584.json +++ b/2022/4xxx/CVE-2022-4584.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/issues\/818" + "url": "https://github.com/axiomatic-systems/Bento4/issues/818", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/issues/818" }, { - "url": "https:\/\/github.com\/axiomatic-systems\/Bento4\/files\/10095915\/POC2.tar.gz" + "url": "https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz", + "refsource": "MISC", + "name": "https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz" }, { - "url": "https:\/\/vuldb.com\/?id.216170" + "url": "https://vuldb.com/?id.216170", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216170" } ] } diff --git a/2022/4xxx/CVE-2022-4585.json b/2022/4xxx/CVE-2022-4585.json index 74b71e47f905..fc39dd844e85 100644 --- a/2022/4xxx/CVE-2022-4585.json +++ b/2022/4xxx/CVE-2022-4585.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3. This affects an unknown part of the file htdocs\/templates2\/ocstyle\/start.tpl of the component Cookie Handler. The manipulation of the argument usercountryCode leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is c720f2777a452186c67ef30db3679dd409556544. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216171." + "value": "A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3. This affects an unknown part of the file htdocs/templates2/ocstyle/start.tpl of the component Cookie Handler. The manipulation of the argument usercountryCode leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is c720f2777a452186c67ef30db3679dd409556544. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216171." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/894" + "url": "https://github.com/OpencachingDeutschland/oc-server3/pull/894", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/pull/894" }, { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/c720f2777a452186c67ef30db3679dd409556544" + "url": "https://github.com/OpencachingDeutschland/oc-server3/commit/c720f2777a452186c67ef30db3679dd409556544", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/commit/c720f2777a452186c67ef30db3679dd409556544" }, { - "url": "https:\/\/vuldb.com\/?id.216171" + "url": "https://vuldb.com/?id.216171", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216171" } ] } diff --git a/2022/4xxx/CVE-2022-4586.json b/2022/4xxx/CVE-2022-4586.json index 6907aee6be22..e05e32026a82 100644 --- a/2022/4xxx/CVE-2022-4586.json +++ b/2022/4xxx/CVE-2022-4586.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs\/templates2\/ocstyle\/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument name_filter\/by_filter leads to cross site scripting. The attack can be initiated remotely. The name of the patch is a9f79c7da78cd24a7ef1d298e6bc86006972ea73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216172." + "value": "A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument name_filter/by_filter leads to cross site scripting. The attack can be initiated remotely. The name of the patch is a9f79c7da78cd24a7ef1d298e6bc86006972ea73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216172." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/894" + "url": "https://github.com/OpencachingDeutschland/oc-server3/pull/894", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/pull/894" }, { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/a9f79c7da78cd24a7ef1d298e6bc86006972ea73" + "url": "https://github.com/OpencachingDeutschland/oc-server3/commit/a9f79c7da78cd24a7ef1d298e6bc86006972ea73", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/commit/a9f79c7da78cd24a7ef1d298e6bc86006972ea73" }, { - "url": "https:\/\/vuldb.com\/?id.216172" + "url": "https://vuldb.com/?id.216172", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216172" } ] } diff --git a/2022/4xxx/CVE-2022-4587.json b/2022/4xxx/CVE-2022-4587.json index 2f52c000c321..916f04e94fc5 100644 --- a/2022/4xxx/CVE-2022-4587.json +++ b/2022/4xxx/CVE-2022-4587.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs\/templates2\/ocstyle\/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned to this vulnerability." + "value": "A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs/templates2/ocstyle/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/pull\/893" + "url": "https://github.com/OpencachingDeutschland/oc-server3/pull/893", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/pull/893" }, { - "url": "https:\/\/github.com\/OpencachingDeutschland\/oc-server3\/commit\/3296ebd61e7fe49e93b5755d5d7766d6e94a7667" + "url": "https://github.com/OpencachingDeutschland/oc-server3/commit/3296ebd61e7fe49e93b5755d5d7766d6e94a7667", + "refsource": "MISC", + "name": "https://github.com/OpencachingDeutschland/oc-server3/commit/3296ebd61e7fe49e93b5755d5d7766d6e94a7667" }, { - "url": "https:\/\/vuldb.com\/?id.216173" + "url": "https://vuldb.com/?id.216173", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216173" } ] } diff --git a/2022/4xxx/CVE-2022-4588.json b/2022/4xxx/CVE-2022-4588.json index 3cf374a6a1f4..8bdcd61fb903 100644 --- a/2022/4xxx/CVE-2022-4588.json +++ b/2022/4xxx/CVE-2022-4588.json @@ -63,19 +63,25 @@ "cvss": { "version": "3.1", "baseScore": "2.4", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/sleepepi\/slice\/commit\/6523bb17d889e2ab13d767f38afefdb37083f1d0" + "url": "https://github.com/sleepepi/slice/commit/6523bb17d889e2ab13d767f38afefdb37083f1d0", + "refsource": "MISC", + "name": "https://github.com/sleepepi/slice/commit/6523bb17d889e2ab13d767f38afefdb37083f1d0" }, { - "url": "https:\/\/github.com\/sleepepi\/slice\/releases\/tag\/v85.0.0" + "url": "https://github.com/sleepepi/slice/releases/tag/v85.0.0", + "refsource": "MISC", + "name": "https://github.com/sleepepi/slice/releases/tag/v85.0.0" }, { - "url": "https:\/\/vuldb.com\/?id.216174" + "url": "https://vuldb.com/?id.216174", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216174" } ] } diff --git a/2022/4xxx/CVE-2022-4589.json b/2022/4xxx/CVE-2022-4589.json index 77d34c010472..f7254d6d768d 100644 --- a/2022/4xxx/CVE-2022-4589.json +++ b/2022/4xxx/CVE-2022-4589.json @@ -79,7 +79,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.10 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions\/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.11 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175." + "value": "A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.10 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.11 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175." } ] }, @@ -87,22 +87,30 @@ "cvss": { "version": "3.1", "baseScore": "5.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/cyface\/django-termsandconditions\/pull\/239" + "url": "https://github.com/cyface/django-termsandconditions/pull/239", + "refsource": "MISC", + "name": "https://github.com/cyface/django-termsandconditions/pull/239" }, { - "url": "https:\/\/github.com\/cyface\/django-termsandconditions\/releases\/tag\/v2.0.11" + "url": "https://github.com/cyface/django-termsandconditions/releases/tag/v2.0.11", + "refsource": "MISC", + "name": "https://github.com/cyface/django-termsandconditions/releases/tag/v2.0.11" }, { - "url": "https:\/\/github.com\/cyface\/django-termsandconditions\/commit\/03396a1c2e0af95e12a45c5faef7e47a4b513e1a" + "url": "https://github.com/cyface/django-termsandconditions/commit/03396a1c2e0af95e12a45c5faef7e47a4b513e1a", + "refsource": "MISC", + "name": "https://github.com/cyface/django-termsandconditions/commit/03396a1c2e0af95e12a45c5faef7e47a4b513e1a" }, { - "url": "https:\/\/vuldb.com\/?id.216175" + "url": "https://vuldb.com/?id.216175", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216175" } ] } From a4444529a609306eb21665f752f46f9b7b5f1866 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 19:00:38 +0000 Subject: [PATCH 073/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4246.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4590.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4591.json | 18 ++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 2021/4xxx/CVE-2021-4246.json create mode 100644 2022/4xxx/CVE-2022-4590.json create mode 100644 2022/4xxx/CVE-2022-4591.json diff --git a/2021/4xxx/CVE-2021-4246.json b/2021/4xxx/CVE-2021-4246.json new file mode 100644 index 000000000000..34e5011a8263 --- /dev/null +++ b/2021/4xxx/CVE-2021-4246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4590.json b/2022/4xxx/CVE-2022-4590.json new file mode 100644 index 000000000000..8cba83f8251c --- /dev/null +++ b/2022/4xxx/CVE-2022-4590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4591.json b/2022/4xxx/CVE-2022-4591.json new file mode 100644 index 000000000000..f3e9ae152d6d --- /dev/null +++ b/2022/4xxx/CVE-2022-4591.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4591", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From a089a468128cafa409de63ad99c69aa820899b50 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sat, 17 Dec 2022 20:01:21 +0100 Subject: [PATCH 074/754] CVE-2021-4246 --- 2021/4xxx/CVE-2021-4246.json | 61 ++++++++++++++++++++++++++++++++++-- 1 file changed, 58 insertions(+), 3 deletions(-) diff --git a/2021/4xxx/CVE-2021-4246.json b/2021/4xxx/CVE-2021-4246.json index 34e5011a8263..22f63c176d8c 100644 --- a/2021/4xxx/CVE-2021-4246.json +++ b/2021/4xxx/CVE-2021-4246.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "roxlukas LMeve Login Page sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "roxlukas", + "product": { + "product_data": [ + { + "product_name": "LMeve", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/roxlukas\/lmeve\/commit\/29e1ead3bb1c1fad53b77dfc14534496421c5b5d" + }, + { + "url": "https:\/\/vuldb.com\/?id.216176" } ] } From a40dbe11b3139a010e6c1fd953c29d9c811ac637 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sat, 17 Dec 2022 20:01:47 +0100 Subject: [PATCH 075/754] CVE-2022-4590 + CVE-2022-4591 --- 2022/4xxx/CVE-2022-4590.json | 124 ++++++++++++++++++++++++++++++++++- 2022/4xxx/CVE-2022-4591.json | 124 ++++++++++++++++++++++++++++++++++- 2 files changed, 242 insertions(+), 6 deletions(-) diff --git a/2022/4xxx/CVE-2022-4590.json b/2022/4xxx/CVE-2022-4590.json index 8cba83f8251c..b9b47ed472e4 100644 --- a/2022/4xxx/CVE-2022-4590.json +++ b/2022/4xxx/CVE-2022-4590.json @@ -4,14 +4,132 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "mschaef toto Todo List cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mschaef", + "product": { + "product_data": [ + { + "product_name": "toto", + "version": { + "version_data": [ + { + "version_value": "1.4.0" + }, + { + "version_value": "1.4.1" + }, + { + "version_value": "1.4.2" + }, + { + "version_value": "1.4.3" + }, + { + "version_value": "1.4.4" + }, + { + "version_value": "1.4.5" + }, + { + "version_value": "1.4.6" + }, + { + "version_value": "1.4.7" + }, + { + "version_value": "1.4.8" + }, + { + "version_value": "1.4.9" + }, + { + "version_value": "1.4.10" + }, + { + "version_value": "1.4.11" + }, + { + "version_value": "1.4.12" + }, + { + "version_value": "1.4.13" + }, + { + "version_value": "1.4.14" + }, + { + "version_value": "1.4.15" + }, + { + "version_value": "1.4.16" + }, + { + "version_value": "1.4.17" + }, + { + "version_value": "1.4.18" + }, + { + "version_value": "1.4.19" + }, + { + "version_value": "1.4.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in mschaef toto up to 1.4.20. It has been classified as problematic. This affects an unknown part of the component Todo List Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is fdc825ac5249f40683377e8a526a06cdc6870125. It is recommended to upgrade the affected component. The identifier VDB-216177 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/mschaef\/toto\/commit\/fdc825ac5249f40683377e8a526a06cdc6870125" + }, + { + "url": "https:\/\/github.com\/mschaef\/toto\/releases\/tag\/1.4.21" + }, + { + "url": "https:\/\/vuldb.com\/?id.216177" } ] } diff --git a/2022/4xxx/CVE-2022-4591.json b/2022/4xxx/CVE-2022-4591.json index f3e9ae152d6d..4fee96fc8822 100644 --- a/2022/4xxx/CVE-2022-4591.json +++ b/2022/4xxx/CVE-2022-4591.json @@ -4,14 +4,132 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "mschaef toto Email Parameter cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mschaef", + "product": { + "product_data": [ + { + "product_name": "toto", + "version": { + "version_data": [ + { + "version_value": "1.4.0" + }, + { + "version_value": "1.4.1" + }, + { + "version_value": "1.4.2" + }, + { + "version_value": "1.4.3" + }, + { + "version_value": "1.4.4" + }, + { + "version_value": "1.4.5" + }, + { + "version_value": "1.4.6" + }, + { + "version_value": "1.4.7" + }, + { + "version_value": "1.4.8" + }, + { + "version_value": "1.4.9" + }, + { + "version_value": "1.4.10" + }, + { + "version_value": "1.4.11" + }, + { + "version_value": "1.4.12" + }, + { + "version_value": "1.4.13" + }, + { + "version_value": "1.4.14" + }, + { + "version_value": "1.4.15" + }, + { + "version_value": "1.4.16" + }, + { + "version_value": "1.4.17" + }, + { + "version_value": "1.4.18" + }, + { + "version_value": "1.4.19" + }, + { + "version_value": "1.4.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in mschaef toto up to 1.4.20. It has been declared as problematic. This vulnerability affects unknown code of the component Email Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is 1f27f37c1a06f54a76971f70eaa6139dc139bdf9. It is recommended to upgrade the affected component. VDB-216178 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/mschaef\/toto\/commit\/1f27f37c1a06f54a76971f70eaa6139dc139bdf9" + }, + { + "url": "https:\/\/github.com\/mschaef\/toto\/releases\/tag\/1.4.21" + }, + { + "url": "https:\/\/vuldb.com\/?id.216178" } ] } From 306169c09105d32eba515ab8d8d1727902ca0190 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 20:00:38 +0000 Subject: [PATCH 076/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4246.json | 12 ++++++++---- 2022/4xxx/CVE-2022-4590.json | 14 ++++++++++---- 2022/4xxx/CVE-2022-4591.json | 14 ++++++++++---- 2023/21xxx/CVE-2023-21825.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21827.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21831.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21851.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21853.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21856.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21857.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21862.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21863.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21869.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21876.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21878.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21884.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21890.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21894.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21902.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21905.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21906.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21909.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21910.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21912.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21925.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21927.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21932.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21935.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21937.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21938.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21942.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21951.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21954.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21959.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21966.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21967.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21968.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21976.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21979.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21981.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21982.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21988.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21996.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22000.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22004.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22006.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22010.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22017.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22020.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22021.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22026.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22028.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22035.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22036.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22039.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22044.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22048.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22050.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22054.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22057.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22059.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22065.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22067.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22070.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22082.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22092.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22093.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22094.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22096.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22098.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22099.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22105.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22107.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22119.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22120.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22134.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22135.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22137.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22144.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22146.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22150.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22153.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22162.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22164.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22165.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22166.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22171.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22174.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22181.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22182.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22189.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22192.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22195.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22200.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22204.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22208.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22214.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22220.json | 18 ++++++++++++++++++ 98 files changed, 1738 insertions(+), 12 deletions(-) create mode 100644 2023/21xxx/CVE-2023-21825.json create mode 100644 2023/21xxx/CVE-2023-21827.json create mode 100644 2023/21xxx/CVE-2023-21831.json create mode 100644 2023/21xxx/CVE-2023-21851.json create mode 100644 2023/21xxx/CVE-2023-21853.json create mode 100644 2023/21xxx/CVE-2023-21856.json create mode 100644 2023/21xxx/CVE-2023-21857.json create mode 100644 2023/21xxx/CVE-2023-21862.json create mode 100644 2023/21xxx/CVE-2023-21863.json create mode 100644 2023/21xxx/CVE-2023-21869.json create mode 100644 2023/21xxx/CVE-2023-21876.json create mode 100644 2023/21xxx/CVE-2023-21878.json create mode 100644 2023/21xxx/CVE-2023-21884.json create mode 100644 2023/21xxx/CVE-2023-21890.json create mode 100644 2023/21xxx/CVE-2023-21894.json create mode 100644 2023/21xxx/CVE-2023-21902.json create mode 100644 2023/21xxx/CVE-2023-21905.json create mode 100644 2023/21xxx/CVE-2023-21906.json create mode 100644 2023/21xxx/CVE-2023-21909.json create mode 100644 2023/21xxx/CVE-2023-21910.json create mode 100644 2023/21xxx/CVE-2023-21912.json create mode 100644 2023/21xxx/CVE-2023-21925.json create mode 100644 2023/21xxx/CVE-2023-21927.json create mode 100644 2023/21xxx/CVE-2023-21932.json create mode 100644 2023/21xxx/CVE-2023-21935.json create mode 100644 2023/21xxx/CVE-2023-21937.json create mode 100644 2023/21xxx/CVE-2023-21938.json create mode 100644 2023/21xxx/CVE-2023-21942.json create mode 100644 2023/21xxx/CVE-2023-21951.json create mode 100644 2023/21xxx/CVE-2023-21954.json create mode 100644 2023/21xxx/CVE-2023-21959.json create mode 100644 2023/21xxx/CVE-2023-21966.json create mode 100644 2023/21xxx/CVE-2023-21967.json create mode 100644 2023/21xxx/CVE-2023-21968.json create mode 100644 2023/21xxx/CVE-2023-21976.json create mode 100644 2023/21xxx/CVE-2023-21979.json create mode 100644 2023/21xxx/CVE-2023-21981.json create mode 100644 2023/21xxx/CVE-2023-21982.json create mode 100644 2023/21xxx/CVE-2023-21988.json create mode 100644 2023/21xxx/CVE-2023-21996.json create mode 100644 2023/22xxx/CVE-2023-22000.json create mode 100644 2023/22xxx/CVE-2023-22004.json create mode 100644 2023/22xxx/CVE-2023-22006.json create mode 100644 2023/22xxx/CVE-2023-22010.json create mode 100644 2023/22xxx/CVE-2023-22017.json create mode 100644 2023/22xxx/CVE-2023-22020.json create mode 100644 2023/22xxx/CVE-2023-22021.json create mode 100644 2023/22xxx/CVE-2023-22026.json create mode 100644 2023/22xxx/CVE-2023-22028.json create mode 100644 2023/22xxx/CVE-2023-22035.json create mode 100644 2023/22xxx/CVE-2023-22036.json create mode 100644 2023/22xxx/CVE-2023-22039.json create mode 100644 2023/22xxx/CVE-2023-22044.json create mode 100644 2023/22xxx/CVE-2023-22048.json create mode 100644 2023/22xxx/CVE-2023-22050.json create mode 100644 2023/22xxx/CVE-2023-22054.json create mode 100644 2023/22xxx/CVE-2023-22057.json create mode 100644 2023/22xxx/CVE-2023-22059.json create mode 100644 2023/22xxx/CVE-2023-22065.json create mode 100644 2023/22xxx/CVE-2023-22067.json create mode 100644 2023/22xxx/CVE-2023-22070.json create mode 100644 2023/22xxx/CVE-2023-22082.json create mode 100644 2023/22xxx/CVE-2023-22092.json create mode 100644 2023/22xxx/CVE-2023-22093.json create mode 100644 2023/22xxx/CVE-2023-22094.json create mode 100644 2023/22xxx/CVE-2023-22096.json create mode 100644 2023/22xxx/CVE-2023-22098.json create mode 100644 2023/22xxx/CVE-2023-22099.json create mode 100644 2023/22xxx/CVE-2023-22105.json create mode 100644 2023/22xxx/CVE-2023-22107.json create mode 100644 2023/22xxx/CVE-2023-22119.json create mode 100644 2023/22xxx/CVE-2023-22120.json create mode 100644 2023/22xxx/CVE-2023-22134.json create mode 100644 2023/22xxx/CVE-2023-22135.json create mode 100644 2023/22xxx/CVE-2023-22137.json create mode 100644 2023/22xxx/CVE-2023-22144.json create mode 100644 2023/22xxx/CVE-2023-22146.json create mode 100644 2023/22xxx/CVE-2023-22150.json create mode 100644 2023/22xxx/CVE-2023-22153.json create mode 100644 2023/22xxx/CVE-2023-22162.json create mode 100644 2023/22xxx/CVE-2023-22164.json create mode 100644 2023/22xxx/CVE-2023-22165.json create mode 100644 2023/22xxx/CVE-2023-22166.json create mode 100644 2023/22xxx/CVE-2023-22171.json create mode 100644 2023/22xxx/CVE-2023-22174.json create mode 100644 2023/22xxx/CVE-2023-22181.json create mode 100644 2023/22xxx/CVE-2023-22182.json create mode 100644 2023/22xxx/CVE-2023-22189.json create mode 100644 2023/22xxx/CVE-2023-22192.json create mode 100644 2023/22xxx/CVE-2023-22195.json create mode 100644 2023/22xxx/CVE-2023-22200.json create mode 100644 2023/22xxx/CVE-2023-22204.json create mode 100644 2023/22xxx/CVE-2023-22208.json create mode 100644 2023/22xxx/CVE-2023-22214.json create mode 100644 2023/22xxx/CVE-2023-22220.json diff --git a/2021/4xxx/CVE-2021-4246.json b/2021/4xxx/CVE-2021-4246.json index 22f63c176d8c..085335a1a59b 100644 --- a/2021/4xxx/CVE-2021-4246.json +++ b/2021/4xxx/CVE-2021-4246.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/roxlukas\/lmeve\/commit\/29e1ead3bb1c1fad53b77dfc14534496421c5b5d" + "url": "https://github.com/roxlukas/lmeve/commit/29e1ead3bb1c1fad53b77dfc14534496421c5b5d", + "refsource": "MISC", + "name": "https://github.com/roxlukas/lmeve/commit/29e1ead3bb1c1fad53b77dfc14534496421c5b5d" }, { - "url": "https:\/\/vuldb.com\/?id.216176" + "url": "https://vuldb.com/?id.216176", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216176" } ] } diff --git a/2022/4xxx/CVE-2022-4590.json b/2022/4xxx/CVE-2022-4590.json index b9b47ed472e4..c33326419c85 100644 --- a/2022/4xxx/CVE-2022-4590.json +++ b/2022/4xxx/CVE-2022-4590.json @@ -117,19 +117,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/mschaef\/toto\/commit\/fdc825ac5249f40683377e8a526a06cdc6870125" + "url": "https://github.com/mschaef/toto/commit/fdc825ac5249f40683377e8a526a06cdc6870125", + "refsource": "MISC", + "name": "https://github.com/mschaef/toto/commit/fdc825ac5249f40683377e8a526a06cdc6870125" }, { - "url": "https:\/\/github.com\/mschaef\/toto\/releases\/tag\/1.4.21" + "url": "https://github.com/mschaef/toto/releases/tag/1.4.21", + "refsource": "MISC", + "name": "https://github.com/mschaef/toto/releases/tag/1.4.21" }, { - "url": "https:\/\/vuldb.com\/?id.216177" + "url": "https://vuldb.com/?id.216177", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216177" } ] } diff --git a/2022/4xxx/CVE-2022-4591.json b/2022/4xxx/CVE-2022-4591.json index 4fee96fc8822..d9dc9f880c08 100644 --- a/2022/4xxx/CVE-2022-4591.json +++ b/2022/4xxx/CVE-2022-4591.json @@ -117,19 +117,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/mschaef\/toto\/commit\/1f27f37c1a06f54a76971f70eaa6139dc139bdf9" + "url": "https://github.com/mschaef/toto/releases/tag/1.4.21", + "refsource": "MISC", + "name": "https://github.com/mschaef/toto/releases/tag/1.4.21" }, { - "url": "https:\/\/github.com\/mschaef\/toto\/releases\/tag\/1.4.21" + "url": "https://github.com/mschaef/toto/commit/1f27f37c1a06f54a76971f70eaa6139dc139bdf9", + "refsource": "MISC", + "name": "https://github.com/mschaef/toto/commit/1f27f37c1a06f54a76971f70eaa6139dc139bdf9" }, { - "url": "https:\/\/vuldb.com\/?id.216178" + "url": "https://vuldb.com/?id.216178", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216178" } ] } diff --git a/2023/21xxx/CVE-2023-21825.json b/2023/21xxx/CVE-2023-21825.json new file mode 100644 index 000000000000..3b98324152a4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21825.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21825", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21827.json b/2023/21xxx/CVE-2023-21827.json new file mode 100644 index 000000000000..de0b0a1340f9 --- /dev/null +++ b/2023/21xxx/CVE-2023-21827.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21827", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21831.json b/2023/21xxx/CVE-2023-21831.json new file mode 100644 index 000000000000..90126c6f7a56 --- /dev/null +++ b/2023/21xxx/CVE-2023-21831.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21831", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21851.json b/2023/21xxx/CVE-2023-21851.json new file mode 100644 index 000000000000..52b93b83fabe --- /dev/null +++ b/2023/21xxx/CVE-2023-21851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21853.json b/2023/21xxx/CVE-2023-21853.json new file mode 100644 index 000000000000..dd4a9bdefd9c --- /dev/null +++ b/2023/21xxx/CVE-2023-21853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21856.json b/2023/21xxx/CVE-2023-21856.json new file mode 100644 index 000000000000..65554d571767 --- /dev/null +++ b/2023/21xxx/CVE-2023-21856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21857.json b/2023/21xxx/CVE-2023-21857.json new file mode 100644 index 000000000000..2993452e4ddb --- /dev/null +++ b/2023/21xxx/CVE-2023-21857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21862.json b/2023/21xxx/CVE-2023-21862.json new file mode 100644 index 000000000000..fda742707350 --- /dev/null +++ b/2023/21xxx/CVE-2023-21862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21863.json b/2023/21xxx/CVE-2023-21863.json new file mode 100644 index 000000000000..51072c652545 --- /dev/null +++ b/2023/21xxx/CVE-2023-21863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21869.json b/2023/21xxx/CVE-2023-21869.json new file mode 100644 index 000000000000..641e0797a6e9 --- /dev/null +++ b/2023/21xxx/CVE-2023-21869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21876.json b/2023/21xxx/CVE-2023-21876.json new file mode 100644 index 000000000000..8b5368b10417 --- /dev/null +++ b/2023/21xxx/CVE-2023-21876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21878.json b/2023/21xxx/CVE-2023-21878.json new file mode 100644 index 000000000000..668f49d6b233 --- /dev/null +++ b/2023/21xxx/CVE-2023-21878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21884.json b/2023/21xxx/CVE-2023-21884.json new file mode 100644 index 000000000000..4bc4e3320a24 --- /dev/null +++ b/2023/21xxx/CVE-2023-21884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21890.json b/2023/21xxx/CVE-2023-21890.json new file mode 100644 index 000000000000..256aa8f81d93 --- /dev/null +++ b/2023/21xxx/CVE-2023-21890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21894.json b/2023/21xxx/CVE-2023-21894.json new file mode 100644 index 000000000000..54b2f9da17bb --- /dev/null +++ b/2023/21xxx/CVE-2023-21894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21902.json b/2023/21xxx/CVE-2023-21902.json new file mode 100644 index 000000000000..78241732837b --- /dev/null +++ b/2023/21xxx/CVE-2023-21902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21905.json b/2023/21xxx/CVE-2023-21905.json new file mode 100644 index 000000000000..6825a8977ff2 --- /dev/null +++ b/2023/21xxx/CVE-2023-21905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21906.json b/2023/21xxx/CVE-2023-21906.json new file mode 100644 index 000000000000..7f96b843b112 --- /dev/null +++ b/2023/21xxx/CVE-2023-21906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21909.json b/2023/21xxx/CVE-2023-21909.json new file mode 100644 index 000000000000..f52657cca07e --- /dev/null +++ b/2023/21xxx/CVE-2023-21909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21910.json b/2023/21xxx/CVE-2023-21910.json new file mode 100644 index 000000000000..7928fe7ded71 --- /dev/null +++ b/2023/21xxx/CVE-2023-21910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21912.json b/2023/21xxx/CVE-2023-21912.json new file mode 100644 index 000000000000..d1622cc9d963 --- /dev/null +++ b/2023/21xxx/CVE-2023-21912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21925.json b/2023/21xxx/CVE-2023-21925.json new file mode 100644 index 000000000000..d4530fb3c772 --- /dev/null +++ b/2023/21xxx/CVE-2023-21925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21927.json b/2023/21xxx/CVE-2023-21927.json new file mode 100644 index 000000000000..fd70bd49a310 --- /dev/null +++ b/2023/21xxx/CVE-2023-21927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21932.json b/2023/21xxx/CVE-2023-21932.json new file mode 100644 index 000000000000..4543dae16e3b --- /dev/null +++ b/2023/21xxx/CVE-2023-21932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21935.json b/2023/21xxx/CVE-2023-21935.json new file mode 100644 index 000000000000..9837c80d97c2 --- /dev/null +++ b/2023/21xxx/CVE-2023-21935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21937.json b/2023/21xxx/CVE-2023-21937.json new file mode 100644 index 000000000000..2ac203e22fa8 --- /dev/null +++ b/2023/21xxx/CVE-2023-21937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21938.json b/2023/21xxx/CVE-2023-21938.json new file mode 100644 index 000000000000..6675494939d9 --- /dev/null +++ b/2023/21xxx/CVE-2023-21938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21942.json b/2023/21xxx/CVE-2023-21942.json new file mode 100644 index 000000000000..aff71e944086 --- /dev/null +++ b/2023/21xxx/CVE-2023-21942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21951.json b/2023/21xxx/CVE-2023-21951.json new file mode 100644 index 000000000000..165de2408e9f --- /dev/null +++ b/2023/21xxx/CVE-2023-21951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21954.json b/2023/21xxx/CVE-2023-21954.json new file mode 100644 index 000000000000..4927312ed0e5 --- /dev/null +++ b/2023/21xxx/CVE-2023-21954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21959.json b/2023/21xxx/CVE-2023-21959.json new file mode 100644 index 000000000000..81eb892e38da --- /dev/null +++ b/2023/21xxx/CVE-2023-21959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21966.json b/2023/21xxx/CVE-2023-21966.json new file mode 100644 index 000000000000..f8b74030a120 --- /dev/null +++ b/2023/21xxx/CVE-2023-21966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21967.json b/2023/21xxx/CVE-2023-21967.json new file mode 100644 index 000000000000..efad412e305c --- /dev/null +++ b/2023/21xxx/CVE-2023-21967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21968.json b/2023/21xxx/CVE-2023-21968.json new file mode 100644 index 000000000000..5057289f5a0e --- /dev/null +++ b/2023/21xxx/CVE-2023-21968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21976.json b/2023/21xxx/CVE-2023-21976.json new file mode 100644 index 000000000000..381db396c0b6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21979.json b/2023/21xxx/CVE-2023-21979.json new file mode 100644 index 000000000000..d0a5faaf0b21 --- /dev/null +++ b/2023/21xxx/CVE-2023-21979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21981.json b/2023/21xxx/CVE-2023-21981.json new file mode 100644 index 000000000000..90a7302b758f --- /dev/null +++ b/2023/21xxx/CVE-2023-21981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21982.json b/2023/21xxx/CVE-2023-21982.json new file mode 100644 index 000000000000..84b235738a32 --- /dev/null +++ b/2023/21xxx/CVE-2023-21982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21988.json b/2023/21xxx/CVE-2023-21988.json new file mode 100644 index 000000000000..0649ba3e75ff --- /dev/null +++ b/2023/21xxx/CVE-2023-21988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21996.json b/2023/21xxx/CVE-2023-21996.json new file mode 100644 index 000000000000..72b3b99e9f80 --- /dev/null +++ b/2023/21xxx/CVE-2023-21996.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21996", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22000.json b/2023/22xxx/CVE-2023-22000.json new file mode 100644 index 000000000000..14125d51fede --- /dev/null +++ b/2023/22xxx/CVE-2023-22000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22004.json b/2023/22xxx/CVE-2023-22004.json new file mode 100644 index 000000000000..517350f85a8a --- /dev/null +++ b/2023/22xxx/CVE-2023-22004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22006.json b/2023/22xxx/CVE-2023-22006.json new file mode 100644 index 000000000000..cc15938ec41e --- /dev/null +++ b/2023/22xxx/CVE-2023-22006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22010.json b/2023/22xxx/CVE-2023-22010.json new file mode 100644 index 000000000000..944bfbebef31 --- /dev/null +++ b/2023/22xxx/CVE-2023-22010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22017.json b/2023/22xxx/CVE-2023-22017.json new file mode 100644 index 000000000000..1dccb50137eb --- /dev/null +++ b/2023/22xxx/CVE-2023-22017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22020.json b/2023/22xxx/CVE-2023-22020.json new file mode 100644 index 000000000000..836db9fb57d9 --- /dev/null +++ b/2023/22xxx/CVE-2023-22020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22021.json b/2023/22xxx/CVE-2023-22021.json new file mode 100644 index 000000000000..fb31362913d6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22026.json b/2023/22xxx/CVE-2023-22026.json new file mode 100644 index 000000000000..fb222f38b94a --- /dev/null +++ b/2023/22xxx/CVE-2023-22026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22028.json b/2023/22xxx/CVE-2023-22028.json new file mode 100644 index 000000000000..c0aa58e57c26 --- /dev/null +++ b/2023/22xxx/CVE-2023-22028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22035.json b/2023/22xxx/CVE-2023-22035.json new file mode 100644 index 000000000000..b6e932ea1c44 --- /dev/null +++ b/2023/22xxx/CVE-2023-22035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22036.json b/2023/22xxx/CVE-2023-22036.json new file mode 100644 index 000000000000..0addc7e4c96b --- /dev/null +++ b/2023/22xxx/CVE-2023-22036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22039.json b/2023/22xxx/CVE-2023-22039.json new file mode 100644 index 000000000000..3238c326a96c --- /dev/null +++ b/2023/22xxx/CVE-2023-22039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22044.json b/2023/22xxx/CVE-2023-22044.json new file mode 100644 index 000000000000..113505a177c6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22048.json b/2023/22xxx/CVE-2023-22048.json new file mode 100644 index 000000000000..0f50e7cdf11e --- /dev/null +++ b/2023/22xxx/CVE-2023-22048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22050.json b/2023/22xxx/CVE-2023-22050.json new file mode 100644 index 000000000000..43a5bca42e2a --- /dev/null +++ b/2023/22xxx/CVE-2023-22050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22054.json b/2023/22xxx/CVE-2023-22054.json new file mode 100644 index 000000000000..dcbf62dd3692 --- /dev/null +++ b/2023/22xxx/CVE-2023-22054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22057.json b/2023/22xxx/CVE-2023-22057.json new file mode 100644 index 000000000000..d49bba262798 --- /dev/null +++ b/2023/22xxx/CVE-2023-22057.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22057", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22059.json b/2023/22xxx/CVE-2023-22059.json new file mode 100644 index 000000000000..e22d805d2d87 --- /dev/null +++ b/2023/22xxx/CVE-2023-22059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22065.json b/2023/22xxx/CVE-2023-22065.json new file mode 100644 index 000000000000..a8c1d8ee7a3e --- /dev/null +++ b/2023/22xxx/CVE-2023-22065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22067.json b/2023/22xxx/CVE-2023-22067.json new file mode 100644 index 000000000000..dcdb1c1d3590 --- /dev/null +++ b/2023/22xxx/CVE-2023-22067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22070.json b/2023/22xxx/CVE-2023-22070.json new file mode 100644 index 000000000000..d6934d4215e5 --- /dev/null +++ b/2023/22xxx/CVE-2023-22070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22082.json b/2023/22xxx/CVE-2023-22082.json new file mode 100644 index 000000000000..ea04aa96d734 --- /dev/null +++ b/2023/22xxx/CVE-2023-22082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22092.json b/2023/22xxx/CVE-2023-22092.json new file mode 100644 index 000000000000..0d708317fa96 --- /dev/null +++ b/2023/22xxx/CVE-2023-22092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22093.json b/2023/22xxx/CVE-2023-22093.json new file mode 100644 index 000000000000..d69a877611ed --- /dev/null +++ b/2023/22xxx/CVE-2023-22093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22094.json b/2023/22xxx/CVE-2023-22094.json new file mode 100644 index 000000000000..f8cdac19e3d6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22096.json b/2023/22xxx/CVE-2023-22096.json new file mode 100644 index 000000000000..056847ab2e01 --- /dev/null +++ b/2023/22xxx/CVE-2023-22096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22098.json b/2023/22xxx/CVE-2023-22098.json new file mode 100644 index 000000000000..b880c5fb2156 --- /dev/null +++ b/2023/22xxx/CVE-2023-22098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22099.json b/2023/22xxx/CVE-2023-22099.json new file mode 100644 index 000000000000..4256e34e24fc --- /dev/null +++ b/2023/22xxx/CVE-2023-22099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22105.json b/2023/22xxx/CVE-2023-22105.json new file mode 100644 index 000000000000..91e23e97724c --- /dev/null +++ b/2023/22xxx/CVE-2023-22105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22107.json b/2023/22xxx/CVE-2023-22107.json new file mode 100644 index 000000000000..6164c9acb5f8 --- /dev/null +++ b/2023/22xxx/CVE-2023-22107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22119.json b/2023/22xxx/CVE-2023-22119.json new file mode 100644 index 000000000000..d2e6a96ee20b --- /dev/null +++ b/2023/22xxx/CVE-2023-22119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22120.json b/2023/22xxx/CVE-2023-22120.json new file mode 100644 index 000000000000..10850e7a02b6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22134.json b/2023/22xxx/CVE-2023-22134.json new file mode 100644 index 000000000000..d32cd7fa9d96 --- /dev/null +++ b/2023/22xxx/CVE-2023-22134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22135.json b/2023/22xxx/CVE-2023-22135.json new file mode 100644 index 000000000000..69d6d25de55a --- /dev/null +++ b/2023/22xxx/CVE-2023-22135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22137.json b/2023/22xxx/CVE-2023-22137.json new file mode 100644 index 000000000000..30aab54ef048 --- /dev/null +++ b/2023/22xxx/CVE-2023-22137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22144.json b/2023/22xxx/CVE-2023-22144.json new file mode 100644 index 000000000000..1e5e970b763d --- /dev/null +++ b/2023/22xxx/CVE-2023-22144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22146.json b/2023/22xxx/CVE-2023-22146.json new file mode 100644 index 000000000000..ff732610be21 --- /dev/null +++ b/2023/22xxx/CVE-2023-22146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22150.json b/2023/22xxx/CVE-2023-22150.json new file mode 100644 index 000000000000..7a41c140802d --- /dev/null +++ b/2023/22xxx/CVE-2023-22150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22153.json b/2023/22xxx/CVE-2023-22153.json new file mode 100644 index 000000000000..5301888ebfea --- /dev/null +++ b/2023/22xxx/CVE-2023-22153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22162.json b/2023/22xxx/CVE-2023-22162.json new file mode 100644 index 000000000000..71e7d2286464 --- /dev/null +++ b/2023/22xxx/CVE-2023-22162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22164.json b/2023/22xxx/CVE-2023-22164.json new file mode 100644 index 000000000000..23a90bc37cda --- /dev/null +++ b/2023/22xxx/CVE-2023-22164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22165.json b/2023/22xxx/CVE-2023-22165.json new file mode 100644 index 000000000000..72a2d8b9214d --- /dev/null +++ b/2023/22xxx/CVE-2023-22165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22166.json b/2023/22xxx/CVE-2023-22166.json new file mode 100644 index 000000000000..eb31befbcc3c --- /dev/null +++ b/2023/22xxx/CVE-2023-22166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22171.json b/2023/22xxx/CVE-2023-22171.json new file mode 100644 index 000000000000..ad9ee9c09d07 --- /dev/null +++ b/2023/22xxx/CVE-2023-22171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22174.json b/2023/22xxx/CVE-2023-22174.json new file mode 100644 index 000000000000..fb3143567459 --- /dev/null +++ b/2023/22xxx/CVE-2023-22174.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22174", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22181.json b/2023/22xxx/CVE-2023-22181.json new file mode 100644 index 000000000000..09b9c0cb0c74 --- /dev/null +++ b/2023/22xxx/CVE-2023-22181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22182.json b/2023/22xxx/CVE-2023-22182.json new file mode 100644 index 000000000000..a7ac1202a843 --- /dev/null +++ b/2023/22xxx/CVE-2023-22182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22189.json b/2023/22xxx/CVE-2023-22189.json new file mode 100644 index 000000000000..f4e95d7d12e4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22189.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22189", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22192.json b/2023/22xxx/CVE-2023-22192.json new file mode 100644 index 000000000000..3e01b45d61f0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22195.json b/2023/22xxx/CVE-2023-22195.json new file mode 100644 index 000000000000..3173f395d875 --- /dev/null +++ b/2023/22xxx/CVE-2023-22195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22200.json b/2023/22xxx/CVE-2023-22200.json new file mode 100644 index 000000000000..d8f5741ddb2b --- /dev/null +++ b/2023/22xxx/CVE-2023-22200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22204.json b/2023/22xxx/CVE-2023-22204.json new file mode 100644 index 000000000000..f894bfcd4e92 --- /dev/null +++ b/2023/22xxx/CVE-2023-22204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22208.json b/2023/22xxx/CVE-2023-22208.json new file mode 100644 index 000000000000..59a60e9abdbf --- /dev/null +++ b/2023/22xxx/CVE-2023-22208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22214.json b/2023/22xxx/CVE-2023-22214.json new file mode 100644 index 000000000000..ba2b928d575e --- /dev/null +++ b/2023/22xxx/CVE-2023-22214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22220.json b/2023/22xxx/CVE-2023-22220.json new file mode 100644 index 000000000000..54956936a21a --- /dev/null +++ b/2023/22xxx/CVE-2023-22220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From dfcfa76e23cb3e9ba09a8e0eaa7b3c6f8bac7911 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 20:00:49 +0000 Subject: [PATCH 077/754] "-Synchronized-Data." --- 2023/21xxx/CVE-2023-21824.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21828.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21830.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21834.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21843.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21845.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21849.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21852.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21855.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21858.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21875.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21877.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21882.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21887.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21888.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21889.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21895.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21899.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21901.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21907.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21908.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21911.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21913.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21915.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21920.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21921.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21923.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21924.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21928.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21929.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21930.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21934.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21936.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21941.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21944.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21950.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21952.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21953.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21965.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21971.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21975.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21993.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21994.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21997.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22003.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22011.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22016.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22030.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22031.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22032.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22034.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22040.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22045.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22047.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22052.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22053.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22055.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22063.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22077.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22084.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22085.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22087.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22091.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22110.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22111.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22112.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22115.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22116.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22121.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22125.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22128.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22133.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22139.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22140.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22142.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22143.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22145.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22149.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22156.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22159.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22163.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22168.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22169.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22179.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22180.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22184.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22188.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22193.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22194.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22196.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22201.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22206.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22211.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22212.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22219.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22222.json | 18 ++++++++++++++++++ 96 files changed, 1728 insertions(+) create mode 100644 2023/21xxx/CVE-2023-21824.json create mode 100644 2023/21xxx/CVE-2023-21828.json create mode 100644 2023/21xxx/CVE-2023-21830.json create mode 100644 2023/21xxx/CVE-2023-21834.json create mode 100644 2023/21xxx/CVE-2023-21843.json create mode 100644 2023/21xxx/CVE-2023-21845.json create mode 100644 2023/21xxx/CVE-2023-21849.json create mode 100644 2023/21xxx/CVE-2023-21852.json create mode 100644 2023/21xxx/CVE-2023-21855.json create mode 100644 2023/21xxx/CVE-2023-21858.json create mode 100644 2023/21xxx/CVE-2023-21875.json create mode 100644 2023/21xxx/CVE-2023-21877.json create mode 100644 2023/21xxx/CVE-2023-21882.json create mode 100644 2023/21xxx/CVE-2023-21887.json create mode 100644 2023/21xxx/CVE-2023-21888.json create mode 100644 2023/21xxx/CVE-2023-21889.json create mode 100644 2023/21xxx/CVE-2023-21895.json create mode 100644 2023/21xxx/CVE-2023-21899.json create mode 100644 2023/21xxx/CVE-2023-21901.json create mode 100644 2023/21xxx/CVE-2023-21907.json create mode 100644 2023/21xxx/CVE-2023-21908.json create mode 100644 2023/21xxx/CVE-2023-21911.json create mode 100644 2023/21xxx/CVE-2023-21913.json create mode 100644 2023/21xxx/CVE-2023-21915.json create mode 100644 2023/21xxx/CVE-2023-21920.json create mode 100644 2023/21xxx/CVE-2023-21921.json create mode 100644 2023/21xxx/CVE-2023-21923.json create mode 100644 2023/21xxx/CVE-2023-21924.json create mode 100644 2023/21xxx/CVE-2023-21928.json create mode 100644 2023/21xxx/CVE-2023-21929.json create mode 100644 2023/21xxx/CVE-2023-21930.json create mode 100644 2023/21xxx/CVE-2023-21934.json create mode 100644 2023/21xxx/CVE-2023-21936.json create mode 100644 2023/21xxx/CVE-2023-21941.json create mode 100644 2023/21xxx/CVE-2023-21944.json create mode 100644 2023/21xxx/CVE-2023-21950.json create mode 100644 2023/21xxx/CVE-2023-21952.json create mode 100644 2023/21xxx/CVE-2023-21953.json create mode 100644 2023/21xxx/CVE-2023-21965.json create mode 100644 2023/21xxx/CVE-2023-21971.json create mode 100644 2023/21xxx/CVE-2023-21975.json create mode 100644 2023/21xxx/CVE-2023-21993.json create mode 100644 2023/21xxx/CVE-2023-21994.json create mode 100644 2023/21xxx/CVE-2023-21997.json create mode 100644 2023/22xxx/CVE-2023-22003.json create mode 100644 2023/22xxx/CVE-2023-22011.json create mode 100644 2023/22xxx/CVE-2023-22016.json create mode 100644 2023/22xxx/CVE-2023-22030.json create mode 100644 2023/22xxx/CVE-2023-22031.json create mode 100644 2023/22xxx/CVE-2023-22032.json create mode 100644 2023/22xxx/CVE-2023-22034.json create mode 100644 2023/22xxx/CVE-2023-22040.json create mode 100644 2023/22xxx/CVE-2023-22045.json create mode 100644 2023/22xxx/CVE-2023-22047.json create mode 100644 2023/22xxx/CVE-2023-22052.json create mode 100644 2023/22xxx/CVE-2023-22053.json create mode 100644 2023/22xxx/CVE-2023-22055.json create mode 100644 2023/22xxx/CVE-2023-22063.json create mode 100644 2023/22xxx/CVE-2023-22077.json create mode 100644 2023/22xxx/CVE-2023-22084.json create mode 100644 2023/22xxx/CVE-2023-22085.json create mode 100644 2023/22xxx/CVE-2023-22087.json create mode 100644 2023/22xxx/CVE-2023-22091.json create mode 100644 2023/22xxx/CVE-2023-22110.json create mode 100644 2023/22xxx/CVE-2023-22111.json create mode 100644 2023/22xxx/CVE-2023-22112.json create mode 100644 2023/22xxx/CVE-2023-22115.json create mode 100644 2023/22xxx/CVE-2023-22116.json create mode 100644 2023/22xxx/CVE-2023-22121.json create mode 100644 2023/22xxx/CVE-2023-22125.json create mode 100644 2023/22xxx/CVE-2023-22128.json create mode 100644 2023/22xxx/CVE-2023-22133.json create mode 100644 2023/22xxx/CVE-2023-22139.json create mode 100644 2023/22xxx/CVE-2023-22140.json create mode 100644 2023/22xxx/CVE-2023-22142.json create mode 100644 2023/22xxx/CVE-2023-22143.json create mode 100644 2023/22xxx/CVE-2023-22145.json create mode 100644 2023/22xxx/CVE-2023-22149.json create mode 100644 2023/22xxx/CVE-2023-22156.json create mode 100644 2023/22xxx/CVE-2023-22159.json create mode 100644 2023/22xxx/CVE-2023-22163.json create mode 100644 2023/22xxx/CVE-2023-22168.json create mode 100644 2023/22xxx/CVE-2023-22169.json create mode 100644 2023/22xxx/CVE-2023-22179.json create mode 100644 2023/22xxx/CVE-2023-22180.json create mode 100644 2023/22xxx/CVE-2023-22184.json create mode 100644 2023/22xxx/CVE-2023-22188.json create mode 100644 2023/22xxx/CVE-2023-22193.json create mode 100644 2023/22xxx/CVE-2023-22194.json create mode 100644 2023/22xxx/CVE-2023-22196.json create mode 100644 2023/22xxx/CVE-2023-22201.json create mode 100644 2023/22xxx/CVE-2023-22206.json create mode 100644 2023/22xxx/CVE-2023-22211.json create mode 100644 2023/22xxx/CVE-2023-22212.json create mode 100644 2023/22xxx/CVE-2023-22219.json create mode 100644 2023/22xxx/CVE-2023-22222.json diff --git a/2023/21xxx/CVE-2023-21824.json b/2023/21xxx/CVE-2023-21824.json new file mode 100644 index 000000000000..f5e6c17e0984 --- /dev/null +++ b/2023/21xxx/CVE-2023-21824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21828.json b/2023/21xxx/CVE-2023-21828.json new file mode 100644 index 000000000000..ddf5d565bf29 --- /dev/null +++ b/2023/21xxx/CVE-2023-21828.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21828", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21830.json b/2023/21xxx/CVE-2023-21830.json new file mode 100644 index 000000000000..744b566bee6b --- /dev/null +++ b/2023/21xxx/CVE-2023-21830.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21830", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21834.json b/2023/21xxx/CVE-2023-21834.json new file mode 100644 index 000000000000..0d8da8cc7310 --- /dev/null +++ b/2023/21xxx/CVE-2023-21834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21843.json b/2023/21xxx/CVE-2023-21843.json new file mode 100644 index 000000000000..a38857a1ef47 --- /dev/null +++ b/2023/21xxx/CVE-2023-21843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21845.json b/2023/21xxx/CVE-2023-21845.json new file mode 100644 index 000000000000..5e077a8de2f4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21849.json b/2023/21xxx/CVE-2023-21849.json new file mode 100644 index 000000000000..d846d0cb27db --- /dev/null +++ b/2023/21xxx/CVE-2023-21849.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21849", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21852.json b/2023/21xxx/CVE-2023-21852.json new file mode 100644 index 000000000000..8ea6abaeb7cc --- /dev/null +++ b/2023/21xxx/CVE-2023-21852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21855.json b/2023/21xxx/CVE-2023-21855.json new file mode 100644 index 000000000000..ff8be8227982 --- /dev/null +++ b/2023/21xxx/CVE-2023-21855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21858.json b/2023/21xxx/CVE-2023-21858.json new file mode 100644 index 000000000000..c2d38a0b7cd0 --- /dev/null +++ b/2023/21xxx/CVE-2023-21858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21875.json b/2023/21xxx/CVE-2023-21875.json new file mode 100644 index 000000000000..87d7fe637a37 --- /dev/null +++ b/2023/21xxx/CVE-2023-21875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21877.json b/2023/21xxx/CVE-2023-21877.json new file mode 100644 index 000000000000..93494eb6e718 --- /dev/null +++ b/2023/21xxx/CVE-2023-21877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21882.json b/2023/21xxx/CVE-2023-21882.json new file mode 100644 index 000000000000..89d09dffcf90 --- /dev/null +++ b/2023/21xxx/CVE-2023-21882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21887.json b/2023/21xxx/CVE-2023-21887.json new file mode 100644 index 000000000000..4f6988c827fd --- /dev/null +++ b/2023/21xxx/CVE-2023-21887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21888.json b/2023/21xxx/CVE-2023-21888.json new file mode 100644 index 000000000000..7fbdab45f5c4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21889.json b/2023/21xxx/CVE-2023-21889.json new file mode 100644 index 000000000000..b23a2acba634 --- /dev/null +++ b/2023/21xxx/CVE-2023-21889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21895.json b/2023/21xxx/CVE-2023-21895.json new file mode 100644 index 000000000000..a2d443da30a5 --- /dev/null +++ b/2023/21xxx/CVE-2023-21895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21899.json b/2023/21xxx/CVE-2023-21899.json new file mode 100644 index 000000000000..2108977d5012 --- /dev/null +++ b/2023/21xxx/CVE-2023-21899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21901.json b/2023/21xxx/CVE-2023-21901.json new file mode 100644 index 000000000000..89590128276d --- /dev/null +++ b/2023/21xxx/CVE-2023-21901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21907.json b/2023/21xxx/CVE-2023-21907.json new file mode 100644 index 000000000000..29a76c7a2131 --- /dev/null +++ b/2023/21xxx/CVE-2023-21907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21908.json b/2023/21xxx/CVE-2023-21908.json new file mode 100644 index 000000000000..d2f01edf7be7 --- /dev/null +++ b/2023/21xxx/CVE-2023-21908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21911.json b/2023/21xxx/CVE-2023-21911.json new file mode 100644 index 000000000000..a9c0343adb2a --- /dev/null +++ b/2023/21xxx/CVE-2023-21911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21913.json b/2023/21xxx/CVE-2023-21913.json new file mode 100644 index 000000000000..1ec21387fb78 --- /dev/null +++ b/2023/21xxx/CVE-2023-21913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21915.json b/2023/21xxx/CVE-2023-21915.json new file mode 100644 index 000000000000..5b4157976718 --- /dev/null +++ b/2023/21xxx/CVE-2023-21915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21920.json b/2023/21xxx/CVE-2023-21920.json new file mode 100644 index 000000000000..772527766d20 --- /dev/null +++ b/2023/21xxx/CVE-2023-21920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21921.json b/2023/21xxx/CVE-2023-21921.json new file mode 100644 index 000000000000..cfaa7a420416 --- /dev/null +++ b/2023/21xxx/CVE-2023-21921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21923.json b/2023/21xxx/CVE-2023-21923.json new file mode 100644 index 000000000000..7bf51819e154 --- /dev/null +++ b/2023/21xxx/CVE-2023-21923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21924.json b/2023/21xxx/CVE-2023-21924.json new file mode 100644 index 000000000000..83ed3955d12a --- /dev/null +++ b/2023/21xxx/CVE-2023-21924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21928.json b/2023/21xxx/CVE-2023-21928.json new file mode 100644 index 000000000000..e7999eca97b3 --- /dev/null +++ b/2023/21xxx/CVE-2023-21928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21929.json b/2023/21xxx/CVE-2023-21929.json new file mode 100644 index 000000000000..8a062c4e2a86 --- /dev/null +++ b/2023/21xxx/CVE-2023-21929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21930.json b/2023/21xxx/CVE-2023-21930.json new file mode 100644 index 000000000000..3dd30188f75f --- /dev/null +++ b/2023/21xxx/CVE-2023-21930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21934.json b/2023/21xxx/CVE-2023-21934.json new file mode 100644 index 000000000000..6d8599caba55 --- /dev/null +++ b/2023/21xxx/CVE-2023-21934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21936.json b/2023/21xxx/CVE-2023-21936.json new file mode 100644 index 000000000000..67c958039990 --- /dev/null +++ b/2023/21xxx/CVE-2023-21936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21941.json b/2023/21xxx/CVE-2023-21941.json new file mode 100644 index 000000000000..bfff6ea34dd2 --- /dev/null +++ b/2023/21xxx/CVE-2023-21941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21944.json b/2023/21xxx/CVE-2023-21944.json new file mode 100644 index 000000000000..6def29795032 --- /dev/null +++ b/2023/21xxx/CVE-2023-21944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21950.json b/2023/21xxx/CVE-2023-21950.json new file mode 100644 index 000000000000..cb7a3f728541 --- /dev/null +++ b/2023/21xxx/CVE-2023-21950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21952.json b/2023/21xxx/CVE-2023-21952.json new file mode 100644 index 000000000000..f81abf4219ef --- /dev/null +++ b/2023/21xxx/CVE-2023-21952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21953.json b/2023/21xxx/CVE-2023-21953.json new file mode 100644 index 000000000000..d5a91e699745 --- /dev/null +++ b/2023/21xxx/CVE-2023-21953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21965.json b/2023/21xxx/CVE-2023-21965.json new file mode 100644 index 000000000000..9e1d65522787 --- /dev/null +++ b/2023/21xxx/CVE-2023-21965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21971.json b/2023/21xxx/CVE-2023-21971.json new file mode 100644 index 000000000000..688a5806145c --- /dev/null +++ b/2023/21xxx/CVE-2023-21971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21975.json b/2023/21xxx/CVE-2023-21975.json new file mode 100644 index 000000000000..79ab973f128f --- /dev/null +++ b/2023/21xxx/CVE-2023-21975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21993.json b/2023/21xxx/CVE-2023-21993.json new file mode 100644 index 000000000000..85a3d1cfdb28 --- /dev/null +++ b/2023/21xxx/CVE-2023-21993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21994.json b/2023/21xxx/CVE-2023-21994.json new file mode 100644 index 000000000000..8421927e3d04 --- /dev/null +++ b/2023/21xxx/CVE-2023-21994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21997.json b/2023/21xxx/CVE-2023-21997.json new file mode 100644 index 000000000000..65e2bf9dbd1e --- /dev/null +++ b/2023/21xxx/CVE-2023-21997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22003.json b/2023/22xxx/CVE-2023-22003.json new file mode 100644 index 000000000000..abbb47b31d4a --- /dev/null +++ b/2023/22xxx/CVE-2023-22003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22011.json b/2023/22xxx/CVE-2023-22011.json new file mode 100644 index 000000000000..c65058cb2f7e --- /dev/null +++ b/2023/22xxx/CVE-2023-22011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22016.json b/2023/22xxx/CVE-2023-22016.json new file mode 100644 index 000000000000..9cfc816e94ff --- /dev/null +++ b/2023/22xxx/CVE-2023-22016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22030.json b/2023/22xxx/CVE-2023-22030.json new file mode 100644 index 000000000000..a985261c83a2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22031.json b/2023/22xxx/CVE-2023-22031.json new file mode 100644 index 000000000000..122eda0bbdc3 --- /dev/null +++ b/2023/22xxx/CVE-2023-22031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22032.json b/2023/22xxx/CVE-2023-22032.json new file mode 100644 index 000000000000..2bf147307276 --- /dev/null +++ b/2023/22xxx/CVE-2023-22032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22034.json b/2023/22xxx/CVE-2023-22034.json new file mode 100644 index 000000000000..fefd93efdbe7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22040.json b/2023/22xxx/CVE-2023-22040.json new file mode 100644 index 000000000000..808fb467b5c5 --- /dev/null +++ b/2023/22xxx/CVE-2023-22040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22045.json b/2023/22xxx/CVE-2023-22045.json new file mode 100644 index 000000000000..9a1544fcb2ad --- /dev/null +++ b/2023/22xxx/CVE-2023-22045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22047.json b/2023/22xxx/CVE-2023-22047.json new file mode 100644 index 000000000000..2cd9206cc575 --- /dev/null +++ b/2023/22xxx/CVE-2023-22047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22052.json b/2023/22xxx/CVE-2023-22052.json new file mode 100644 index 000000000000..9a12f0807191 --- /dev/null +++ b/2023/22xxx/CVE-2023-22052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22053.json b/2023/22xxx/CVE-2023-22053.json new file mode 100644 index 000000000000..46927947e8bc --- /dev/null +++ b/2023/22xxx/CVE-2023-22053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22055.json b/2023/22xxx/CVE-2023-22055.json new file mode 100644 index 000000000000..9341189b03f3 --- /dev/null +++ b/2023/22xxx/CVE-2023-22055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22063.json b/2023/22xxx/CVE-2023-22063.json new file mode 100644 index 000000000000..5f212c8ae213 --- /dev/null +++ b/2023/22xxx/CVE-2023-22063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22077.json b/2023/22xxx/CVE-2023-22077.json new file mode 100644 index 000000000000..368d45a0b3f8 --- /dev/null +++ b/2023/22xxx/CVE-2023-22077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22084.json b/2023/22xxx/CVE-2023-22084.json new file mode 100644 index 000000000000..f4dc1e5bc826 --- /dev/null +++ b/2023/22xxx/CVE-2023-22084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22085.json b/2023/22xxx/CVE-2023-22085.json new file mode 100644 index 000000000000..9447453a82e9 --- /dev/null +++ b/2023/22xxx/CVE-2023-22085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22087.json b/2023/22xxx/CVE-2023-22087.json new file mode 100644 index 000000000000..17c56f63d915 --- /dev/null +++ b/2023/22xxx/CVE-2023-22087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22091.json b/2023/22xxx/CVE-2023-22091.json new file mode 100644 index 000000000000..3be223593386 --- /dev/null +++ b/2023/22xxx/CVE-2023-22091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22110.json b/2023/22xxx/CVE-2023-22110.json new file mode 100644 index 000000000000..e4cd9f8a78e2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22111.json b/2023/22xxx/CVE-2023-22111.json new file mode 100644 index 000000000000..462091869223 --- /dev/null +++ b/2023/22xxx/CVE-2023-22111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22112.json b/2023/22xxx/CVE-2023-22112.json new file mode 100644 index 000000000000..795f93ebb9dd --- /dev/null +++ b/2023/22xxx/CVE-2023-22112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22115.json b/2023/22xxx/CVE-2023-22115.json new file mode 100644 index 000000000000..d4f6d253d2d8 --- /dev/null +++ b/2023/22xxx/CVE-2023-22115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22116.json b/2023/22xxx/CVE-2023-22116.json new file mode 100644 index 000000000000..5c46fed9d107 --- /dev/null +++ b/2023/22xxx/CVE-2023-22116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22121.json b/2023/22xxx/CVE-2023-22121.json new file mode 100644 index 000000000000..471910429f55 --- /dev/null +++ b/2023/22xxx/CVE-2023-22121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22125.json b/2023/22xxx/CVE-2023-22125.json new file mode 100644 index 000000000000..9bc768a7fb70 --- /dev/null +++ b/2023/22xxx/CVE-2023-22125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22128.json b/2023/22xxx/CVE-2023-22128.json new file mode 100644 index 000000000000..5637fbefb7b2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22133.json b/2023/22xxx/CVE-2023-22133.json new file mode 100644 index 000000000000..c41fb6fc0239 --- /dev/null +++ b/2023/22xxx/CVE-2023-22133.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22133", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22139.json b/2023/22xxx/CVE-2023-22139.json new file mode 100644 index 000000000000..a2be8cd3d7ca --- /dev/null +++ b/2023/22xxx/CVE-2023-22139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22140.json b/2023/22xxx/CVE-2023-22140.json new file mode 100644 index 000000000000..acf5002896d2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22142.json b/2023/22xxx/CVE-2023-22142.json new file mode 100644 index 000000000000..eebaa50efebf --- /dev/null +++ b/2023/22xxx/CVE-2023-22142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22143.json b/2023/22xxx/CVE-2023-22143.json new file mode 100644 index 000000000000..ed6ddf660a45 --- /dev/null +++ b/2023/22xxx/CVE-2023-22143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22145.json b/2023/22xxx/CVE-2023-22145.json new file mode 100644 index 000000000000..2c4d2bb05312 --- /dev/null +++ b/2023/22xxx/CVE-2023-22145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22149.json b/2023/22xxx/CVE-2023-22149.json new file mode 100644 index 000000000000..4e768cdcb579 --- /dev/null +++ b/2023/22xxx/CVE-2023-22149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22156.json b/2023/22xxx/CVE-2023-22156.json new file mode 100644 index 000000000000..07c0a30bd701 --- /dev/null +++ b/2023/22xxx/CVE-2023-22156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22159.json b/2023/22xxx/CVE-2023-22159.json new file mode 100644 index 000000000000..0c6b78e2363d --- /dev/null +++ b/2023/22xxx/CVE-2023-22159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22163.json b/2023/22xxx/CVE-2023-22163.json new file mode 100644 index 000000000000..adc2c512e05b --- /dev/null +++ b/2023/22xxx/CVE-2023-22163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22168.json b/2023/22xxx/CVE-2023-22168.json new file mode 100644 index 000000000000..653aa7262eb5 --- /dev/null +++ b/2023/22xxx/CVE-2023-22168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22169.json b/2023/22xxx/CVE-2023-22169.json new file mode 100644 index 000000000000..4247f1a3b1a4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22179.json b/2023/22xxx/CVE-2023-22179.json new file mode 100644 index 000000000000..9337d8fb61e3 --- /dev/null +++ b/2023/22xxx/CVE-2023-22179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22180.json b/2023/22xxx/CVE-2023-22180.json new file mode 100644 index 000000000000..721bfeaa7377 --- /dev/null +++ b/2023/22xxx/CVE-2023-22180.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22180", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22184.json b/2023/22xxx/CVE-2023-22184.json new file mode 100644 index 000000000000..25a240b2cb21 --- /dev/null +++ b/2023/22xxx/CVE-2023-22184.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22184", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22188.json b/2023/22xxx/CVE-2023-22188.json new file mode 100644 index 000000000000..b76f5ca6b4c6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22188.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22188", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22193.json b/2023/22xxx/CVE-2023-22193.json new file mode 100644 index 000000000000..668a7845232b --- /dev/null +++ b/2023/22xxx/CVE-2023-22193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22194.json b/2023/22xxx/CVE-2023-22194.json new file mode 100644 index 000000000000..a01b6421e325 --- /dev/null +++ b/2023/22xxx/CVE-2023-22194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22196.json b/2023/22xxx/CVE-2023-22196.json new file mode 100644 index 000000000000..f535405db147 --- /dev/null +++ b/2023/22xxx/CVE-2023-22196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22201.json b/2023/22xxx/CVE-2023-22201.json new file mode 100644 index 000000000000..080191a35048 --- /dev/null +++ b/2023/22xxx/CVE-2023-22201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22206.json b/2023/22xxx/CVE-2023-22206.json new file mode 100644 index 000000000000..221e32dd53d4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22211.json b/2023/22xxx/CVE-2023-22211.json new file mode 100644 index 000000000000..ad0175567104 --- /dev/null +++ b/2023/22xxx/CVE-2023-22211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22212.json b/2023/22xxx/CVE-2023-22212.json new file mode 100644 index 000000000000..fb84cb57a5eb --- /dev/null +++ b/2023/22xxx/CVE-2023-22212.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22212", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22219.json b/2023/22xxx/CVE-2023-22219.json new file mode 100644 index 000000000000..2f82ddf2919e --- /dev/null +++ b/2023/22xxx/CVE-2023-22219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22222.json b/2023/22xxx/CVE-2023-22222.json new file mode 100644 index 000000000000..70b66c1e8952 --- /dev/null +++ b/2023/22xxx/CVE-2023-22222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From acb1b9fc61c79380d8db8ae3e2c1a4dc9c204482 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 20:01:01 +0000 Subject: [PATCH 078/754] "-Synchronized-Data." --- 2023/21xxx/CVE-2023-21829.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21836.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21844.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21846.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21854.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21860.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21864.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21865.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21866.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21867.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21872.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21874.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21891.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21892.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21896.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21897.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21900.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21904.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21914.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21916.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21918.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21919.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21922.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21931.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21939.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21943.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21945.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21946.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21956.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21957.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21958.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21960.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21963.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21964.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21970.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21973.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21980.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21985.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21987.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21989.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21990.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21991.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21992.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22001.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22013.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22014.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22024.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22025.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22027.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22038.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22043.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22046.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22058.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22064.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22066.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22068.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22071.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22072.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22073.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22074.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22075.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22079.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22080.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22081.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22083.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22086.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22095.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22097.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22101.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22106.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22108.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22113.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22117.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22118.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22124.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22130.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22131.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22132.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22138.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22141.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22147.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22152.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22154.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22158.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22167.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22170.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22172.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22175.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22177.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22178.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22183.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22187.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22191.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22197.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22199.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22209.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22210.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22213.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22215.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22218.json | 18 ++++++++++++++++++ 100 files changed, 1800 insertions(+) create mode 100644 2023/21xxx/CVE-2023-21829.json create mode 100644 2023/21xxx/CVE-2023-21836.json create mode 100644 2023/21xxx/CVE-2023-21844.json create mode 100644 2023/21xxx/CVE-2023-21846.json create mode 100644 2023/21xxx/CVE-2023-21854.json create mode 100644 2023/21xxx/CVE-2023-21860.json create mode 100644 2023/21xxx/CVE-2023-21864.json create mode 100644 2023/21xxx/CVE-2023-21865.json create mode 100644 2023/21xxx/CVE-2023-21866.json create mode 100644 2023/21xxx/CVE-2023-21867.json create mode 100644 2023/21xxx/CVE-2023-21872.json create mode 100644 2023/21xxx/CVE-2023-21874.json create mode 100644 2023/21xxx/CVE-2023-21891.json create mode 100644 2023/21xxx/CVE-2023-21892.json create mode 100644 2023/21xxx/CVE-2023-21896.json create mode 100644 2023/21xxx/CVE-2023-21897.json create mode 100644 2023/21xxx/CVE-2023-21900.json create mode 100644 2023/21xxx/CVE-2023-21904.json create mode 100644 2023/21xxx/CVE-2023-21914.json create mode 100644 2023/21xxx/CVE-2023-21916.json create mode 100644 2023/21xxx/CVE-2023-21918.json create mode 100644 2023/21xxx/CVE-2023-21919.json create mode 100644 2023/21xxx/CVE-2023-21922.json create mode 100644 2023/21xxx/CVE-2023-21931.json create mode 100644 2023/21xxx/CVE-2023-21939.json create mode 100644 2023/21xxx/CVE-2023-21943.json create mode 100644 2023/21xxx/CVE-2023-21945.json create mode 100644 2023/21xxx/CVE-2023-21946.json create mode 100644 2023/21xxx/CVE-2023-21956.json create mode 100644 2023/21xxx/CVE-2023-21957.json create mode 100644 2023/21xxx/CVE-2023-21958.json create mode 100644 2023/21xxx/CVE-2023-21960.json create mode 100644 2023/21xxx/CVE-2023-21963.json create mode 100644 2023/21xxx/CVE-2023-21964.json create mode 100644 2023/21xxx/CVE-2023-21970.json create mode 100644 2023/21xxx/CVE-2023-21973.json create mode 100644 2023/21xxx/CVE-2023-21980.json create mode 100644 2023/21xxx/CVE-2023-21985.json create mode 100644 2023/21xxx/CVE-2023-21987.json create mode 100644 2023/21xxx/CVE-2023-21989.json create mode 100644 2023/21xxx/CVE-2023-21990.json create mode 100644 2023/21xxx/CVE-2023-21991.json create mode 100644 2023/21xxx/CVE-2023-21992.json create mode 100644 2023/22xxx/CVE-2023-22001.json create mode 100644 2023/22xxx/CVE-2023-22013.json create mode 100644 2023/22xxx/CVE-2023-22014.json create mode 100644 2023/22xxx/CVE-2023-22024.json create mode 100644 2023/22xxx/CVE-2023-22025.json create mode 100644 2023/22xxx/CVE-2023-22027.json create mode 100644 2023/22xxx/CVE-2023-22038.json create mode 100644 2023/22xxx/CVE-2023-22043.json create mode 100644 2023/22xxx/CVE-2023-22046.json create mode 100644 2023/22xxx/CVE-2023-22058.json create mode 100644 2023/22xxx/CVE-2023-22064.json create mode 100644 2023/22xxx/CVE-2023-22066.json create mode 100644 2023/22xxx/CVE-2023-22068.json create mode 100644 2023/22xxx/CVE-2023-22071.json create mode 100644 2023/22xxx/CVE-2023-22072.json create mode 100644 2023/22xxx/CVE-2023-22073.json create mode 100644 2023/22xxx/CVE-2023-22074.json create mode 100644 2023/22xxx/CVE-2023-22075.json create mode 100644 2023/22xxx/CVE-2023-22079.json create mode 100644 2023/22xxx/CVE-2023-22080.json create mode 100644 2023/22xxx/CVE-2023-22081.json create mode 100644 2023/22xxx/CVE-2023-22083.json create mode 100644 2023/22xxx/CVE-2023-22086.json create mode 100644 2023/22xxx/CVE-2023-22095.json create mode 100644 2023/22xxx/CVE-2023-22097.json create mode 100644 2023/22xxx/CVE-2023-22101.json create mode 100644 2023/22xxx/CVE-2023-22106.json create mode 100644 2023/22xxx/CVE-2023-22108.json create mode 100644 2023/22xxx/CVE-2023-22113.json create mode 100644 2023/22xxx/CVE-2023-22117.json create mode 100644 2023/22xxx/CVE-2023-22118.json create mode 100644 2023/22xxx/CVE-2023-22124.json create mode 100644 2023/22xxx/CVE-2023-22130.json create mode 100644 2023/22xxx/CVE-2023-22131.json create mode 100644 2023/22xxx/CVE-2023-22132.json create mode 100644 2023/22xxx/CVE-2023-22138.json create mode 100644 2023/22xxx/CVE-2023-22141.json create mode 100644 2023/22xxx/CVE-2023-22147.json create mode 100644 2023/22xxx/CVE-2023-22152.json create mode 100644 2023/22xxx/CVE-2023-22154.json create mode 100644 2023/22xxx/CVE-2023-22158.json create mode 100644 2023/22xxx/CVE-2023-22167.json create mode 100644 2023/22xxx/CVE-2023-22170.json create mode 100644 2023/22xxx/CVE-2023-22172.json create mode 100644 2023/22xxx/CVE-2023-22175.json create mode 100644 2023/22xxx/CVE-2023-22177.json create mode 100644 2023/22xxx/CVE-2023-22178.json create mode 100644 2023/22xxx/CVE-2023-22183.json create mode 100644 2023/22xxx/CVE-2023-22187.json create mode 100644 2023/22xxx/CVE-2023-22191.json create mode 100644 2023/22xxx/CVE-2023-22197.json create mode 100644 2023/22xxx/CVE-2023-22199.json create mode 100644 2023/22xxx/CVE-2023-22209.json create mode 100644 2023/22xxx/CVE-2023-22210.json create mode 100644 2023/22xxx/CVE-2023-22213.json create mode 100644 2023/22xxx/CVE-2023-22215.json create mode 100644 2023/22xxx/CVE-2023-22218.json diff --git a/2023/21xxx/CVE-2023-21829.json b/2023/21xxx/CVE-2023-21829.json new file mode 100644 index 000000000000..3e91f648b556 --- /dev/null +++ b/2023/21xxx/CVE-2023-21829.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21829", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21836.json b/2023/21xxx/CVE-2023-21836.json new file mode 100644 index 000000000000..eb82d38e8e4f --- /dev/null +++ b/2023/21xxx/CVE-2023-21836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21844.json b/2023/21xxx/CVE-2023-21844.json new file mode 100644 index 000000000000..c7959ac5eafb --- /dev/null +++ b/2023/21xxx/CVE-2023-21844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21846.json b/2023/21xxx/CVE-2023-21846.json new file mode 100644 index 000000000000..b76c71d19616 --- /dev/null +++ b/2023/21xxx/CVE-2023-21846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21854.json b/2023/21xxx/CVE-2023-21854.json new file mode 100644 index 000000000000..24de79036af1 --- /dev/null +++ b/2023/21xxx/CVE-2023-21854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21860.json b/2023/21xxx/CVE-2023-21860.json new file mode 100644 index 000000000000..e5ef261dd6ee --- /dev/null +++ b/2023/21xxx/CVE-2023-21860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21864.json b/2023/21xxx/CVE-2023-21864.json new file mode 100644 index 000000000000..bf6c71c9619c --- /dev/null +++ b/2023/21xxx/CVE-2023-21864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21865.json b/2023/21xxx/CVE-2023-21865.json new file mode 100644 index 000000000000..af544c29e886 --- /dev/null +++ b/2023/21xxx/CVE-2023-21865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21866.json b/2023/21xxx/CVE-2023-21866.json new file mode 100644 index 000000000000..96275eddeea7 --- /dev/null +++ b/2023/21xxx/CVE-2023-21866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21867.json b/2023/21xxx/CVE-2023-21867.json new file mode 100644 index 000000000000..050e9cbe25e3 --- /dev/null +++ b/2023/21xxx/CVE-2023-21867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21872.json b/2023/21xxx/CVE-2023-21872.json new file mode 100644 index 000000000000..1515e3337032 --- /dev/null +++ b/2023/21xxx/CVE-2023-21872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21874.json b/2023/21xxx/CVE-2023-21874.json new file mode 100644 index 000000000000..2afdcb0011bf --- /dev/null +++ b/2023/21xxx/CVE-2023-21874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21891.json b/2023/21xxx/CVE-2023-21891.json new file mode 100644 index 000000000000..2b24069826df --- /dev/null +++ b/2023/21xxx/CVE-2023-21891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21892.json b/2023/21xxx/CVE-2023-21892.json new file mode 100644 index 000000000000..332579d61056 --- /dev/null +++ b/2023/21xxx/CVE-2023-21892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21896.json b/2023/21xxx/CVE-2023-21896.json new file mode 100644 index 000000000000..a5b4f806471a --- /dev/null +++ b/2023/21xxx/CVE-2023-21896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21897.json b/2023/21xxx/CVE-2023-21897.json new file mode 100644 index 000000000000..16bab5675976 --- /dev/null +++ b/2023/21xxx/CVE-2023-21897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21900.json b/2023/21xxx/CVE-2023-21900.json new file mode 100644 index 000000000000..4d827ded313e --- /dev/null +++ b/2023/21xxx/CVE-2023-21900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21904.json b/2023/21xxx/CVE-2023-21904.json new file mode 100644 index 000000000000..c97b265c5984 --- /dev/null +++ b/2023/21xxx/CVE-2023-21904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21914.json b/2023/21xxx/CVE-2023-21914.json new file mode 100644 index 000000000000..e6f4497e30fd --- /dev/null +++ b/2023/21xxx/CVE-2023-21914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21916.json b/2023/21xxx/CVE-2023-21916.json new file mode 100644 index 000000000000..a2bfed8312bf --- /dev/null +++ b/2023/21xxx/CVE-2023-21916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21918.json b/2023/21xxx/CVE-2023-21918.json new file mode 100644 index 000000000000..f6a2b008584c --- /dev/null +++ b/2023/21xxx/CVE-2023-21918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21919.json b/2023/21xxx/CVE-2023-21919.json new file mode 100644 index 000000000000..9dc5e76a62f6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21922.json b/2023/21xxx/CVE-2023-21922.json new file mode 100644 index 000000000000..f2f1259ae0f4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21931.json b/2023/21xxx/CVE-2023-21931.json new file mode 100644 index 000000000000..c830f30f6603 --- /dev/null +++ b/2023/21xxx/CVE-2023-21931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21939.json b/2023/21xxx/CVE-2023-21939.json new file mode 100644 index 000000000000..e418ce75b391 --- /dev/null +++ b/2023/21xxx/CVE-2023-21939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21943.json b/2023/21xxx/CVE-2023-21943.json new file mode 100644 index 000000000000..e9295c147592 --- /dev/null +++ b/2023/21xxx/CVE-2023-21943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21945.json b/2023/21xxx/CVE-2023-21945.json new file mode 100644 index 000000000000..24d7bb81113b --- /dev/null +++ b/2023/21xxx/CVE-2023-21945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21946.json b/2023/21xxx/CVE-2023-21946.json new file mode 100644 index 000000000000..9af89811f3cf --- /dev/null +++ b/2023/21xxx/CVE-2023-21946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21956.json b/2023/21xxx/CVE-2023-21956.json new file mode 100644 index 000000000000..4e524fa5230d --- /dev/null +++ b/2023/21xxx/CVE-2023-21956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21957.json b/2023/21xxx/CVE-2023-21957.json new file mode 100644 index 000000000000..495dd5dd91f3 --- /dev/null +++ b/2023/21xxx/CVE-2023-21957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21958.json b/2023/21xxx/CVE-2023-21958.json new file mode 100644 index 000000000000..7ee68cee70dc --- /dev/null +++ b/2023/21xxx/CVE-2023-21958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21960.json b/2023/21xxx/CVE-2023-21960.json new file mode 100644 index 000000000000..22bee5427e55 --- /dev/null +++ b/2023/21xxx/CVE-2023-21960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21963.json b/2023/21xxx/CVE-2023-21963.json new file mode 100644 index 000000000000..e68b7c3deb84 --- /dev/null +++ b/2023/21xxx/CVE-2023-21963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21964.json b/2023/21xxx/CVE-2023-21964.json new file mode 100644 index 000000000000..99072ca4ea24 --- /dev/null +++ b/2023/21xxx/CVE-2023-21964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21970.json b/2023/21xxx/CVE-2023-21970.json new file mode 100644 index 000000000000..d1bef76a6992 --- /dev/null +++ b/2023/21xxx/CVE-2023-21970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21973.json b/2023/21xxx/CVE-2023-21973.json new file mode 100644 index 000000000000..8d779d7d7e1e --- /dev/null +++ b/2023/21xxx/CVE-2023-21973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21980.json b/2023/21xxx/CVE-2023-21980.json new file mode 100644 index 000000000000..ebcab4bbeb2a --- /dev/null +++ b/2023/21xxx/CVE-2023-21980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21985.json b/2023/21xxx/CVE-2023-21985.json new file mode 100644 index 000000000000..0f24e0acf658 --- /dev/null +++ b/2023/21xxx/CVE-2023-21985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21987.json b/2023/21xxx/CVE-2023-21987.json new file mode 100644 index 000000000000..c804cdb212b6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21989.json b/2023/21xxx/CVE-2023-21989.json new file mode 100644 index 000000000000..f89529339564 --- /dev/null +++ b/2023/21xxx/CVE-2023-21989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21990.json b/2023/21xxx/CVE-2023-21990.json new file mode 100644 index 000000000000..c21be76aeea0 --- /dev/null +++ b/2023/21xxx/CVE-2023-21990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21991.json b/2023/21xxx/CVE-2023-21991.json new file mode 100644 index 000000000000..bc3d2c918694 --- /dev/null +++ b/2023/21xxx/CVE-2023-21991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21992.json b/2023/21xxx/CVE-2023-21992.json new file mode 100644 index 000000000000..48f6f799db7c --- /dev/null +++ b/2023/21xxx/CVE-2023-21992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22001.json b/2023/22xxx/CVE-2023-22001.json new file mode 100644 index 000000000000..9f95d720ef98 --- /dev/null +++ b/2023/22xxx/CVE-2023-22001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22013.json b/2023/22xxx/CVE-2023-22013.json new file mode 100644 index 000000000000..ff60a3a58153 --- /dev/null +++ b/2023/22xxx/CVE-2023-22013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22014.json b/2023/22xxx/CVE-2023-22014.json new file mode 100644 index 000000000000..98476181539e --- /dev/null +++ b/2023/22xxx/CVE-2023-22014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22024.json b/2023/22xxx/CVE-2023-22024.json new file mode 100644 index 000000000000..ed2aa7910342 --- /dev/null +++ b/2023/22xxx/CVE-2023-22024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22025.json b/2023/22xxx/CVE-2023-22025.json new file mode 100644 index 000000000000..f2fcdd3385e5 --- /dev/null +++ b/2023/22xxx/CVE-2023-22025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22027.json b/2023/22xxx/CVE-2023-22027.json new file mode 100644 index 000000000000..07a946dc9c2f --- /dev/null +++ b/2023/22xxx/CVE-2023-22027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22038.json b/2023/22xxx/CVE-2023-22038.json new file mode 100644 index 000000000000..5a6e27d4ecdc --- /dev/null +++ b/2023/22xxx/CVE-2023-22038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22043.json b/2023/22xxx/CVE-2023-22043.json new file mode 100644 index 000000000000..f116d40840c4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22046.json b/2023/22xxx/CVE-2023-22046.json new file mode 100644 index 000000000000..60c9ceb3afa7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22058.json b/2023/22xxx/CVE-2023-22058.json new file mode 100644 index 000000000000..ee1a5376d026 --- /dev/null +++ b/2023/22xxx/CVE-2023-22058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22064.json b/2023/22xxx/CVE-2023-22064.json new file mode 100644 index 000000000000..4a633a2c61f9 --- /dev/null +++ b/2023/22xxx/CVE-2023-22064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22066.json b/2023/22xxx/CVE-2023-22066.json new file mode 100644 index 000000000000..84eb8a81a94a --- /dev/null +++ b/2023/22xxx/CVE-2023-22066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22068.json b/2023/22xxx/CVE-2023-22068.json new file mode 100644 index 000000000000..760467879982 --- /dev/null +++ b/2023/22xxx/CVE-2023-22068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22071.json b/2023/22xxx/CVE-2023-22071.json new file mode 100644 index 000000000000..23b55c15fb35 --- /dev/null +++ b/2023/22xxx/CVE-2023-22071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22072.json b/2023/22xxx/CVE-2023-22072.json new file mode 100644 index 000000000000..c07076ce4f49 --- /dev/null +++ b/2023/22xxx/CVE-2023-22072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22073.json b/2023/22xxx/CVE-2023-22073.json new file mode 100644 index 000000000000..7b84061b186d --- /dev/null +++ b/2023/22xxx/CVE-2023-22073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22074.json b/2023/22xxx/CVE-2023-22074.json new file mode 100644 index 000000000000..f72c58637a76 --- /dev/null +++ b/2023/22xxx/CVE-2023-22074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22075.json b/2023/22xxx/CVE-2023-22075.json new file mode 100644 index 000000000000..65bfee07f455 --- /dev/null +++ b/2023/22xxx/CVE-2023-22075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22079.json b/2023/22xxx/CVE-2023-22079.json new file mode 100644 index 000000000000..7ed3d3109c55 --- /dev/null +++ b/2023/22xxx/CVE-2023-22079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22080.json b/2023/22xxx/CVE-2023-22080.json new file mode 100644 index 000000000000..8aaa9be378ce --- /dev/null +++ b/2023/22xxx/CVE-2023-22080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22081.json b/2023/22xxx/CVE-2023-22081.json new file mode 100644 index 000000000000..7b8b3417c4c6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22083.json b/2023/22xxx/CVE-2023-22083.json new file mode 100644 index 000000000000..ce69f93e87cf --- /dev/null +++ b/2023/22xxx/CVE-2023-22083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22086.json b/2023/22xxx/CVE-2023-22086.json new file mode 100644 index 000000000000..c2ae3f1be6b2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22095.json b/2023/22xxx/CVE-2023-22095.json new file mode 100644 index 000000000000..df12ce2bb11d --- /dev/null +++ b/2023/22xxx/CVE-2023-22095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22097.json b/2023/22xxx/CVE-2023-22097.json new file mode 100644 index 000000000000..a16fca54d7a9 --- /dev/null +++ b/2023/22xxx/CVE-2023-22097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22101.json b/2023/22xxx/CVE-2023-22101.json new file mode 100644 index 000000000000..bbe6aee00cd7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22106.json b/2023/22xxx/CVE-2023-22106.json new file mode 100644 index 000000000000..4bf6feb2177c --- /dev/null +++ b/2023/22xxx/CVE-2023-22106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22108.json b/2023/22xxx/CVE-2023-22108.json new file mode 100644 index 000000000000..c5949bce3c11 --- /dev/null +++ b/2023/22xxx/CVE-2023-22108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22113.json b/2023/22xxx/CVE-2023-22113.json new file mode 100644 index 000000000000..c6d6f5061c2d --- /dev/null +++ b/2023/22xxx/CVE-2023-22113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22117.json b/2023/22xxx/CVE-2023-22117.json new file mode 100644 index 000000000000..d6435ad9f6dc --- /dev/null +++ b/2023/22xxx/CVE-2023-22117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22118.json b/2023/22xxx/CVE-2023-22118.json new file mode 100644 index 000000000000..e09d5d8fe3a6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22124.json b/2023/22xxx/CVE-2023-22124.json new file mode 100644 index 000000000000..a1af9c0ce665 --- /dev/null +++ b/2023/22xxx/CVE-2023-22124.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22124", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22130.json b/2023/22xxx/CVE-2023-22130.json new file mode 100644 index 000000000000..777ccfa687c5 --- /dev/null +++ b/2023/22xxx/CVE-2023-22130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22131.json b/2023/22xxx/CVE-2023-22131.json new file mode 100644 index 000000000000..7b23ad83b59e --- /dev/null +++ b/2023/22xxx/CVE-2023-22131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22132.json b/2023/22xxx/CVE-2023-22132.json new file mode 100644 index 000000000000..ff9e1a843c66 --- /dev/null +++ b/2023/22xxx/CVE-2023-22132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22138.json b/2023/22xxx/CVE-2023-22138.json new file mode 100644 index 000000000000..0a215752fdb9 --- /dev/null +++ b/2023/22xxx/CVE-2023-22138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22141.json b/2023/22xxx/CVE-2023-22141.json new file mode 100644 index 000000000000..ea37956e51db --- /dev/null +++ b/2023/22xxx/CVE-2023-22141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22147.json b/2023/22xxx/CVE-2023-22147.json new file mode 100644 index 000000000000..ec219be2b43d --- /dev/null +++ b/2023/22xxx/CVE-2023-22147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22152.json b/2023/22xxx/CVE-2023-22152.json new file mode 100644 index 000000000000..4f965981274e --- /dev/null +++ b/2023/22xxx/CVE-2023-22152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22154.json b/2023/22xxx/CVE-2023-22154.json new file mode 100644 index 000000000000..3752a82ecb3a --- /dev/null +++ b/2023/22xxx/CVE-2023-22154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22158.json b/2023/22xxx/CVE-2023-22158.json new file mode 100644 index 000000000000..06d178000be7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22167.json b/2023/22xxx/CVE-2023-22167.json new file mode 100644 index 000000000000..67fec1c6670f --- /dev/null +++ b/2023/22xxx/CVE-2023-22167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22170.json b/2023/22xxx/CVE-2023-22170.json new file mode 100644 index 000000000000..b96de0ca2fec --- /dev/null +++ b/2023/22xxx/CVE-2023-22170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22172.json b/2023/22xxx/CVE-2023-22172.json new file mode 100644 index 000000000000..e9ce37d5dc86 --- /dev/null +++ b/2023/22xxx/CVE-2023-22172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22175.json b/2023/22xxx/CVE-2023-22175.json new file mode 100644 index 000000000000..bcc4cd47d99c --- /dev/null +++ b/2023/22xxx/CVE-2023-22175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22177.json b/2023/22xxx/CVE-2023-22177.json new file mode 100644 index 000000000000..6d4ede971eb7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22178.json b/2023/22xxx/CVE-2023-22178.json new file mode 100644 index 000000000000..69b87815ce5b --- /dev/null +++ b/2023/22xxx/CVE-2023-22178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22183.json b/2023/22xxx/CVE-2023-22183.json new file mode 100644 index 000000000000..3e1d8685c2bc --- /dev/null +++ b/2023/22xxx/CVE-2023-22183.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22183", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22187.json b/2023/22xxx/CVE-2023-22187.json new file mode 100644 index 000000000000..779ca3c82045 --- /dev/null +++ b/2023/22xxx/CVE-2023-22187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22191.json b/2023/22xxx/CVE-2023-22191.json new file mode 100644 index 000000000000..58fc5a302458 --- /dev/null +++ b/2023/22xxx/CVE-2023-22191.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22191", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22197.json b/2023/22xxx/CVE-2023-22197.json new file mode 100644 index 000000000000..85397538554b --- /dev/null +++ b/2023/22xxx/CVE-2023-22197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22199.json b/2023/22xxx/CVE-2023-22199.json new file mode 100644 index 000000000000..f865c1691845 --- /dev/null +++ b/2023/22xxx/CVE-2023-22199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22209.json b/2023/22xxx/CVE-2023-22209.json new file mode 100644 index 000000000000..e0384dffadce --- /dev/null +++ b/2023/22xxx/CVE-2023-22209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22210.json b/2023/22xxx/CVE-2023-22210.json new file mode 100644 index 000000000000..d23d83f72bd2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22210.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22210", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22213.json b/2023/22xxx/CVE-2023-22213.json new file mode 100644 index 000000000000..3c114a62e71b --- /dev/null +++ b/2023/22xxx/CVE-2023-22213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22215.json b/2023/22xxx/CVE-2023-22215.json new file mode 100644 index 000000000000..51cfd11987ec --- /dev/null +++ b/2023/22xxx/CVE-2023-22215.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22215", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22218.json b/2023/22xxx/CVE-2023-22218.json new file mode 100644 index 000000000000..6ea7867714fe --- /dev/null +++ b/2023/22xxx/CVE-2023-22218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 67ce175d1e54ed83770397f1192bad675b3cb566 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 20:01:12 +0000 Subject: [PATCH 079/754] "-Synchronized-Data." --- 2023/21xxx/CVE-2023-21826.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21832.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21833.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21835.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21837.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21838.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21839.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21841.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21842.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21847.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21848.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21850.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21861.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21868.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21871.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21879.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21881.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21883.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21885.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21886.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21898.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21903.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21917.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21926.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21933.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21940.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21947.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21948.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21949.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21955.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21961.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21962.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21972.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21974.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21977.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21978.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21983.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21984.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21986.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21995.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21998.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21999.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22002.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22005.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22007.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22008.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22009.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22012.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22015.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22018.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22019.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22022.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22023.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22029.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22033.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22037.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22041.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22042.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22049.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22051.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22056.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22060.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22061.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22062.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22069.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22076.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22078.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22088.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22089.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22100.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22102.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22103.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22104.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22109.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22114.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22122.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22123.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22126.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22127.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22129.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22136.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22148.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22151.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22155.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22157.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22160.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22161.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22173.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22176.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22185.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22186.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22190.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22198.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22202.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22203.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22205.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22207.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22216.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22217.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22221.json | 18 ++++++++++++++++++ 100 files changed, 1800 insertions(+) create mode 100644 2023/21xxx/CVE-2023-21826.json create mode 100644 2023/21xxx/CVE-2023-21832.json create mode 100644 2023/21xxx/CVE-2023-21833.json create mode 100644 2023/21xxx/CVE-2023-21835.json create mode 100644 2023/21xxx/CVE-2023-21837.json create mode 100644 2023/21xxx/CVE-2023-21838.json create mode 100644 2023/21xxx/CVE-2023-21839.json create mode 100644 2023/21xxx/CVE-2023-21841.json create mode 100644 2023/21xxx/CVE-2023-21842.json create mode 100644 2023/21xxx/CVE-2023-21847.json create mode 100644 2023/21xxx/CVE-2023-21848.json create mode 100644 2023/21xxx/CVE-2023-21850.json create mode 100644 2023/21xxx/CVE-2023-21861.json create mode 100644 2023/21xxx/CVE-2023-21868.json create mode 100644 2023/21xxx/CVE-2023-21871.json create mode 100644 2023/21xxx/CVE-2023-21879.json create mode 100644 2023/21xxx/CVE-2023-21881.json create mode 100644 2023/21xxx/CVE-2023-21883.json create mode 100644 2023/21xxx/CVE-2023-21885.json create mode 100644 2023/21xxx/CVE-2023-21886.json create mode 100644 2023/21xxx/CVE-2023-21898.json create mode 100644 2023/21xxx/CVE-2023-21903.json create mode 100644 2023/21xxx/CVE-2023-21917.json create mode 100644 2023/21xxx/CVE-2023-21926.json create mode 100644 2023/21xxx/CVE-2023-21933.json create mode 100644 2023/21xxx/CVE-2023-21940.json create mode 100644 2023/21xxx/CVE-2023-21947.json create mode 100644 2023/21xxx/CVE-2023-21948.json create mode 100644 2023/21xxx/CVE-2023-21949.json create mode 100644 2023/21xxx/CVE-2023-21955.json create mode 100644 2023/21xxx/CVE-2023-21961.json create mode 100644 2023/21xxx/CVE-2023-21962.json create mode 100644 2023/21xxx/CVE-2023-21972.json create mode 100644 2023/21xxx/CVE-2023-21974.json create mode 100644 2023/21xxx/CVE-2023-21977.json create mode 100644 2023/21xxx/CVE-2023-21978.json create mode 100644 2023/21xxx/CVE-2023-21983.json create mode 100644 2023/21xxx/CVE-2023-21984.json create mode 100644 2023/21xxx/CVE-2023-21986.json create mode 100644 2023/21xxx/CVE-2023-21995.json create mode 100644 2023/21xxx/CVE-2023-21998.json create mode 100644 2023/21xxx/CVE-2023-21999.json create mode 100644 2023/22xxx/CVE-2023-22002.json create mode 100644 2023/22xxx/CVE-2023-22005.json create mode 100644 2023/22xxx/CVE-2023-22007.json create mode 100644 2023/22xxx/CVE-2023-22008.json create mode 100644 2023/22xxx/CVE-2023-22009.json create mode 100644 2023/22xxx/CVE-2023-22012.json create mode 100644 2023/22xxx/CVE-2023-22015.json create mode 100644 2023/22xxx/CVE-2023-22018.json create mode 100644 2023/22xxx/CVE-2023-22019.json create mode 100644 2023/22xxx/CVE-2023-22022.json create mode 100644 2023/22xxx/CVE-2023-22023.json create mode 100644 2023/22xxx/CVE-2023-22029.json create mode 100644 2023/22xxx/CVE-2023-22033.json create mode 100644 2023/22xxx/CVE-2023-22037.json create mode 100644 2023/22xxx/CVE-2023-22041.json create mode 100644 2023/22xxx/CVE-2023-22042.json create mode 100644 2023/22xxx/CVE-2023-22049.json create mode 100644 2023/22xxx/CVE-2023-22051.json create mode 100644 2023/22xxx/CVE-2023-22056.json create mode 100644 2023/22xxx/CVE-2023-22060.json create mode 100644 2023/22xxx/CVE-2023-22061.json create mode 100644 2023/22xxx/CVE-2023-22062.json create mode 100644 2023/22xxx/CVE-2023-22069.json create mode 100644 2023/22xxx/CVE-2023-22076.json create mode 100644 2023/22xxx/CVE-2023-22078.json create mode 100644 2023/22xxx/CVE-2023-22088.json create mode 100644 2023/22xxx/CVE-2023-22089.json create mode 100644 2023/22xxx/CVE-2023-22100.json create mode 100644 2023/22xxx/CVE-2023-22102.json create mode 100644 2023/22xxx/CVE-2023-22103.json create mode 100644 2023/22xxx/CVE-2023-22104.json create mode 100644 2023/22xxx/CVE-2023-22109.json create mode 100644 2023/22xxx/CVE-2023-22114.json create mode 100644 2023/22xxx/CVE-2023-22122.json create mode 100644 2023/22xxx/CVE-2023-22123.json create mode 100644 2023/22xxx/CVE-2023-22126.json create mode 100644 2023/22xxx/CVE-2023-22127.json create mode 100644 2023/22xxx/CVE-2023-22129.json create mode 100644 2023/22xxx/CVE-2023-22136.json create mode 100644 2023/22xxx/CVE-2023-22148.json create mode 100644 2023/22xxx/CVE-2023-22151.json create mode 100644 2023/22xxx/CVE-2023-22155.json create mode 100644 2023/22xxx/CVE-2023-22157.json create mode 100644 2023/22xxx/CVE-2023-22160.json create mode 100644 2023/22xxx/CVE-2023-22161.json create mode 100644 2023/22xxx/CVE-2023-22173.json create mode 100644 2023/22xxx/CVE-2023-22176.json create mode 100644 2023/22xxx/CVE-2023-22185.json create mode 100644 2023/22xxx/CVE-2023-22186.json create mode 100644 2023/22xxx/CVE-2023-22190.json create mode 100644 2023/22xxx/CVE-2023-22198.json create mode 100644 2023/22xxx/CVE-2023-22202.json create mode 100644 2023/22xxx/CVE-2023-22203.json create mode 100644 2023/22xxx/CVE-2023-22205.json create mode 100644 2023/22xxx/CVE-2023-22207.json create mode 100644 2023/22xxx/CVE-2023-22216.json create mode 100644 2023/22xxx/CVE-2023-22217.json create mode 100644 2023/22xxx/CVE-2023-22221.json diff --git a/2023/21xxx/CVE-2023-21826.json b/2023/21xxx/CVE-2023-21826.json new file mode 100644 index 000000000000..ad3e64ed6bf6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21832.json b/2023/21xxx/CVE-2023-21832.json new file mode 100644 index 000000000000..94a1d5dd5389 --- /dev/null +++ b/2023/21xxx/CVE-2023-21832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21833.json b/2023/21xxx/CVE-2023-21833.json new file mode 100644 index 000000000000..900a9fa27545 --- /dev/null +++ b/2023/21xxx/CVE-2023-21833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21835.json b/2023/21xxx/CVE-2023-21835.json new file mode 100644 index 000000000000..66721d3b180f --- /dev/null +++ b/2023/21xxx/CVE-2023-21835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21837.json b/2023/21xxx/CVE-2023-21837.json new file mode 100644 index 000000000000..b055b5078788 --- /dev/null +++ b/2023/21xxx/CVE-2023-21837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21838.json b/2023/21xxx/CVE-2023-21838.json new file mode 100644 index 000000000000..73562093731d --- /dev/null +++ b/2023/21xxx/CVE-2023-21838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21839.json b/2023/21xxx/CVE-2023-21839.json new file mode 100644 index 000000000000..6557780f0d9a --- /dev/null +++ b/2023/21xxx/CVE-2023-21839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21841.json b/2023/21xxx/CVE-2023-21841.json new file mode 100644 index 000000000000..8f599e6d84c7 --- /dev/null +++ b/2023/21xxx/CVE-2023-21841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21842.json b/2023/21xxx/CVE-2023-21842.json new file mode 100644 index 000000000000..5ae7e5b01708 --- /dev/null +++ b/2023/21xxx/CVE-2023-21842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21847.json b/2023/21xxx/CVE-2023-21847.json new file mode 100644 index 000000000000..44b3ca4a68e4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21848.json b/2023/21xxx/CVE-2023-21848.json new file mode 100644 index 000000000000..afd1856bd909 --- /dev/null +++ b/2023/21xxx/CVE-2023-21848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21850.json b/2023/21xxx/CVE-2023-21850.json new file mode 100644 index 000000000000..1115cec68e4e --- /dev/null +++ b/2023/21xxx/CVE-2023-21850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21861.json b/2023/21xxx/CVE-2023-21861.json new file mode 100644 index 000000000000..78b519e05b70 --- /dev/null +++ b/2023/21xxx/CVE-2023-21861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21868.json b/2023/21xxx/CVE-2023-21868.json new file mode 100644 index 000000000000..1e71e7266a9c --- /dev/null +++ b/2023/21xxx/CVE-2023-21868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21871.json b/2023/21xxx/CVE-2023-21871.json new file mode 100644 index 000000000000..211d130f7099 --- /dev/null +++ b/2023/21xxx/CVE-2023-21871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21879.json b/2023/21xxx/CVE-2023-21879.json new file mode 100644 index 000000000000..4aab4aa3f09b --- /dev/null +++ b/2023/21xxx/CVE-2023-21879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21881.json b/2023/21xxx/CVE-2023-21881.json new file mode 100644 index 000000000000..f895f15add43 --- /dev/null +++ b/2023/21xxx/CVE-2023-21881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21883.json b/2023/21xxx/CVE-2023-21883.json new file mode 100644 index 000000000000..3ef08afb3196 --- /dev/null +++ b/2023/21xxx/CVE-2023-21883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21885.json b/2023/21xxx/CVE-2023-21885.json new file mode 100644 index 000000000000..4420eb918d86 --- /dev/null +++ b/2023/21xxx/CVE-2023-21885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21886.json b/2023/21xxx/CVE-2023-21886.json new file mode 100644 index 000000000000..f885c7b7e68f --- /dev/null +++ b/2023/21xxx/CVE-2023-21886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21898.json b/2023/21xxx/CVE-2023-21898.json new file mode 100644 index 000000000000..e18c76b98446 --- /dev/null +++ b/2023/21xxx/CVE-2023-21898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21903.json b/2023/21xxx/CVE-2023-21903.json new file mode 100644 index 000000000000..e89c76772ce4 --- /dev/null +++ b/2023/21xxx/CVE-2023-21903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21917.json b/2023/21xxx/CVE-2023-21917.json new file mode 100644 index 000000000000..a2a69dc0c646 --- /dev/null +++ b/2023/21xxx/CVE-2023-21917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21926.json b/2023/21xxx/CVE-2023-21926.json new file mode 100644 index 000000000000..09a45a65be7f --- /dev/null +++ b/2023/21xxx/CVE-2023-21926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21933.json b/2023/21xxx/CVE-2023-21933.json new file mode 100644 index 000000000000..55379d157971 --- /dev/null +++ b/2023/21xxx/CVE-2023-21933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21940.json b/2023/21xxx/CVE-2023-21940.json new file mode 100644 index 000000000000..5896af3b1feb --- /dev/null +++ b/2023/21xxx/CVE-2023-21940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21947.json b/2023/21xxx/CVE-2023-21947.json new file mode 100644 index 000000000000..d486f4f26872 --- /dev/null +++ b/2023/21xxx/CVE-2023-21947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21948.json b/2023/21xxx/CVE-2023-21948.json new file mode 100644 index 000000000000..71ed24ce4e11 --- /dev/null +++ b/2023/21xxx/CVE-2023-21948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21949.json b/2023/21xxx/CVE-2023-21949.json new file mode 100644 index 000000000000..6fd68ab95c1d --- /dev/null +++ b/2023/21xxx/CVE-2023-21949.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21949", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21955.json b/2023/21xxx/CVE-2023-21955.json new file mode 100644 index 000000000000..22e78af61460 --- /dev/null +++ b/2023/21xxx/CVE-2023-21955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21961.json b/2023/21xxx/CVE-2023-21961.json new file mode 100644 index 000000000000..6196def523ee --- /dev/null +++ b/2023/21xxx/CVE-2023-21961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21962.json b/2023/21xxx/CVE-2023-21962.json new file mode 100644 index 000000000000..0582ee90b36e --- /dev/null +++ b/2023/21xxx/CVE-2023-21962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21972.json b/2023/21xxx/CVE-2023-21972.json new file mode 100644 index 000000000000..0120a472ce69 --- /dev/null +++ b/2023/21xxx/CVE-2023-21972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21974.json b/2023/21xxx/CVE-2023-21974.json new file mode 100644 index 000000000000..c7a58a6f4174 --- /dev/null +++ b/2023/21xxx/CVE-2023-21974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21977.json b/2023/21xxx/CVE-2023-21977.json new file mode 100644 index 000000000000..7c748ed0e236 --- /dev/null +++ b/2023/21xxx/CVE-2023-21977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21978.json b/2023/21xxx/CVE-2023-21978.json new file mode 100644 index 000000000000..97bf1e4a9711 --- /dev/null +++ b/2023/21xxx/CVE-2023-21978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21983.json b/2023/21xxx/CVE-2023-21983.json new file mode 100644 index 000000000000..b87d7285118f --- /dev/null +++ b/2023/21xxx/CVE-2023-21983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21984.json b/2023/21xxx/CVE-2023-21984.json new file mode 100644 index 000000000000..824e463d9e41 --- /dev/null +++ b/2023/21xxx/CVE-2023-21984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21986.json b/2023/21xxx/CVE-2023-21986.json new file mode 100644 index 000000000000..b3a69d887d8e --- /dev/null +++ b/2023/21xxx/CVE-2023-21986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21995.json b/2023/21xxx/CVE-2023-21995.json new file mode 100644 index 000000000000..7f5aeb809901 --- /dev/null +++ b/2023/21xxx/CVE-2023-21995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21998.json b/2023/21xxx/CVE-2023-21998.json new file mode 100644 index 000000000000..bce6083063b9 --- /dev/null +++ b/2023/21xxx/CVE-2023-21998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21999.json b/2023/21xxx/CVE-2023-21999.json new file mode 100644 index 000000000000..1c0a9165048b --- /dev/null +++ b/2023/21xxx/CVE-2023-21999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22002.json b/2023/22xxx/CVE-2023-22002.json new file mode 100644 index 000000000000..44c19948b5fc --- /dev/null +++ b/2023/22xxx/CVE-2023-22002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22005.json b/2023/22xxx/CVE-2023-22005.json new file mode 100644 index 000000000000..086b7d743b7e --- /dev/null +++ b/2023/22xxx/CVE-2023-22005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22007.json b/2023/22xxx/CVE-2023-22007.json new file mode 100644 index 000000000000..e0179a9d01b0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22008.json b/2023/22xxx/CVE-2023-22008.json new file mode 100644 index 000000000000..421b1bdd1537 --- /dev/null +++ b/2023/22xxx/CVE-2023-22008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22009.json b/2023/22xxx/CVE-2023-22009.json new file mode 100644 index 000000000000..e2b6c227abc5 --- /dev/null +++ b/2023/22xxx/CVE-2023-22009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22012.json b/2023/22xxx/CVE-2023-22012.json new file mode 100644 index 000000000000..607f8cc46a7a --- /dev/null +++ b/2023/22xxx/CVE-2023-22012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22015.json b/2023/22xxx/CVE-2023-22015.json new file mode 100644 index 000000000000..1f4c6b02172e --- /dev/null +++ b/2023/22xxx/CVE-2023-22015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22018.json b/2023/22xxx/CVE-2023-22018.json new file mode 100644 index 000000000000..5711c5f64d42 --- /dev/null +++ b/2023/22xxx/CVE-2023-22018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22019.json b/2023/22xxx/CVE-2023-22019.json new file mode 100644 index 000000000000..fc89f173bd48 --- /dev/null +++ b/2023/22xxx/CVE-2023-22019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22022.json b/2023/22xxx/CVE-2023-22022.json new file mode 100644 index 000000000000..a8c45692e024 --- /dev/null +++ b/2023/22xxx/CVE-2023-22022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22023.json b/2023/22xxx/CVE-2023-22023.json new file mode 100644 index 000000000000..0e2eed308a8d --- /dev/null +++ b/2023/22xxx/CVE-2023-22023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22029.json b/2023/22xxx/CVE-2023-22029.json new file mode 100644 index 000000000000..a0ec33314b73 --- /dev/null +++ b/2023/22xxx/CVE-2023-22029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22033.json b/2023/22xxx/CVE-2023-22033.json new file mode 100644 index 000000000000..74e2ae34727e --- /dev/null +++ b/2023/22xxx/CVE-2023-22033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22037.json b/2023/22xxx/CVE-2023-22037.json new file mode 100644 index 000000000000..9d610ee3d132 --- /dev/null +++ b/2023/22xxx/CVE-2023-22037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22041.json b/2023/22xxx/CVE-2023-22041.json new file mode 100644 index 000000000000..558750911af2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22042.json b/2023/22xxx/CVE-2023-22042.json new file mode 100644 index 000000000000..5eb7275f42d2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22049.json b/2023/22xxx/CVE-2023-22049.json new file mode 100644 index 000000000000..42d3a87e91b2 --- /dev/null +++ b/2023/22xxx/CVE-2023-22049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22051.json b/2023/22xxx/CVE-2023-22051.json new file mode 100644 index 000000000000..90bbb55ae0d1 --- /dev/null +++ b/2023/22xxx/CVE-2023-22051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22056.json b/2023/22xxx/CVE-2023-22056.json new file mode 100644 index 000000000000..679d26a286ca --- /dev/null +++ b/2023/22xxx/CVE-2023-22056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22060.json b/2023/22xxx/CVE-2023-22060.json new file mode 100644 index 000000000000..dc9672226433 --- /dev/null +++ b/2023/22xxx/CVE-2023-22060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22061.json b/2023/22xxx/CVE-2023-22061.json new file mode 100644 index 000000000000..f04b0d3149eb --- /dev/null +++ b/2023/22xxx/CVE-2023-22061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22062.json b/2023/22xxx/CVE-2023-22062.json new file mode 100644 index 000000000000..756a30383ddf --- /dev/null +++ b/2023/22xxx/CVE-2023-22062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22069.json b/2023/22xxx/CVE-2023-22069.json new file mode 100644 index 000000000000..7a5d8e0e3491 --- /dev/null +++ b/2023/22xxx/CVE-2023-22069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22076.json b/2023/22xxx/CVE-2023-22076.json new file mode 100644 index 000000000000..442ee66dfc3f --- /dev/null +++ b/2023/22xxx/CVE-2023-22076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22078.json b/2023/22xxx/CVE-2023-22078.json new file mode 100644 index 000000000000..26b97664f265 --- /dev/null +++ b/2023/22xxx/CVE-2023-22078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22088.json b/2023/22xxx/CVE-2023-22088.json new file mode 100644 index 000000000000..a5ef8c0b9a69 --- /dev/null +++ b/2023/22xxx/CVE-2023-22088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22089.json b/2023/22xxx/CVE-2023-22089.json new file mode 100644 index 000000000000..8d9f758b7637 --- /dev/null +++ b/2023/22xxx/CVE-2023-22089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22100.json b/2023/22xxx/CVE-2023-22100.json new file mode 100644 index 000000000000..969042c75dce --- /dev/null +++ b/2023/22xxx/CVE-2023-22100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22102.json b/2023/22xxx/CVE-2023-22102.json new file mode 100644 index 000000000000..901f0b6485f0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22103.json b/2023/22xxx/CVE-2023-22103.json new file mode 100644 index 000000000000..efd5c6959168 --- /dev/null +++ b/2023/22xxx/CVE-2023-22103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22104.json b/2023/22xxx/CVE-2023-22104.json new file mode 100644 index 000000000000..3b895f1e286f --- /dev/null +++ b/2023/22xxx/CVE-2023-22104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22109.json b/2023/22xxx/CVE-2023-22109.json new file mode 100644 index 000000000000..113ab75d04d7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22114.json b/2023/22xxx/CVE-2023-22114.json new file mode 100644 index 000000000000..f60cb30c590f --- /dev/null +++ b/2023/22xxx/CVE-2023-22114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22122.json b/2023/22xxx/CVE-2023-22122.json new file mode 100644 index 000000000000..afe61717c20f --- /dev/null +++ b/2023/22xxx/CVE-2023-22122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22123.json b/2023/22xxx/CVE-2023-22123.json new file mode 100644 index 000000000000..d49edd42ce09 --- /dev/null +++ b/2023/22xxx/CVE-2023-22123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22126.json b/2023/22xxx/CVE-2023-22126.json new file mode 100644 index 000000000000..fea8236e095a --- /dev/null +++ b/2023/22xxx/CVE-2023-22126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22127.json b/2023/22xxx/CVE-2023-22127.json new file mode 100644 index 000000000000..4c6a58510a2f --- /dev/null +++ b/2023/22xxx/CVE-2023-22127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22129.json b/2023/22xxx/CVE-2023-22129.json new file mode 100644 index 000000000000..cde7f867a4f5 --- /dev/null +++ b/2023/22xxx/CVE-2023-22129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22136.json b/2023/22xxx/CVE-2023-22136.json new file mode 100644 index 000000000000..995c64e26e1f --- /dev/null +++ b/2023/22xxx/CVE-2023-22136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22148.json b/2023/22xxx/CVE-2023-22148.json new file mode 100644 index 000000000000..51395ebd7626 --- /dev/null +++ b/2023/22xxx/CVE-2023-22148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22151.json b/2023/22xxx/CVE-2023-22151.json new file mode 100644 index 000000000000..a765b2b355cf --- /dev/null +++ b/2023/22xxx/CVE-2023-22151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22155.json b/2023/22xxx/CVE-2023-22155.json new file mode 100644 index 000000000000..d1b064872e90 --- /dev/null +++ b/2023/22xxx/CVE-2023-22155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22157.json b/2023/22xxx/CVE-2023-22157.json new file mode 100644 index 000000000000..5bf7fe168263 --- /dev/null +++ b/2023/22xxx/CVE-2023-22157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22160.json b/2023/22xxx/CVE-2023-22160.json new file mode 100644 index 000000000000..614a0b7c3c1f --- /dev/null +++ b/2023/22xxx/CVE-2023-22160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22161.json b/2023/22xxx/CVE-2023-22161.json new file mode 100644 index 000000000000..271d56c4c2bf --- /dev/null +++ b/2023/22xxx/CVE-2023-22161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22173.json b/2023/22xxx/CVE-2023-22173.json new file mode 100644 index 000000000000..1580da7001e6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22173.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22173", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22176.json b/2023/22xxx/CVE-2023-22176.json new file mode 100644 index 000000000000..b84fa6f8e720 --- /dev/null +++ b/2023/22xxx/CVE-2023-22176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22185.json b/2023/22xxx/CVE-2023-22185.json new file mode 100644 index 000000000000..ee2658b12049 --- /dev/null +++ b/2023/22xxx/CVE-2023-22185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22186.json b/2023/22xxx/CVE-2023-22186.json new file mode 100644 index 000000000000..1cfd939c6988 --- /dev/null +++ b/2023/22xxx/CVE-2023-22186.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22186", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22190.json b/2023/22xxx/CVE-2023-22190.json new file mode 100644 index 000000000000..f9c7477331d0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22190.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22190", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22198.json b/2023/22xxx/CVE-2023-22198.json new file mode 100644 index 000000000000..f935f561e98f --- /dev/null +++ b/2023/22xxx/CVE-2023-22198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22202.json b/2023/22xxx/CVE-2023-22202.json new file mode 100644 index 000000000000..71dd7d3f4301 --- /dev/null +++ b/2023/22xxx/CVE-2023-22202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22203.json b/2023/22xxx/CVE-2023-22203.json new file mode 100644 index 000000000000..b0d0345ab77b --- /dev/null +++ b/2023/22xxx/CVE-2023-22203.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22205.json b/2023/22xxx/CVE-2023-22205.json new file mode 100644 index 000000000000..1b59830d4b95 --- /dev/null +++ b/2023/22xxx/CVE-2023-22205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22207.json b/2023/22xxx/CVE-2023-22207.json new file mode 100644 index 000000000000..242765cbd6fe --- /dev/null +++ b/2023/22xxx/CVE-2023-22207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22216.json b/2023/22xxx/CVE-2023-22216.json new file mode 100644 index 000000000000..63f12a721916 --- /dev/null +++ b/2023/22xxx/CVE-2023-22216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22217.json b/2023/22xxx/CVE-2023-22217.json new file mode 100644 index 000000000000..49c4c88658ab --- /dev/null +++ b/2023/22xxx/CVE-2023-22217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22221.json b/2023/22xxx/CVE-2023-22221.json new file mode 100644 index 000000000000..763c5fc07dbc --- /dev/null +++ b/2023/22xxx/CVE-2023-22221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From b9f960511406d61ebf285d4cf2fa044e31528049 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 17 Dec 2022 20:01:23 +0000 Subject: [PATCH 080/754] "-Synchronized-Data." --- 2023/21xxx/CVE-2023-21840.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21859.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21870.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21873.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21880.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21893.json | 18 ++++++++++++++++++ 2023/21xxx/CVE-2023-21969.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22090.json | 18 ++++++++++++++++++ 2023/22xxx/CVE-2023-22223.json | 18 ++++++++++++++++++ 9 files changed, 162 insertions(+) create mode 100644 2023/21xxx/CVE-2023-21840.json create mode 100644 2023/21xxx/CVE-2023-21859.json create mode 100644 2023/21xxx/CVE-2023-21870.json create mode 100644 2023/21xxx/CVE-2023-21873.json create mode 100644 2023/21xxx/CVE-2023-21880.json create mode 100644 2023/21xxx/CVE-2023-21893.json create mode 100644 2023/21xxx/CVE-2023-21969.json create mode 100644 2023/22xxx/CVE-2023-22090.json create mode 100644 2023/22xxx/CVE-2023-22223.json diff --git a/2023/21xxx/CVE-2023-21840.json b/2023/21xxx/CVE-2023-21840.json new file mode 100644 index 000000000000..aa25eeefd1c6 --- /dev/null +++ b/2023/21xxx/CVE-2023-21840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21859.json b/2023/21xxx/CVE-2023-21859.json new file mode 100644 index 000000000000..fa547af94111 --- /dev/null +++ b/2023/21xxx/CVE-2023-21859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21870.json b/2023/21xxx/CVE-2023-21870.json new file mode 100644 index 000000000000..96c2b41ddde7 --- /dev/null +++ b/2023/21xxx/CVE-2023-21870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21873.json b/2023/21xxx/CVE-2023-21873.json new file mode 100644 index 000000000000..1d4a463f6b67 --- /dev/null +++ b/2023/21xxx/CVE-2023-21873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21880.json b/2023/21xxx/CVE-2023-21880.json new file mode 100644 index 000000000000..b40a0da3ae1e --- /dev/null +++ b/2023/21xxx/CVE-2023-21880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21893.json b/2023/21xxx/CVE-2023-21893.json new file mode 100644 index 000000000000..4778f5d6599e --- /dev/null +++ b/2023/21xxx/CVE-2023-21893.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21893", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21969.json b/2023/21xxx/CVE-2023-21969.json new file mode 100644 index 000000000000..535f8f484bee --- /dev/null +++ b/2023/21xxx/CVE-2023-21969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-21969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22090.json b/2023/22xxx/CVE-2023-22090.json new file mode 100644 index 000000000000..cb4e8f9f6083 --- /dev/null +++ b/2023/22xxx/CVE-2023-22090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22223.json b/2023/22xxx/CVE-2023-22223.json new file mode 100644 index 000000000000..90eb0c8ff191 --- /dev/null +++ b/2023/22xxx/CVE-2023-22223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 74c308b3066d47ab9cec2b60cf52acdc7cfb02bf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 04:00:43 +0000 Subject: [PATCH 081/754] "-Synchronized-Data." --- 2021/46xxx/CVE-2021-46848.json | 5 +++ 2022/1xxx/CVE-2022-1941.json | 5 +++ 2022/3xxx/CVE-2022-3171.json | 11 ++++-- 2022/45xxx/CVE-2022-45061.json | 5 +++ 2022/47xxx/CVE-2022-47514.json | 67 ++++++++++++++++++++++++++++++++++ 2022/4xxx/CVE-2022-4223.json | 5 +++ 6 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47514.json diff --git a/2021/46xxx/CVE-2021-46848.json b/2021/46xxx/CVE-2021-46848.json index 4fd1cc9337ec..1921f72d02fb 100644 --- a/2021/46xxx/CVE-2021-46848.json +++ b/2021/46xxx/CVE-2021-46848.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221118-0006/", "url": "https://security.netapp.com/advisory/ntap-20221118-0006/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-3f9ee1ad91", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/" } ] } diff --git a/2022/1xxx/CVE-2022-1941.json b/2022/1xxx/CVE-2022-1941.json index b26a494b2a84..1127296f501d 100644 --- a/2022/1xxx/CVE-2022-1941.json +++ b/2022/1xxx/CVE-2022-1941.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS", "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-25f35ed634", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/" } ] }, diff --git a/2022/3xxx/CVE-2022-3171.json b/2022/3xxx/CVE-2022-3171.json index 6a3b7c485452..7eafbb0c100b 100644 --- a/2022/3xxx/CVE-2022-3171.json +++ b/2022/3xxx/CVE-2022-3171.json @@ -26,7 +26,8 @@ "version_affected": "<", "version_name": "3.20.3", "version_value": "3.20.3" - }, { + }, + { "platform": "core and lite", "version_affected": "<", "version_name": "3.19.6", @@ -96,11 +97,15 @@ "name": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", "refsource": "CONFIRM", "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-25f35ed634", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/" } ] }, "source": { "discovery": "INTERNAL" } -} - +} \ No newline at end of file diff --git a/2022/45xxx/CVE-2022-45061.json b/2022/45xxx/CVE-2022-45061.json index 4269b2a20d16..b0263178d42f 100644 --- a/2022/45xxx/CVE-2022-45061.json +++ b/2022/45xxx/CVE-2022-45061.json @@ -136,6 +136,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-b2f06fbb62", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-6ba889e0e3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/" } ] } diff --git a/2022/47xxx/CVE-2022-47514.json b/2022/47xxx/CVE-2022-47514.json new file mode 100644 index 000000000000..37badf0e5fbd --- /dev/null +++ b/2022/47xxx/CVE-2022-47514.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://papercutsoftware.github.io/XML-RPC.NET/download.html", + "refsource": "MISC", + "name": "https://papercutsoftware.github.io/XML-RPC.NET/download.html" + }, + { + "url": "https://github.com/jumpycastle/xmlrpc.net-poc", + "refsource": "MISC", + "name": "https://github.com/jumpycastle/xmlrpc.net-poc" + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4223.json b/2022/4xxx/CVE-2022-4223.json index 26b35e109e47..3ae3621d3eab 100644 --- a/2022/4xxx/CVE-2022-4223.json +++ b/2022/4xxx/CVE-2022-4223.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://github.com/pgadmin-org/pgadmin4/issues/5593", "url": "https://github.com/pgadmin-org/pgadmin4/issues/5593" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-2d5a6f48e1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/" } ] }, From a27848dc94cf49a07fe00652644047daa479233a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 05:00:40 +0000 Subject: [PATCH 082/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47515.json | 67 +++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47516.json | 67 +++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47517.json | 72 ++++++++++++++++++++++++++++++++++ 2022/47xxx/CVE-2022-47518.json | 18 +++++++++ 2022/47xxx/CVE-2022-47519.json | 18 +++++++++ 2022/47xxx/CVE-2022-47520.json | 18 +++++++++ 2022/47xxx/CVE-2022-47521.json | 18 +++++++++ 7 files changed, 278 insertions(+) create mode 100644 2022/47xxx/CVE-2022-47515.json create mode 100644 2022/47xxx/CVE-2022-47516.json create mode 100644 2022/47xxx/CVE-2022-47517.json create mode 100644 2022/47xxx/CVE-2022-47518.json create mode 100644 2022/47xxx/CVE-2022-47519.json create mode 100644 2022/47xxx/CVE-2022-47520.json create mode 100644 2022/47xxx/CVE-2022-47521.json diff --git a/2022/47xxx/CVE-2022-47515.json b/2022/47xxx/CVE-2022-47515.json new file mode 100644 index 000000000000..93b624c8440c --- /dev/null +++ b/2022/47xxx/CVE-2022-47515.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/drachtio/drachtio-server/issues/245", + "refsource": "MISC", + "name": "https://github.com/drachtio/drachtio-server/issues/245" + }, + { + "url": "https://github.com/drachtio/drachtio-server/commit/4cf9fe2c420b86c16442215d449d40be777c1911", + "refsource": "MISC", + "name": "https://github.com/drachtio/drachtio-server/commit/4cf9fe2c420b86c16442215d449d40be777c1911" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47516.json b/2022/47xxx/CVE-2022-47516.json new file mode 100644 index 000000000000..26231c62e283 --- /dev/null +++ b/2022/47xxx/CVE-2022-47516.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/drachtio/drachtio-server/issues/244", + "refsource": "MISC", + "name": "https://github.com/drachtio/drachtio-server/issues/244" + }, + { + "url": "https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377", + "refsource": "MISC", + "name": "https://github.com/davehorton/sofia-sip/commit/13b2a135287caa2d67ac6cd5155626821e25b377" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47517.json b/2022/47xxx/CVE-2022-47517.json new file mode 100644 index 000000000000..f1fcf3aeb459 --- /dev/null +++ b/2022/47xxx/CVE-2022-47517.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/drachtio/drachtio-server/issues/243", + "refsource": "MISC", + "name": "https://github.com/drachtio/drachtio-server/issues/243" + }, + { + "url": "https://github.com/davehorton/sofia-sip/commit/22c1bd191f0acbf11f0c0fbea1845d9bf9dcd47e", + "refsource": "MISC", + "name": "https://github.com/davehorton/sofia-sip/commit/22c1bd191f0acbf11f0c0fbea1845d9bf9dcd47e" + }, + { + "url": "https://github.com/davehorton/sofia-sip/commit/bfc79d85c8f3a4798a3305fb98f5a11c11d0d29f", + "refsource": "MISC", + "name": "https://github.com/davehorton/sofia-sip/commit/bfc79d85c8f3a4798a3305fb98f5a11c11d0d29f" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47518.json b/2022/47xxx/CVE-2022-47518.json new file mode 100644 index 000000000000..02190642daef --- /dev/null +++ b/2022/47xxx/CVE-2022-47518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47519.json b/2022/47xxx/CVE-2022-47519.json new file mode 100644 index 000000000000..b2eb59f6d65a --- /dev/null +++ b/2022/47xxx/CVE-2022-47519.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47519", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47520.json b/2022/47xxx/CVE-2022-47520.json new file mode 100644 index 000000000000..0277d1e8e809 --- /dev/null +++ b/2022/47xxx/CVE-2022-47520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47521.json b/2022/47xxx/CVE-2022-47521.json new file mode 100644 index 000000000000..0344d306ca34 --- /dev/null +++ b/2022/47xxx/CVE-2022-47521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 3748f6be4c7ed03b6014f81f8fd0225ca3487fed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 06:00:42 +0000 Subject: [PATCH 083/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47518.json | 61 ++++++++++++++++++++++++++++++---- 2022/47xxx/CVE-2022-47519.json | 61 ++++++++++++++++++++++++++++++---- 2022/47xxx/CVE-2022-47520.json | 61 ++++++++++++++++++++++++++++++---- 2022/47xxx/CVE-2022-47521.json | 61 ++++++++++++++++++++++++++++++---- 2022/47xxx/CVE-2022-47522.json | 18 ++++++++++ 5 files changed, 238 insertions(+), 24 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47522.json diff --git a/2022/47xxx/CVE-2022-47518.json b/2022/47xxx/CVE-2022-47518.json index 02190642daef..3db37ab94d67 100644 --- a/2022/47xxx/CVE-2022-47518.json +++ b/2022/47xxx/CVE-2022-47518.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47518", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47518", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com", + "refsource": "MISC", + "name": "https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0" } ] } diff --git a/2022/47xxx/CVE-2022-47519.json b/2022/47xxx/CVE-2022-47519.json index b2eb59f6d65a..efcadb41937b 100644 --- a/2022/47xxx/CVE-2022-47519.json +++ b/2022/47xxx/CVE-2022-47519.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47519", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47519", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com", + "refsource": "MISC", + "name": "https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41" } ] } diff --git a/2022/47xxx/CVE-2022-47520.json b/2022/47xxx/CVE-2022-47520.json index 0277d1e8e809..48e08b64a971 100644 --- a/2022/47xxx/CVE-2022-47520.json +++ b/2022/47xxx/CVE-2022-47520.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47520", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47520", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com", + "refsource": "MISC", + "name": "https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793" } ] } diff --git a/2022/47xxx/CVE-2022-47521.json b/2022/47xxx/CVE-2022-47521.json index 0344d306ca34..3f007e87088c 100644 --- a/2022/47xxx/CVE-2022-47521.json +++ b/2022/47xxx/CVE-2022-47521.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47521", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47521", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull@github.com", + "refsource": "MISC", + "name": "https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull@github.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408" } ] } diff --git a/2022/47xxx/CVE-2022-47522.json b/2022/47xxx/CVE-2022-47522.json new file mode 100644 index 000000000000..7244062e796a --- /dev/null +++ b/2022/47xxx/CVE-2022-47522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 902f7de59daef59daba97706215522baf5317c99 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 08:00:41 +0000 Subject: [PATCH 084/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4247.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4592.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4593.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4594.json | 18 ++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 2021/4xxx/CVE-2021-4247.json create mode 100644 2022/4xxx/CVE-2022-4592.json create mode 100644 2022/4xxx/CVE-2022-4593.json create mode 100644 2022/4xxx/CVE-2022-4594.json diff --git a/2021/4xxx/CVE-2021-4247.json b/2021/4xxx/CVE-2021-4247.json new file mode 100644 index 000000000000..5bc17550aecf --- /dev/null +++ b/2021/4xxx/CVE-2021-4247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4592.json b/2022/4xxx/CVE-2022-4592.json new file mode 100644 index 000000000000..b8480f078a04 --- /dev/null +++ b/2022/4xxx/CVE-2022-4592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4593.json b/2022/4xxx/CVE-2022-4593.json new file mode 100644 index 000000000000..446744dfff42 --- /dev/null +++ b/2022/4xxx/CVE-2022-4593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4594.json b/2022/4xxx/CVE-2022-4594.json new file mode 100644 index 000000000000..b54157abb28b --- /dev/null +++ b/2022/4xxx/CVE-2022-4594.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4594", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 607dc2377999dc17903693b2ffb1f3ac4b56678d Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 09:07:01 +0100 Subject: [PATCH 085/754] CVE-2021-4247 --- 2021/4xxx/CVE-2021-4247.json | 64 ++++++++++++++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/2021/4xxx/CVE-2021-4247.json b/2021/4xxx/CVE-2021-4247.json index 5bc17550aecf..bbabb8e35aff 100644 --- a/2021/4xxx/CVE-2021-4247.json +++ b/2021/4xxx/CVE-2021-4247.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "OWASP NodeGoat Query Parameter research.js denial of service", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OWASP", + "product": { + "product_data": [ + { + "product_name": "NodeGoat", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app\/routes\/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/OWASP\/NodeGoat\/issues\/225" + }, + { + "url": "https:\/\/github.com\/OWASP\/NodeGoat\/commit\/4a4d1db74c63fb4ff8d366551c3af006c25ead12" + }, + { + "url": "https:\/\/vuldb.com\/?id.216184" } ] } From b23ced3f852ab637d5fcb70ad429b90651670dcb Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 09:07:29 +0100 Subject: [PATCH 086/754] CVE-2022-4592 - CVE-2022-4594 --- 2022/4xxx/CVE-2022-4592.json | 61 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4593.json | 61 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4594.json | 61 ++++++++++++++++++++++++++++++++++-- 3 files changed, 174 insertions(+), 9 deletions(-) diff --git a/2022/4xxx/CVE-2022-4592.json b/2022/4xxx/CVE-2022-4592.json index b8480f078a04..930c674e5555 100644 --- a/2022/4xxx/CVE-2022-4592.json +++ b/2022/4xxx/CVE-2022-4592.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "luckyshot CRMx index.php commentdelete sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "luckyshot", + "product": { + "product_data": [ + { + "product_name": "CRMx", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get\/save\/delete\/comment\/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/luckyshot\/CRMx\/commit\/8c62d274986137d6a1d06958a6f75c3553f45f8f" + }, + { + "url": "https:\/\/vuldb.com\/?id.216185" } ] } diff --git a/2022/4xxx/CVE-2022-4593.json b/2022/4xxx/CVE-2022-4593.json index 446744dfff42..893888201585 100644 --- a/2022/4xxx/CVE-2022-4593.json +++ b/2022/4xxx/CVE-2022-4593.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "retra-system cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "retra-system", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in retra-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a6d94ab88f4a6f631a14c59b72461140fb57ae1f. It is recommended to apply a patch to fix this issue. VDB-216186 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/retra\/retra-system\/commit\/a6d94ab88f4a6f631a14c59b72461140fb57ae1f" + }, + { + "url": "https:\/\/vuldb.com\/?id.216186" } ] } diff --git a/2022/4xxx/CVE-2022-4594.json b/2022/4xxx/CVE-2022-4594.json index b54157abb28b..bf2a28cba27d 100644 --- a/2022/4xxx/CVE-2022-4594.json +++ b/2022/4xxx/CVE-2022-4594.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "drogatkin TJWS2 WarRoller.java deployWar path traversal", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "drogatkin", + "product": { + "product_data": [ + { + "product_name": "TJWS2", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x\/src\/rogatkin\/web\/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/drogatkin\/TJWS2\/commit\/1bac15c496ec54efe21ad7fab4e17633778582fc" + }, + { + "url": "https:\/\/vuldb.com\/?id.216187" } ] } From 5ea99c907807416cd97c68e35e4fbcfd9f294a02 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 09:00:39 +0000 Subject: [PATCH 087/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4247.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4592.json | 14 +++++++++----- 2022/4xxx/CVE-2022-4593.json | 12 ++++++++---- 2022/4xxx/CVE-2022-4594.json | 14 +++++++++----- 2022/4xxx/CVE-2022-4595.json | 18 ++++++++++++++++++ 5 files changed, 56 insertions(+), 20 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4595.json diff --git a/2021/4xxx/CVE-2021-4247.json b/2021/4xxx/CVE-2021-4247.json index bbabb8e35aff..3ef7d7e76582 100644 --- a/2021/4xxx/CVE-2021-4247.json +++ b/2021/4xxx/CVE-2021-4247.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app\/routes\/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184." + "value": "A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/OWASP\/NodeGoat\/issues\/225" + "url": "https://github.com/OWASP/NodeGoat/issues/225", + "refsource": "MISC", + "name": "https://github.com/OWASP/NodeGoat/issues/225" }, { - "url": "https:\/\/github.com\/OWASP\/NodeGoat\/commit\/4a4d1db74c63fb4ff8d366551c3af006c25ead12" + "url": "https://github.com/OWASP/NodeGoat/commit/4a4d1db74c63fb4ff8d366551c3af006c25ead12", + "refsource": "MISC", + "name": "https://github.com/OWASP/NodeGoat/commit/4a4d1db74c63fb4ff8d366551c3af006c25ead12" }, { - "url": "https:\/\/vuldb.com\/?id.216184" + "url": "https://vuldb.com/?id.216184", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216184" } ] } diff --git a/2022/4xxx/CVE-2022-4592.json b/2022/4xxx/CVE-2022-4592.json index 930c674e5555..a52a23ceabfa 100644 --- a/2022/4xxx/CVE-2022-4592.json +++ b/2022/4xxx/CVE-2022-4592.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get\/save\/delete\/comment\/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability." + "value": "A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is 8c62d274986137d6a1d06958a6f75c3553f45f8f. It is recommended to apply a patch to fix this issue. The identifier VDB-216185 was assigned to this vulnerability." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/luckyshot\/CRMx\/commit\/8c62d274986137d6a1d06958a6f75c3553f45f8f" + "url": "https://github.com/luckyshot/CRMx/commit/8c62d274986137d6a1d06958a6f75c3553f45f8f", + "refsource": "MISC", + "name": "https://github.com/luckyshot/CRMx/commit/8c62d274986137d6a1d06958a6f75c3553f45f8f" }, { - "url": "https:\/\/vuldb.com\/?id.216185" + "url": "https://vuldb.com/?id.216185", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216185" } ] } diff --git a/2022/4xxx/CVE-2022-4593.json b/2022/4xxx/CVE-2022-4593.json index 893888201585..0211b7051457 100644 --- a/2022/4xxx/CVE-2022-4593.json +++ b/2022/4xxx/CVE-2022-4593.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/retra\/retra-system\/commit\/a6d94ab88f4a6f631a14c59b72461140fb57ae1f" + "url": "https://github.com/retra/retra-system/commit/a6d94ab88f4a6f631a14c59b72461140fb57ae1f", + "refsource": "MISC", + "name": "https://github.com/retra/retra-system/commit/a6d94ab88f4a6f631a14c59b72461140fb57ae1f" }, { - "url": "https:\/\/vuldb.com\/?id.216186" + "url": "https://vuldb.com/?id.216186", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216186" } ] } diff --git a/2022/4xxx/CVE-2022-4594.json b/2022/4xxx/CVE-2022-4594.json index bf2a28cba27d..298a7252f0e1 100644 --- a/2022/4xxx/CVE-2022-4594.json +++ b/2022/4xxx/CVE-2022-4594.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x\/src\/rogatkin\/web\/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187." + "value": "A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/drogatkin\/TJWS2\/commit\/1bac15c496ec54efe21ad7fab4e17633778582fc" + "url": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc", + "refsource": "MISC", + "name": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc" }, { - "url": "https:\/\/vuldb.com\/?id.216187" + "url": "https://vuldb.com/?id.216187", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216187" } ] } diff --git a/2022/4xxx/CVE-2022-4595.json b/2022/4xxx/CVE-2022-4595.json new file mode 100644 index 000000000000..523104a12efd --- /dev/null +++ b/2022/4xxx/CVE-2022-4595.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4595", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 7aac52eabdf2b6232a5173c25cc95098e00aa206 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 11:00:38 +0000 Subject: [PATCH 088/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4248.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4596.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4597.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4598.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4599.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4600.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4601.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4602.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4603.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4604.json | 18 ++++++++++++++++++ 10 files changed, 180 insertions(+) create mode 100644 2021/4xxx/CVE-2021-4248.json create mode 100644 2022/4xxx/CVE-2022-4596.json create mode 100644 2022/4xxx/CVE-2022-4597.json create mode 100644 2022/4xxx/CVE-2022-4598.json create mode 100644 2022/4xxx/CVE-2022-4599.json create mode 100644 2022/4xxx/CVE-2022-4600.json create mode 100644 2022/4xxx/CVE-2022-4601.json create mode 100644 2022/4xxx/CVE-2022-4602.json create mode 100644 2022/4xxx/CVE-2022-4603.json create mode 100644 2022/4xxx/CVE-2022-4604.json diff --git a/2021/4xxx/CVE-2021-4248.json b/2021/4xxx/CVE-2021-4248.json new file mode 100644 index 000000000000..7024279c3962 --- /dev/null +++ b/2021/4xxx/CVE-2021-4248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4596.json b/2022/4xxx/CVE-2022-4596.json new file mode 100644 index 000000000000..234aaaea5753 --- /dev/null +++ b/2022/4xxx/CVE-2022-4596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4597.json b/2022/4xxx/CVE-2022-4597.json new file mode 100644 index 000000000000..38eb75cf1878 --- /dev/null +++ b/2022/4xxx/CVE-2022-4597.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4597", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4598.json b/2022/4xxx/CVE-2022-4598.json new file mode 100644 index 000000000000..9e5da21878db --- /dev/null +++ b/2022/4xxx/CVE-2022-4598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4599.json b/2022/4xxx/CVE-2022-4599.json new file mode 100644 index 000000000000..10d5966968de --- /dev/null +++ b/2022/4xxx/CVE-2022-4599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4600.json b/2022/4xxx/CVE-2022-4600.json new file mode 100644 index 000000000000..89f908251daf --- /dev/null +++ b/2022/4xxx/CVE-2022-4600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4601.json b/2022/4xxx/CVE-2022-4601.json new file mode 100644 index 000000000000..7cf13dff71f6 --- /dev/null +++ b/2022/4xxx/CVE-2022-4601.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4602.json b/2022/4xxx/CVE-2022-4602.json new file mode 100644 index 000000000000..a5ea99302e80 --- /dev/null +++ b/2022/4xxx/CVE-2022-4602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4603.json b/2022/4xxx/CVE-2022-4603.json new file mode 100644 index 000000000000..b95e2fb85bb3 --- /dev/null +++ b/2022/4xxx/CVE-2022-4603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4604.json b/2022/4xxx/CVE-2022-4604.json new file mode 100644 index 000000000000..9b2e68c12b15 --- /dev/null +++ b/2022/4xxx/CVE-2022-4604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 1bf5cc6c037535a9526b0a4de7e43e7ccb8d8673 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 12:02:21 +0100 Subject: [PATCH 089/754] CVE-2021-4248 --- 2021/4xxx/CVE-2021-4248.json | 70 ++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/2021/4xxx/CVE-2021-4248.json b/2021/4xxx/CVE-2021-4248.json index 7024279c3962..2691c27f53e7 100644 --- a/2021/4xxx/CVE-2021-4248.json +++ b/2021/4xxx/CVE-2021-4248.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "kapetan dns Request.cs entropy", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kapetan", + "product": { + "product_data": [ + { + "product_name": "dns", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330 Insufficiently Random Values -> CWE-331 Insufficient Entropy -> CWE-332 Insufficient Entropy in PRNG" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS\/Protocol\/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 is able to address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.6", + "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/kapetan\/dns\/pull\/88" + }, + { + "url": "https:\/\/github.com\/kapetan\/dns\/releases\/tag\/v7.0.0" + }, + { + "url": "https:\/\/github.com\/kapetan\/dns\/commit\/cf7105aa2aae90d6656088fe5a8ee1d5730773b6" + }, + { + "url": "https:\/\/vuldb.com\/?id.216188" } ] } From 3d575cd71d410ed04c96a3407cf6e3bee824cab4 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 12:02:52 +0100 Subject: [PATCH 090/754] CVE-2022-4595 - CVE-2022-4604 --- 2022/4xxx/CVE-2022-4595.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4596.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4597.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4598.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4599.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4600.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4601.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4602.json | 64 +++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4603.json | 61 +++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4604.json | 70 ++++++++++++++++++++++++++++++++++-- 10 files changed, 613 insertions(+), 30 deletions(-) diff --git a/2022/4xxx/CVE-2022-4595.json b/2022/4xxx/CVE-2022-4595.json index 523104a12efd..8b95058b7a40 100644 --- a/2022/4xxx/CVE-2022-4595.json +++ b/2022/4xxx/CVE-2022-4595.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "django-openipam exposed_hosts.html cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "django-openipam", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam\/report\/templates\/report\/exposed_hosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a6223a1150d60cd036106ba6a8e676c1bfc3cc85. It is recommended to apply a patch to fix this issue. The identifier VDB-216189 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/openipam\/django-openipam\/pull\/205" + }, + { + "url": "https:\/\/github.com\/openipam\/django-openipam\/commit\/a6223a1150d60cd036106ba6a8e676c1bfc3cc85" + }, + { + "url": "https:\/\/vuldb.com\/?id.216189" } ] } diff --git a/2022/4xxx/CVE-2022-4596.json b/2022/4xxx/CVE-2022-4596.json index 234aaaea5753..716020ae431f 100644 --- a/2022/4xxx/CVE-2022-4596.json +++ b/2022/4xxx/CVE-2022-4596.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Shoplazza Add Blog Post cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Shoplazza", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file \/admin\/api\/admin\/articles\/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216191." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + }, + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + }, + { + "url": "https:\/\/vuldb.com\/?id.216191" } ] } diff --git a/2022/4xxx/CVE-2022-4597.json b/2022/4xxx/CVE-2022-4597.json index 38eb75cf1878..29be6f837566 100644 --- a/2022/4xxx/CVE-2022-4597.json +++ b/2022/4xxx/CVE-2022-4597.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Shoplazza LifeStyle Create Product v2_products cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shoplazza", + "product": { + "product_data": [ + { + "product_name": "LifeStyle", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file \/admin\/api\/admin\/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216192." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + }, + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + }, + { + "url": "https:\/\/vuldb.com\/?id.216192" } ] } diff --git a/2022/4xxx/CVE-2022-4598.json b/2022/4xxx/CVE-2022-4598.json index 9e5da21878db..9c4311064749 100644 --- a/2022/4xxx/CVE-2022-4598.json +++ b/2022/4xxx/CVE-2022-4598.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Shoplazza LifeStyle Announcement cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shoplazza", + "product": { + "product_data": [ + { + "product_name": "LifeStyle", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \/admin\/api\/theme-edit\/ of the component Announcement Handler. The manipulation of the argument Text\/Mobile Text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216193 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + }, + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + }, + { + "url": "https:\/\/vuldb.com\/?id.216193" } ] } diff --git a/2022/4xxx/CVE-2022-4599.json b/2022/4xxx/CVE-2022-4599.json index 10d5966968de..7e811fbcec4c 100644 --- a/2022/4xxx/CVE-2022-4599.json +++ b/2022/4xxx/CVE-2022-4599.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Shoplazza LifeStyle Product cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shoplazza", + "product": { + "product_data": [ + { + "product_name": "LifeStyle", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file \/admin\/api\/theme-edit\/ of the component Product Handler. The manipulation of the argument Subheading\/Heading\/Text\/Button Text\/Label leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216194 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + }, + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + }, + { + "url": "https:\/\/vuldb.com\/?id.216194" } ] } diff --git a/2022/4xxx/CVE-2022-4600.json b/2022/4xxx/CVE-2022-4600.json index 89f908251daf..2c5c1f2c3e6d 100644 --- a/2022/4xxx/CVE-2022-4600.json +++ b/2022/4xxx/CVE-2022-4600.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Shoplazza LifeStyle Product Carousel cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shoplazza", + "product": { + "product_data": [ + { + "product_name": "LifeStyle", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file \/admin\/api\/theme-edit\/ of the component Product Carousel Handler. The manipulation of the argument Heading\/Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216195." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + }, + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + }, + { + "url": "https:\/\/vuldb.com\/?id.216195" } ] } diff --git a/2022/4xxx/CVE-2022-4601.json b/2022/4xxx/CVE-2022-4601.json index 7cf13dff71f6..6a63c5cc4be3 100644 --- a/2022/4xxx/CVE-2022-4601.json +++ b/2022/4xxx/CVE-2022-4601.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Shoplazza LifeStyle Shipping\/Member Discount\/Icon cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shoplazza", + "product": { + "product_data": [ + { + "product_name": "LifeStyle", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file \/admin\/api\/theme-edit\/ of the component Shipping\/Member Discount\/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216196." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + }, + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + }, + { + "url": "https:\/\/vuldb.com\/?id.216196" } ] } diff --git a/2022/4xxx/CVE-2022-4602.json b/2022/4xxx/CVE-2022-4602.json index a5ea99302e80..5ffb2edba2b7 100644 --- a/2022/4xxx/CVE-2022-4602.json +++ b/2022/4xxx/CVE-2022-4602.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Shoplazza LifeStyle Review Flow cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shoplazza", + "product": { + "product_data": [ + { + "product_name": "LifeStyle", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file \/admin\/api\/theme-edit\/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + }, + { + "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + }, + { + "url": "https:\/\/vuldb.com\/?id.216197" } ] } diff --git a/2022/4xxx/CVE-2022-4603.json b/2022/4xxx/CVE-2022-4603.json index b95e2fb85bb3..8312fd2ed1a4 100644 --- a/2022/4xxx/CVE-2022-4603.json +++ b/2022/4xxx/CVE-2022-4603.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ppp pppdump pppdump.c dumpppp array index", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "ppp", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-129 Improper Validation of Array Index" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump\/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf\/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ppp-project\/ppp\/commit\/a75fb7b198eed50d769c80c36629f38346882cbf" + }, + { + "url": "https:\/\/vuldb.com\/?id.216198" } ] } diff --git a/2022/4xxx/CVE-2022-4604.json b/2022/4xxx/CVE-2022-4604.json index 9b2e68c12b15..f440125c1078 100644 --- a/2022/4xxx/CVE-2022-4604.json +++ b/2022/4xxx/CVE-2022-4604.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "wp-english-wp-admin Plugin", + "version": { + "version_data": [ + { + "version_value": "1.5.0" + }, + { + "version_value": "1.5.1" + }, + { + "version_value": "1.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.2. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.3 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/khromov\/wp-english-wp-admin\/commit\/ad4ba171c974c65c3456e7c6228f59f40783b33d" + }, + { + "url": "https:\/\/github.com\/khromov\/wp-english-wp-admin\/releases\/tag\/1.5.3" + }, + { + "url": "https:\/\/vuldb.com\/?id.216199" } ] } From 7ec909812c01103165f22bcf601d7ec3943367f5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 12:00:42 +0000 Subject: [PATCH 091/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4248.json | 20 ++++++++++++++------ 2022/4xxx/CVE-2022-4595.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4596.json | 16 +++++++++++----- 2022/4xxx/CVE-2022-4597.json | 16 +++++++++++----- 2022/4xxx/CVE-2022-4598.json | 16 +++++++++++----- 2022/4xxx/CVE-2022-4599.json | 16 +++++++++++----- 2022/4xxx/CVE-2022-4600.json | 16 +++++++++++----- 2022/4xxx/CVE-2022-4601.json | 18 ++++++++++++------ 2022/4xxx/CVE-2022-4602.json | 16 +++++++++++----- 2022/4xxx/CVE-2022-4603.json | 14 +++++++++----- 2022/4xxx/CVE-2022-4604.json | 14 ++++++++++---- 11 files changed, 123 insertions(+), 57 deletions(-) diff --git a/2021/4xxx/CVE-2021-4248.json b/2021/4xxx/CVE-2021-4248.json index 2691c27f53e7..f30d9b626e73 100644 --- a/2021/4xxx/CVE-2021-4248.json +++ b/2021/4xxx/CVE-2021-4248.json @@ -52,7 +52,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS\/Protocol\/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 is able to address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188." + "value": "A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 is able to address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188." } ] }, @@ -60,22 +60,30 @@ "cvss": { "version": "3.1", "baseScore": "5.6", - "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/kapetan\/dns\/pull\/88" + "url": "https://github.com/kapetan/dns/pull/88", + "refsource": "MISC", + "name": "https://github.com/kapetan/dns/pull/88" }, { - "url": "https:\/\/github.com\/kapetan\/dns\/releases\/tag\/v7.0.0" + "url": "https://github.com/kapetan/dns/releases/tag/v7.0.0", + "refsource": "MISC", + "name": "https://github.com/kapetan/dns/releases/tag/v7.0.0" }, { - "url": "https:\/\/github.com\/kapetan\/dns\/commit\/cf7105aa2aae90d6656088fe5a8ee1d5730773b6" + "url": "https://github.com/kapetan/dns/commit/cf7105aa2aae90d6656088fe5a8ee1d5730773b6", + "refsource": "MISC", + "name": "https://github.com/kapetan/dns/commit/cf7105aa2aae90d6656088fe5a8ee1d5730773b6" }, { - "url": "https:\/\/vuldb.com\/?id.216188" + "url": "https://vuldb.com/?id.216188", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216188" } ] } diff --git a/2022/4xxx/CVE-2022-4595.json b/2022/4xxx/CVE-2022-4595.json index 8b95058b7a40..b0887d6ef59d 100644 --- a/2022/4xxx/CVE-2022-4595.json +++ b/2022/4xxx/CVE-2022-4595.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam\/report\/templates\/report\/exposed_hosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a6223a1150d60cd036106ba6a8e676c1bfc3cc85. It is recommended to apply a patch to fix this issue. The identifier VDB-216189 was assigned to this vulnerability." + "value": "A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam/report/templates/report/exposed_hosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a6223a1150d60cd036106ba6a8e676c1bfc3cc85. It is recommended to apply a patch to fix this issue. The identifier VDB-216189 was assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/openipam\/django-openipam\/pull\/205" + "url": "https://github.com/openipam/django-openipam/pull/205", + "refsource": "MISC", + "name": "https://github.com/openipam/django-openipam/pull/205" }, { - "url": "https:\/\/github.com\/openipam\/django-openipam\/commit\/a6223a1150d60cd036106ba6a8e676c1bfc3cc85" + "url": "https://github.com/openipam/django-openipam/commit/a6223a1150d60cd036106ba6a8e676c1bfc3cc85", + "refsource": "MISC", + "name": "https://github.com/openipam/django-openipam/commit/a6223a1150d60cd036106ba6a8e676c1bfc3cc85" }, { - "url": "https:\/\/vuldb.com\/?id.216189" + "url": "https://vuldb.com/?id.216189", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216189" } ] } diff --git a/2022/4xxx/CVE-2022-4596.json b/2022/4xxx/CVE-2022-4596.json index 716020ae431f..621ead6f6841 100644 --- a/2022/4xxx/CVE-2022-4596.json +++ b/2022/4xxx/CVE-2022-4596.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file \/admin\/api\/admin\/articles\/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216191." + "value": "A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216191." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + "url": "https://seclists.org/fulldisclosure/2022/Dec/11", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/11" }, { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + "url": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt" }, { - "url": "https:\/\/vuldb.com\/?id.216191" + "url": "https://vuldb.com/?id.216191", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216191" } ] } diff --git a/2022/4xxx/CVE-2022-4597.json b/2022/4xxx/CVE-2022-4597.json index 29be6f837566..536ee58fc6b2 100644 --- a/2022/4xxx/CVE-2022-4597.json +++ b/2022/4xxx/CVE-2022-4597.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file \/admin\/api\/admin\/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216192." + "value": "A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216192." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + "url": "https://seclists.org/fulldisclosure/2022/Dec/11", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/11" }, { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + "url": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt" }, { - "url": "https:\/\/vuldb.com\/?id.216192" + "url": "https://vuldb.com/?id.216192", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216192" } ] } diff --git a/2022/4xxx/CVE-2022-4598.json b/2022/4xxx/CVE-2022-4598.json index 9c4311064749..c9faabf7bd52 100644 --- a/2022/4xxx/CVE-2022-4598.json +++ b/2022/4xxx/CVE-2022-4598.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \/admin\/api\/theme-edit\/ of the component Announcement Handler. The manipulation of the argument Text\/Mobile Text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216193 was assigned to this vulnerability." + "value": "A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216193 was assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + "url": "https://seclists.org/fulldisclosure/2022/Dec/11", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/11" }, { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + "url": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt" }, { - "url": "https:\/\/vuldb.com\/?id.216193" + "url": "https://vuldb.com/?id.216193", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216193" } ] } diff --git a/2022/4xxx/CVE-2022-4599.json b/2022/4xxx/CVE-2022-4599.json index 7e811fbcec4c..590434343c49 100644 --- a/2022/4xxx/CVE-2022-4599.json +++ b/2022/4xxx/CVE-2022-4599.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file \/admin\/api\/theme-edit\/ of the component Product Handler. The manipulation of the argument Subheading\/Heading\/Text\/Button Text\/Label leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216194 is the identifier assigned to this vulnerability." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216194 is the identifier assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + "url": "https://seclists.org/fulldisclosure/2022/Dec/11", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/11" }, { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + "url": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt" }, { - "url": "https:\/\/vuldb.com\/?id.216194" + "url": "https://vuldb.com/?id.216194", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216194" } ] } diff --git a/2022/4xxx/CVE-2022-4600.json b/2022/4xxx/CVE-2022-4600.json index 2c5c1f2c3e6d..695ecab04e75 100644 --- a/2022/4xxx/CVE-2022-4600.json +++ b/2022/4xxx/CVE-2022-4600.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file \/admin\/api\/theme-edit\/ of the component Product Carousel Handler. The manipulation of the argument Heading\/Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216195." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file /admin/api/theme-edit/ of the component Product Carousel Handler. The manipulation of the argument Heading/Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216195." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + "url": "https://seclists.org/fulldisclosure/2022/Dec/11", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/11" }, { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + "url": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt" }, { - "url": "https:\/\/vuldb.com\/?id.216195" + "url": "https://vuldb.com/?id.216195", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216195" } ] } diff --git a/2022/4xxx/CVE-2022-4601.json b/2022/4xxx/CVE-2022-4601.json index 6a63c5cc4be3..df631a5d7697 100644 --- a/2022/4xxx/CVE-2022-4601.json +++ b/2022/4xxx/CVE-2022-4601.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4601", - "TITLE": "Shoplazza LifeStyle Shipping\/Member Discount\/Icon cross site scripting", + "TITLE": "Shoplazza LifeStyle Shipping/Member Discount/Icon cross site scripting", "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file \/admin\/api\/theme-edit\/ of the component Shipping\/Member Discount\/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216196." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/api/theme-edit/ of the component Shipping/Member Discount/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216196." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + "url": "https://seclists.org/fulldisclosure/2022/Dec/11", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/11" }, { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + "url": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt" }, { - "url": "https:\/\/vuldb.com\/?id.216196" + "url": "https://vuldb.com/?id.216196", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216196" } ] } diff --git a/2022/4xxx/CVE-2022-4602.json b/2022/4xxx/CVE-2022-4602.json index 5ffb2edba2b7..3619299f9c70 100644 --- a/2022/4xxx/CVE-2022-4602.json +++ b/2022/4xxx/CVE-2022-4602.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file \/admin\/api\/theme-edit\/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability." + "value": "A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/11" + "url": "https://seclists.org/fulldisclosure/2022/Dec/11", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/11" }, { - "url": "https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/att-11\/proof-of-concept-shoplazza.txt" + "url": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt", + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt" }, { - "url": "https:\/\/vuldb.com\/?id.216197" + "url": "https://vuldb.com/?id.216197", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216197" } ] } diff --git a/2022/4xxx/CVE-2022-4603.json b/2022/4xxx/CVE-2022-4603.json index 8312fd2ed1a4..10dd9160df4f 100644 --- a/2022/4xxx/CVE-2022-4603.json +++ b/2022/4xxx/CVE-2022-4603.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump\/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf\/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario." + "value": "** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ppp-project\/ppp\/commit\/a75fb7b198eed50d769c80c36629f38346882cbf" + "url": "https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf", + "refsource": "MISC", + "name": "https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf" }, { - "url": "https:\/\/vuldb.com\/?id.216198" + "url": "https://vuldb.com/?id.216198", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216198" } ] } diff --git a/2022/4xxx/CVE-2022-4604.json b/2022/4xxx/CVE-2022-4604.json index f440125c1078..2d3de9e88f00 100644 --- a/2022/4xxx/CVE-2022-4604.json +++ b/2022/4xxx/CVE-2022-4604.json @@ -63,19 +63,25 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/khromov\/wp-english-wp-admin\/commit\/ad4ba171c974c65c3456e7c6228f59f40783b33d" + "url": "https://github.com/khromov/wp-english-wp-admin/commit/ad4ba171c974c65c3456e7c6228f59f40783b33d", + "refsource": "MISC", + "name": "https://github.com/khromov/wp-english-wp-admin/commit/ad4ba171c974c65c3456e7c6228f59f40783b33d" }, { - "url": "https:\/\/github.com\/khromov\/wp-english-wp-admin\/releases\/tag\/1.5.3" + "url": "https://github.com/khromov/wp-english-wp-admin/releases/tag/1.5.3", + "refsource": "MISC", + "name": "https://github.com/khromov/wp-english-wp-admin/releases/tag/1.5.3" }, { - "url": "https:\/\/vuldb.com\/?id.216199" + "url": "https://vuldb.com/?id.216199", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216199" } ] } From 8b91ee4b5a6d885030bcee74a2f661fec69890b6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 13:00:40 +0000 Subject: [PATCH 092/754] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4605.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4606.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2022/4xxx/CVE-2022-4605.json create mode 100644 2022/4xxx/CVE-2022-4606.json diff --git a/2022/4xxx/CVE-2022-4605.json b/2022/4xxx/CVE-2022-4605.json new file mode 100644 index 000000000000..f98b0b5f39fd --- /dev/null +++ b/2022/4xxx/CVE-2022-4605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4606.json b/2022/4xxx/CVE-2022-4606.json new file mode 100644 index 000000000000..804bbe0f4ca9 --- /dev/null +++ b/2022/4xxx/CVE-2022-4606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2033b9bc36a275f6995c913b0fa40cba2f731701 Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Sun, 18 Dec 2022 05:05:51 -0800 Subject: [PATCH 093/754] df455d44-0dec-470c-b576-8ea86ec5a367 --- 2022/4xxx/CVE-2022-4605.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4605.json b/2022/4xxx/CVE-2022-4605.json index f98b0b5f39fd..d25a07b02ed7 100644 --- a/2022/4xxx/CVE-2022-4605.json +++ b/2022/4xxx/CVE-2022-4605.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4605", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "flatpressblog/flatpress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3" + } + ] + } + } + ] + }, + "vendor_name": "flatpressblog" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/df455d44-0dec-470c-b576-8ea86ec5a367", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/df455d44-0dec-470c-b576-8ea86ec5a367" + }, + { + "name": "https://github.com/flatpressblog/flatpress/commit/742f8b04f233e3cc52bed11f79fcc9911faee776", + "refsource": "MISC", + "url": "https://github.com/flatpressblog/flatpress/commit/742f8b04f233e3cc52bed11f79fcc9911faee776" + } + ] + }, + "source": { + "advisory": "df455d44-0dec-470c-b576-8ea86ec5a367", + "discovery": "EXTERNAL" + } } \ No newline at end of file From 38a7b63d9de9d78b2ed0089d409472e932df75aa Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Sun, 18 Dec 2022 05:09:31 -0800 Subject: [PATCH 094/754] 3dab0466-c35d-4163-b3c7-a8666e2f7d95 --- 2022/4xxx/CVE-2022-4606.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4606.json b/2022/4xxx/CVE-2022-4606.json index 804bbe0f4ca9..ed27e53a6b0d 100644 --- a/2022/4xxx/CVE-2022-4606.json +++ b/2022/4xxx/CVE-2022-4606.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4606", + "STATE": "PUBLIC", + "TITLE": "PHP Remote File Inclusion in flatpressblog/flatpress" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "flatpressblog/flatpress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3" + } + ] + } + } + ] + }, + "vendor_name": "flatpressblog" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/3dab0466-c35d-4163-b3c7-a8666e2f7d95", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/3dab0466-c35d-4163-b3c7-a8666e2f7d95" + }, + { + "name": "https://github.com/flatpressblog/flatpress/commit/c30d52b28483e1e512d0d81758d4c149f02b4068", + "refsource": "MISC", + "url": "https://github.com/flatpressblog/flatpress/commit/c30d52b28483e1e512d0d81758d4c149f02b4068" + } + ] + }, + "source": { + "advisory": "3dab0466-c35d-4163-b3c7-a8666e2f7d95", + "discovery": "EXTERNAL" + } } \ No newline at end of file From 151c3dae5d1ce1de26a8bf545651dda01acdeb47 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 15:00:39 +0000 Subject: [PATCH 095/754] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36617.json | 18 ++++++++++++++++++ 2021/4xxx/CVE-2021-4249.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2020/36xxx/CVE-2020-36617.json create mode 100644 2021/4xxx/CVE-2021-4249.json diff --git a/2020/36xxx/CVE-2020-36617.json b/2020/36xxx/CVE-2020-36617.json new file mode 100644 index 000000000000..2c44c5dcc060 --- /dev/null +++ b/2020/36xxx/CVE-2020-36617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4249.json b/2021/4xxx/CVE-2021-4249.json new file mode 100644 index 000000000000..80c754736c66 --- /dev/null +++ b/2021/4xxx/CVE-2021-4249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ff01f82d4da8ef23146c1eb592fd5e55a20bf3ce Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 16:02:48 +0100 Subject: [PATCH 096/754] CVE-2020-36617 --- 2020/36xxx/CVE-2020-36617.json | 61 ++++++++++++++++++++++++++++++++-- 1 file changed, 58 insertions(+), 3 deletions(-) diff --git a/2020/36xxx/CVE-2020-36617.json b/2020/36xxx/CVE-2020-36617.json index 2c44c5dcc060..db6f82005959 100644 --- a/2020/36xxx/CVE-2020-36617.json +++ b/2020/36xxx/CVE-2020-36617.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ewxrjk", + "product": { + "product_data": [ + { + "product_name": "sftpserver", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908 Uninitialized Resource -> CWE-824 Uninitialized Pointer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.6", + "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ewxrjk\/sftpserver\/commit\/bf4032f34832ee11d79aa60a226cc018e7ec5eed" + }, + { + "url": "https:\/\/vuldb.com\/?id.216205" } ] } From ea610740b601ffa8b99c48c7b7a0ec8f75c4568a Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 16:03:08 +0100 Subject: [PATCH 097/754] CVE-2021-4249 --- 2021/4xxx/CVE-2021-4249.json | 286 ++++++++++++++++++++++++++++++++++- 1 file changed, 283 insertions(+), 3 deletions(-) diff --git a/2021/4xxx/CVE-2021-4249.json b/2021/4xxx/CVE-2021-4249.json index 80c754736c66..726896d2ff0c 100644 --- a/2021/4xxx/CVE-2021-4249.json +++ b/2021/4xxx/CVE-2021-4249.json @@ -4,14 +4,294 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loop", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "xml-conduit", + "version": { + "version_data": [ + { + "version_value": "0.5.0" + }, + { + "version_value": "0.5.0.1" + }, + { + "version_value": "0.5.1" + }, + { + "version_value": "0.5.1.1" + }, + { + "version_value": "0.5.1.2" + }, + { + "version_value": "0.5.2" + }, + { + "version_value": "0.5.3" + }, + { + "version_value": "0.5.3.1" + }, + { + "version_value": "0.5.4" + }, + { + "version_value": "0.6.0" + }, + { + "version_value": "0.6.1" + }, + { + "version_value": "0.7.0" + }, + { + "version_value": "0.7.0.1" + }, + { + "version_value": "0.7.0.2" + }, + { + "version_value": "0.7.0.3" + }, + { + "version_value": "1.0.0" + }, + { + "version_value": "1.0.1" + }, + { + "version_value": "1.0.1.1" + }, + { + "version_value": "1.0.2" + }, + { + "version_value": "1.0.2.1" + }, + { + "version_value": "1.0.3" + }, + { + "version_value": "1.0.3.1" + }, + { + "version_value": "1.0.3.2" + }, + { + "version_value": "1.0.3.3" + }, + { + "version_value": "1.1.0" + }, + { + "version_value": "1.1.0.1" + }, + { + "version_value": "1.1.0.2" + }, + { + "version_value": "1.1.0.3" + }, + { + "version_value": "1.1.0.4" + }, + { + "version_value": "1.1.0.5" + }, + { + "version_value": "1.1.0.6" + }, + { + "version_value": "1.1.0.7" + }, + { + "version_value": "1.1.0.8" + }, + { + "version_value": "1.1.0.9" + }, + { + "version_value": "1.2.0" + }, + { + "version_value": "1.2.0.1" + }, + { + "version_value": "1.2.0.2" + }, + { + "version_value": "1.2.0.3" + }, + { + "version_value": "1.2.1" + }, + { + "version_value": "1.2.1.1" + }, + { + "version_value": "1.2.2" + }, + { + "version_value": "1.2.3" + }, + { + "version_value": "1.2.3.1" + }, + { + "version_value": "1.2.3.2" + }, + { + "version_value": "1.2.3.3" + }, + { + "version_value": "1.2.4" + }, + { + "version_value": "1.2.5" + }, + { + "version_value": "1.2.5.1" + }, + { + "version_value": "1.2.6" + }, + { + "version_value": "1.3.0" + }, + { + "version_value": "1.3.1" + }, + { + "version_value": "1.3.2" + }, + { + "version_value": "1.3.3" + }, + { + "version_value": "1.3.3.1" + }, + { + "version_value": "1.3.4" + }, + { + "version_value": "1.3.4.1" + }, + { + "version_value": "1.3.4.2" + }, + { + "version_value": "1.3.5" + }, + { + "version_value": "1.4.0" + }, + { + "version_value": "1.4.0.1" + }, + { + "version_value": "1.4.0.2" + }, + { + "version_value": "1.4.0.3" + }, + { + "version_value": "1.4.0.4" + }, + { + "version_value": "1.5.0" + }, + { + "version_value": "1.5.1" + }, + { + "version_value": "1.6.0" + }, + { + "version_value": "1.7.0" + }, + { + "version_value": "1.7.0.1" + }, + { + "version_value": "1.7.1.0" + }, + { + "version_value": "1.7.1.1" + }, + { + "version_value": "1.7.1.2" + }, + { + "version_value": "1.8.0" + }, + { + "version_value": "1.8.0.1" + }, + { + "version_value": "1.9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-835 Infinite Loop" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit\/src\/Text\/XML\/Stream\/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/snoyberg\/xml\/pull\/161" + }, + { + "url": "https:\/\/hackage.haskell.org\/package\/xml-conduit-1.9.1.0" + }, + { + "url": "https:\/\/github.com\/snoyberg\/xml\/commit\/4be1021791dcdee8b164d239433a2043dc0939ea" + }, + { + "url": "https:\/\/vuldb.com\/?id.216204" } ] } From e3191b7410c5f0768a542b136331b349a9435aec Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 16:00:36 +0000 Subject: [PATCH 098/754] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36617.json | 12 ++++++++---- 2021/4xxx/CVE-2021-4249.json | 20 ++++++++++++++------ 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/2020/36xxx/CVE-2020-36617.json b/2020/36xxx/CVE-2020-36617.json index db6f82005959..86dff81126c7 100644 --- a/2020/36xxx/CVE-2020-36617.json +++ b/2020/36xxx/CVE-2020-36617.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "4.6", - "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ewxrjk\/sftpserver\/commit\/bf4032f34832ee11d79aa60a226cc018e7ec5eed" + "url": "https://github.com/ewxrjk/sftpserver/commit/bf4032f34832ee11d79aa60a226cc018e7ec5eed", + "refsource": "MISC", + "name": "https://github.com/ewxrjk/sftpserver/commit/bf4032f34832ee11d79aa60a226cc018e7ec5eed" }, { - "url": "https:\/\/vuldb.com\/?id.216205" + "url": "https://vuldb.com/?id.216205", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216205" } ] } diff --git a/2021/4xxx/CVE-2021-4249.json b/2021/4xxx/CVE-2021-4249.json index 726896d2ff0c..0add7fcbfbe0 100644 --- a/2021/4xxx/CVE-2021-4249.json +++ b/2021/4xxx/CVE-2021-4249.json @@ -268,7 +268,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit\/src\/Text\/XML\/Stream\/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204." + "value": "A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204." } ] }, @@ -276,22 +276,30 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/snoyberg\/xml\/pull\/161" + "url": "https://github.com/snoyberg/xml/pull/161", + "refsource": "MISC", + "name": "https://github.com/snoyberg/xml/pull/161" }, { - "url": "https:\/\/hackage.haskell.org\/package\/xml-conduit-1.9.1.0" + "url": "https://hackage.haskell.org/package/xml-conduit-1.9.1.0", + "refsource": "MISC", + "name": "https://hackage.haskell.org/package/xml-conduit-1.9.1.0" }, { - "url": "https:\/\/github.com\/snoyberg\/xml\/commit\/4be1021791dcdee8b164d239433a2043dc0939ea" + "url": "https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea", + "refsource": "MISC", + "name": "https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea" }, { - "url": "https:\/\/vuldb.com\/?id.216204" + "url": "https://vuldb.com/?id.216204", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216204" } ] } From 7e5c34c559da8e1b42bf8a6e3453d8b03b8c3461 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 21:00:40 +0000 Subject: [PATCH 099/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4250.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2021/4xxx/CVE-2021-4250.json diff --git a/2021/4xxx/CVE-2021-4250.json b/2021/4xxx/CVE-2021-4250.json new file mode 100644 index 000000000000..e1ac76ce0da1 --- /dev/null +++ b/2021/4xxx/CVE-2021-4250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From cab6a135c54ccd70e1c6e153a7f54034f1af9100 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 22:00:37 +0000 Subject: [PATCH 100/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4251.json | 18 ++++++++++++++++++ 2021/4xxx/CVE-2021-4252.json | 18 ++++++++++++++++++ 2021/4xxx/CVE-2021-4253.json | 18 ++++++++++++++++++ 2021/4xxx/CVE-2021-4254.json | 18 ++++++++++++++++++ 2021/4xxx/CVE-2021-4255.json | 18 ++++++++++++++++++ 2021/4xxx/CVE-2021-4256.json | 18 ++++++++++++++++++ 2021/4xxx/CVE-2021-4257.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4607.json | 18 ++++++++++++++++++ 8 files changed, 144 insertions(+) create mode 100644 2021/4xxx/CVE-2021-4251.json create mode 100644 2021/4xxx/CVE-2021-4252.json create mode 100644 2021/4xxx/CVE-2021-4253.json create mode 100644 2021/4xxx/CVE-2021-4254.json create mode 100644 2021/4xxx/CVE-2021-4255.json create mode 100644 2021/4xxx/CVE-2021-4256.json create mode 100644 2021/4xxx/CVE-2021-4257.json create mode 100644 2022/4xxx/CVE-2022-4607.json diff --git a/2021/4xxx/CVE-2021-4251.json b/2021/4xxx/CVE-2021-4251.json new file mode 100644 index 000000000000..ae4fd484deba --- /dev/null +++ b/2021/4xxx/CVE-2021-4251.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4251", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4252.json b/2021/4xxx/CVE-2021-4252.json new file mode 100644 index 000000000000..5d84cabace4a --- /dev/null +++ b/2021/4xxx/CVE-2021-4252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4253.json b/2021/4xxx/CVE-2021-4253.json new file mode 100644 index 000000000000..84d8f491598c --- /dev/null +++ b/2021/4xxx/CVE-2021-4253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4254.json b/2021/4xxx/CVE-2021-4254.json new file mode 100644 index 000000000000..8f1aa3db3de9 --- /dev/null +++ b/2021/4xxx/CVE-2021-4254.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4254", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4255.json b/2021/4xxx/CVE-2021-4255.json new file mode 100644 index 000000000000..cb38d3ff4def --- /dev/null +++ b/2021/4xxx/CVE-2021-4255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4256.json b/2021/4xxx/CVE-2021-4256.json new file mode 100644 index 000000000000..031eb8dba999 --- /dev/null +++ b/2021/4xxx/CVE-2021-4256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4257.json b/2021/4xxx/CVE-2021-4257.json new file mode 100644 index 000000000000..e2b0f80d38ff --- /dev/null +++ b/2021/4xxx/CVE-2021-4257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4607.json b/2022/4xxx/CVE-2022-4607.json new file mode 100644 index 000000000000..9be6644031d2 --- /dev/null +++ b/2022/4xxx/CVE-2022-4607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 4f41efd06fca118710534e34e47f7079ef6524f8 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 23:02:19 +0100 Subject: [PATCH 101/754] CVE-2021-4250 - CVE-2021-4257 --- 2021/4xxx/CVE-2021-4250.json | 79 ++++++++++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4251.json | 61 ++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4252.json | 64 +++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4253.json | 61 ++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4254.json | 61 ++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4255.json | 61 ++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4256.json | 61 ++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4257.json | 61 ++++++++++++++++++++++++++-- 8 files changed, 485 insertions(+), 24 deletions(-) diff --git a/2021/4xxx/CVE-2021-4250.json b/2021/4xxx/CVE-2021-4250.json index e1ac76ce0da1..0f7e6ee8a21d 100644 --- a/2021/4xxx/CVE-2021-4250.json +++ b/2021/4xxx/CVE-2021-4250.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4250", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "cgriego active_attr Regex boolean_typecaster.rb call denial of service", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cgriego", + "product": { + "product_data": [ + { + "product_name": "active_attr", + "version": { + "version_data": [ + { + "version_value": "0.15.0" + }, + { + "version_value": "0.15.1" + }, + { + "version_value": "0.15.2" + }, + { + "version_value": "0.15.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.3. This affects the function call of the file lib\/active_attr\/typecasting\/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.4 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/cgriego\/active_attr\/issues\/184" + }, + { + "url": "https:\/\/github.com\/cgriego\/active_attr\/pull\/185" + }, + { + "url": "https:\/\/github.com\/cgriego\/active_attr\/releases\/tag\/v0.15.4" + }, + { + "url": "https:\/\/github.com\/cgriego\/active_attr\/commit\/dab95e5843b01525444b82bd7b336ef1d79377df" + }, + { + "url": "https:\/\/vuldb.com\/?id.216207" } ] } diff --git a/2021/4xxx/CVE-2021-4251.json b/2021/4xxx/CVE-2021-4251.json index ae4fd484deba..85467bfdda74 100644 --- a/2021/4xxx/CVE-2021-4251.json +++ b/2021/4xxx/CVE-2021-4251.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4251", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "as include.cdn.php getFullURL cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "as", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in as. This vulnerability affects the function getFullURL of the file include.cdn.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216208." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/andrewsauder\/as\/commit\/4acad1e3d2c34c017473ceea442fb3e3e078b2bd" + }, + { + "url": "https:\/\/vuldb.com\/?id.216208" } ] } diff --git a/2021/4xxx/CVE-2021-4252.json b/2021/4xxx/CVE-2021-4252.json index 5d84cabace4a..52c520fdbfa4 100644 --- a/2021/4xxx/CVE-2021-4252.json +++ b/2021/4xxx/CVE-2021-4252.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "WP-Ban ban-options.php toggle_checkbox cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "WP-Ban", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER[\"HTTP_USER_AGENT\"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/lesterchan\/wp-ban\/pull\/11" + }, + { + "url": "https:\/\/github.com\/lesterchan\/wp-ban\/commit\/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76" + }, + { + "url": "https:\/\/vuldb.com\/?id.216209" } ] } diff --git a/2021/4xxx/CVE-2021-4253.json b/2021/4xxx/CVE-2021-4253.json index 84d8f491598c..8e7f4e9c54ce 100644 --- a/2021/4xxx/CVE-2021-4253.json +++ b/2021/4xxx/CVE-2021-4253.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ctrlo lenio Ticket Lenio.pm cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib\/Lenio.pm of the component Ticket Handler. The manipulation of the argument site_id leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 7a1f90bd2a0ce95b8338ec0926902da975ec64d9. It is recommended to apply a patch to fix this issue. VDB-216210 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/7a1f90bd2a0ce95b8338ec0926902da975ec64d9" + }, + { + "url": "https:\/\/vuldb.com\/?id.216210" } ] } diff --git a/2021/4xxx/CVE-2021-4254.json b/2021/4xxx/CVE-2021-4254.json index 8f1aa3db3de9..4ece4f29d6ce 100644 --- a/2021/4xxx/CVE-2021-4254.json +++ b/2021/4xxx/CVE-2021-4254.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ctrlo lenio Notice main.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views\/layouts\/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack can be launched remotely. The name of the patch is aa300555343c1c081951fcb68bfb6852fbba7451. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216211." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/aa300555343c1c081951fcb68bfb6852fbba7451" + }, + { + "url": "https:\/\/vuldb.com\/?id.216211" } ] } diff --git a/2021/4xxx/CVE-2021-4255.json b/2021/4xxx/CVE-2021-4255.json index cb38d3ff4def..964a918effa4 100644 --- a/2021/4xxx/CVE-2021-4255.json +++ b/2021/4xxx/CVE-2021-4255.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4255", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ctrlo lenio contractor.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views\/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" + }, + { + "url": "https:\/\/vuldb.com\/?id.216212" } ] } diff --git a/2021/4xxx/CVE-2021-4256.json b/2021/4xxx/CVE-2021-4256.json index 031eb8dba999..058c1fba07fe 100644 --- a/2021/4xxx/CVE-2021-4256.json +++ b/2021/4xxx/CVE-2021-4256.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4256", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ctrlo lenio index.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ctrlo lenio. It has been classified as problematic. This affects an unknown part of the file views\/index.tt. The manipulation of the argument task.name\/task.site.org.name leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier VDB-216213 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" + }, + { + "url": "https:\/\/vuldb.com\/?id.216213" } ] } diff --git a/2021/4xxx/CVE-2021-4257.json b/2021/4xxx/CVE-2021-4257.json index e2b0f80d38ff..a25c0e836164 100644 --- a/2021/4xxx/CVE-2021-4257.json +++ b/2021/4xxx/CVE-2021-4257.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "ctrlo lenio Task task.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views\/task.tt of the component Task Handler. The manipulation of the argument site.org.name\/check.name\/task.tasktype.name\/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/698c5fa465169d6f23c6a41ca4b1fc9a7869013a" + }, + { + "url": "https:\/\/vuldb.com\/?id.216214" } ] } From 2512382033469ce73c5f85250edfacc3843f4f8a Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Sun, 18 Dec 2022 23:02:36 +0100 Subject: [PATCH 102/754] CVE-2022-4607 --- 2022/4xxx/CVE-2022-4607.json | 70 ++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/2022/4xxx/CVE-2022-4607.json b/2022/4xxx/CVE-2022-4607.json index 9be6644031d2..f0693e5c273b 100644 --- a/2022/4xxx/CVE-2022-4607.json +++ b/2022/4xxx/CVE-2022-4607.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "3D City Database OGC Web Feature Service xml external entity reference", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "3D City Database", + "product": { + "product_data": [ + { + "product_name": "OGC Web Feature Service", + "version": { + "version_data": [ + { + "version_value": "5.2.0" + }, + { + "version_value": "5.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-610 Externally Controlled Reference -> CWE-611 XML External Entity Reference" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.3.0 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/3dcitydb\/web-feature-service\/pull\/12" + }, + { + "url": "https:\/\/github.com\/3dcitydb\/web-feature-service\/releases\/tag\/v5.3.0" + }, + { + "url": "https:\/\/github.com\/3dcitydb\/web-feature-service\/commit\/246f4e2a97ad81491c00a7ed72ce5e7c7f75050a" + }, + { + "url": "https:\/\/vuldb.com\/?id.216215" } ] } From 4a05e00b39db31f8ecd56f5668be08e0cfa5db26 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Dec 2022 23:00:42 +0000 Subject: [PATCH 103/754] "-Synchronized-Data." --- 2021/4xxx/CVE-2021-4250.json | 24 +++++++++++++++++------- 2021/4xxx/CVE-2021-4251.json | 12 ++++++++---- 2021/4xxx/CVE-2021-4252.json | 16 +++++++++++----- 2021/4xxx/CVE-2021-4253.json | 14 +++++++++----- 2021/4xxx/CVE-2021-4254.json | 14 +++++++++----- 2021/4xxx/CVE-2021-4255.json | 14 +++++++++----- 2021/4xxx/CVE-2021-4256.json | 14 +++++++++----- 2021/4xxx/CVE-2021-4257.json | 14 +++++++++----- 2022/4xxx/CVE-2022-4607.json | 18 +++++++++++++----- 9 files changed, 94 insertions(+), 46 deletions(-) diff --git a/2021/4xxx/CVE-2021-4250.json b/2021/4xxx/CVE-2021-4250.json index 0f7e6ee8a21d..3157abf17379 100644 --- a/2021/4xxx/CVE-2021-4250.json +++ b/2021/4xxx/CVE-2021-4250.json @@ -58,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.3. This affects the function call of the file lib\/active_attr\/typecasting\/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.4 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207." + "value": "A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.3. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.4 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207." } ] }, @@ -66,25 +66,35 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/cgriego\/active_attr\/issues\/184" + "url": "https://github.com/cgriego/active_attr/issues/184", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/issues/184" }, { - "url": "https:\/\/github.com\/cgriego\/active_attr\/pull\/185" + "url": "https://github.com/cgriego/active_attr/pull/185", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/pull/185" }, { - "url": "https:\/\/github.com\/cgriego\/active_attr\/releases\/tag\/v0.15.4" + "url": "https://github.com/cgriego/active_attr/releases/tag/v0.15.4", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/releases/tag/v0.15.4" }, { - "url": "https:\/\/github.com\/cgriego\/active_attr\/commit\/dab95e5843b01525444b82bd7b336ef1d79377df" + "url": "https://github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df" }, { - "url": "https:\/\/vuldb.com\/?id.216207" + "url": "https://vuldb.com/?id.216207", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216207" } ] } diff --git a/2021/4xxx/CVE-2021-4251.json b/2021/4xxx/CVE-2021-4251.json index 85467bfdda74..2fe12e50251d 100644 --- a/2021/4xxx/CVE-2021-4251.json +++ b/2021/4xxx/CVE-2021-4251.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/andrewsauder\/as\/commit\/4acad1e3d2c34c017473ceea442fb3e3e078b2bd" + "url": "https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd", + "refsource": "MISC", + "name": "https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd" }, { - "url": "https:\/\/vuldb.com\/?id.216208" + "url": "https://vuldb.com/?id.216208", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216208" } ] } diff --git a/2021/4xxx/CVE-2021-4252.json b/2021/4xxx/CVE-2021-4252.json index 52c520fdbfa4..8db896c87fb3 100644 --- a/2021/4xxx/CVE-2021-4252.json +++ b/2021/4xxx/CVE-2021-4252.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/lesterchan\/wp-ban\/pull\/11" + "url": "https://github.com/lesterchan/wp-ban/pull/11", + "refsource": "MISC", + "name": "https://github.com/lesterchan/wp-ban/pull/11" }, { - "url": "https:\/\/github.com\/lesterchan\/wp-ban\/commit\/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76" + "url": "https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76", + "refsource": "MISC", + "name": "https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76" }, { - "url": "https:\/\/vuldb.com\/?id.216209" + "url": "https://vuldb.com/?id.216209", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216209" } ] } diff --git a/2021/4xxx/CVE-2021-4253.json b/2021/4xxx/CVE-2021-4253.json index 8e7f4e9c54ce..0eab82c727dc 100644 --- a/2021/4xxx/CVE-2021-4253.json +++ b/2021/4xxx/CVE-2021-4253.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib\/Lenio.pm of the component Ticket Handler. The manipulation of the argument site_id leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 7a1f90bd2a0ce95b8338ec0926902da975ec64d9. It is recommended to apply a patch to fix this issue. VDB-216210 is the identifier assigned to this vulnerability." + "value": "A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument site_id leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 7a1f90bd2a0ce95b8338ec0926902da975ec64d9. It is recommended to apply a patch to fix this issue. VDB-216210 is the identifier assigned to this vulnerability." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/7a1f90bd2a0ce95b8338ec0926902da975ec64d9" + "url": "https://github.com/ctrlo/lenio/commit/7a1f90bd2a0ce95b8338ec0926902da975ec64d9", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/7a1f90bd2a0ce95b8338ec0926902da975ec64d9" }, { - "url": "https:\/\/vuldb.com\/?id.216210" + "url": "https://vuldb.com/?id.216210", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216210" } ] } diff --git a/2021/4xxx/CVE-2021-4254.json b/2021/4xxx/CVE-2021-4254.json index 4ece4f29d6ce..2ce892964966 100644 --- a/2021/4xxx/CVE-2021-4254.json +++ b/2021/4xxx/CVE-2021-4254.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views\/layouts\/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack can be launched remotely. The name of the patch is aa300555343c1c081951fcb68bfb6852fbba7451. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216211." + "value": "A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/layouts/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack can be launched remotely. The name of the patch is aa300555343c1c081951fcb68bfb6852fbba7451. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216211." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/aa300555343c1c081951fcb68bfb6852fbba7451" + "url": "https://github.com/ctrlo/lenio/commit/aa300555343c1c081951fcb68bfb6852fbba7451", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/aa300555343c1c081951fcb68bfb6852fbba7451" }, { - "url": "https:\/\/vuldb.com\/?id.216211" + "url": "https://vuldb.com/?id.216211", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216211" } ] } diff --git a/2021/4xxx/CVE-2021-4255.json b/2021/4xxx/CVE-2021-4255.json index 964a918effa4..ae341c17be62 100644 --- a/2021/4xxx/CVE-2021-4255.json +++ b/2021/4xxx/CVE-2021-4255.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views\/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212." + "value": "A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" + "url": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" }, { - "url": "https:\/\/vuldb.com\/?id.216212" + "url": "https://vuldb.com/?id.216212", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216212" } ] } diff --git a/2021/4xxx/CVE-2021-4256.json b/2021/4xxx/CVE-2021-4256.json index 058c1fba07fe..100a816e2768 100644 --- a/2021/4xxx/CVE-2021-4256.json +++ b/2021/4xxx/CVE-2021-4256.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in ctrlo lenio. It has been classified as problematic. This affects an unknown part of the file views\/index.tt. The manipulation of the argument task.name\/task.site.org.name leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier VDB-216213 was assigned to this vulnerability." + "value": "A vulnerability was found in ctrlo lenio. It has been classified as problematic. This affects an unknown part of the file views/index.tt. The manipulation of the argument task.name/task.site.org.name leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier VDB-216213 was assigned to this vulnerability." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" + "url": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" }, { - "url": "https:\/\/vuldb.com\/?id.216213" + "url": "https://vuldb.com/?id.216213", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216213" } ] } diff --git a/2021/4xxx/CVE-2021-4257.json b/2021/4xxx/CVE-2021-4257.json index a25c0e836164..f9da0366bbf0 100644 --- a/2021/4xxx/CVE-2021-4257.json +++ b/2021/4xxx/CVE-2021-4257.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views\/task.tt of the component Task Handler. The manipulation of the argument site.org.name\/check.name\/task.tasktype.name\/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this vulnerability." + "value": "A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this vulnerability." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/ctrlo\/lenio\/commit\/698c5fa465169d6f23c6a41ca4b1fc9a7869013a" + "url": "https://github.com/ctrlo/lenio/commit/698c5fa465169d6f23c6a41ca4b1fc9a7869013a", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/698c5fa465169d6f23c6a41ca4b1fc9a7869013a" }, { - "url": "https:\/\/vuldb.com\/?id.216214" + "url": "https://vuldb.com/?id.216214", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216214" } ] } diff --git a/2022/4xxx/CVE-2022-4607.json b/2022/4xxx/CVE-2022-4607.json index f0693e5c273b..2c25dd5bb1ca 100644 --- a/2022/4xxx/CVE-2022-4607.json +++ b/2022/4xxx/CVE-2022-4607.json @@ -60,22 +60,30 @@ "cvss": { "version": "3.1", "baseScore": "5.5", - "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/3dcitydb\/web-feature-service\/pull\/12" + "url": "https://github.com/3dcitydb/web-feature-service/pull/12", + "refsource": "MISC", + "name": "https://github.com/3dcitydb/web-feature-service/pull/12" }, { - "url": "https:\/\/github.com\/3dcitydb\/web-feature-service\/releases\/tag\/v5.3.0" + "url": "https://github.com/3dcitydb/web-feature-service/releases/tag/v5.3.0", + "refsource": "MISC", + "name": "https://github.com/3dcitydb/web-feature-service/releases/tag/v5.3.0" }, { - "url": "https:\/\/github.com\/3dcitydb\/web-feature-service\/commit\/246f4e2a97ad81491c00a7ed72ce5e7c7f75050a" + "url": "https://github.com/3dcitydb/web-feature-service/commit/246f4e2a97ad81491c00a7ed72ce5e7c7f75050a", + "refsource": "MISC", + "name": "https://github.com/3dcitydb/web-feature-service/commit/246f4e2a97ad81491c00a7ed72ce5e7c7f75050a" }, { - "url": "https:\/\/vuldb.com\/?id.216215" + "url": "https://vuldb.com/?id.216215", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216215" } ] } From a606ba596ef9f56e7c90eb3500caca99624a520d Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Mon, 19 Dec 2022 11:30:05 +0900 Subject: [PATCH 104/754] JPCERT/CC 2022-12-19-11-27 --- 2022/41xxx/CVE-2022-41993.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43443.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43466.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43486.json | 50 ++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44456.json | 53 ++++++++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46287.json | 50 ++++++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46288.json | 50 ++++++++++++++++++++++++++++++-- 7 files changed, 332 insertions(+), 21 deletions(-) diff --git a/2022/41xxx/CVE-2022-41993.json b/2022/41xxx/CVE-2022-41993.json index 2349ade3c522..40aa6bf70cf7 100644 --- a/2022/41xxx/CVE-2022-41993.json +++ b/2022/41xxx/CVE-2022-41993.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Japan Construction Information Center", + "product": { + "product_data": [ + { + "product_name": "DENSHI NYUSATSU CORE SYSTEM", + "version": { + "version_data": [ + { + "version_value": "v6 R4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" + }, + { + "url": "https://jvn.jp/en/jp/JVN96321933/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script." } ] } diff --git a/2022/43xxx/CVE-2022-43443.json b/2022/43xxx/CVE-2022-43443.json index db450507f97d..59be3f188d33 100644 --- a/2022/43xxx/CVE-2022-43443.json +++ b/2022/43xxx/CVE-2022-43443.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BUFFALO INC.", + "product": { + "product_data": [ + { + "product_name": "Buffalo network devices", + "version": { + "version_data": [ + { + "version_value": "WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, and WCR-1166DS firmware Ver. 1.34 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.buffalo.jp/news/detail/20221205-01.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, and WCR-1166DS firmware Ver. 1.34 and earlier allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page." } ] } diff --git a/2022/43xxx/CVE-2022-43466.json b/2022/43xxx/CVE-2022-43466.json index a4a298d91778..7c6adfa17d9a 100644 --- a/2022/43xxx/CVE-2022-43466.json +++ b/2022/43xxx/CVE-2022-43466.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BUFFALO INC.", + "product": { + "product_data": [ + { + "product_name": "Buffalo network devices", + "version": { + "version_data": [ + { + "version_value": "WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.buffalo.jp/news/detail/20221205-01.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program." } ] } diff --git a/2022/43xxx/CVE-2022-43486.json b/2022/43xxx/CVE-2022-43486.json index d08c71a58391..736c8f23ea2d 100644 --- a/2022/43xxx/CVE-2022-43486.json +++ b/2022/43xxx/CVE-2022-43486.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BUFFALO INC.", + "product": { + "product_data": [ + { + "product_name": "Buffalo network devices", + "version": { + "version_data": [ + { + "version_value": "WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.buffalo.jp/news/detail/20221205-01.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected device." } ] } diff --git a/2022/44xxx/CVE-2022-44456.json b/2022/44xxx/CVE-2022-44456.json index c284524b48eb..01534dc6b664 100644 --- a/2022/44xxx/CVE-2022-44456.json +++ b/2022/44xxx/CVE-2022-44456.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Contec Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "CONPROSYS HMI System (CHS)", + "version": { + "version_data": [ + { + "version_value": "Ver.3.4.4?and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_221014_en.pdf" + }, + { + "url": "https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU96873821/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request." } ] } diff --git a/2022/46xxx/CVE-2022-46287.json b/2022/46xxx/CVE-2022-46287.json index 3feaf75ead9d..0d4b4e710899 100644 --- a/2022/46xxx/CVE-2022-46287.json +++ b/2022/46xxx/CVE-2022-46287.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46287", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Japan Construction Information Center", + "product": { + "product_data": [ + { + "product_name": "DENSHI NYUSATSU CORE SYSTEM", + "version": { + "version_data": [ + { + "version_value": "v6 R4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" + }, + { + "url": "https://jvn.jp/en/jp/JVN96321933/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script." } ] } diff --git a/2022/46xxx/CVE-2022-46288.json b/2022/46xxx/CVE-2022-46288.json index b64dadaeb616..4b81b008c144 100644 --- a/2022/46xxx/CVE-2022-46288.json +++ b/2022/46xxx/CVE-2022-46288.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Japan Construction Information Center", + "product": { + "product_data": [ + { + "product_name": "DENSHI NYUSATSU CORE SYSTEM", + "version": { + "version_data": [ + { + "version_value": "v6 R4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" + }, + { + "url": "https://jvn.jp/en/jp/JVN96321933/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL." } ] } From 650df075175792b1a86c92099d0dad371e1c3da2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 03:00:41 +0000 Subject: [PATCH 105/754] "-Synchronized-Data." --- 2022/36xxx/CVE-2022-36227.json | 5 +++++ 2022/37xxx/CVE-2022-37966.json | 5 +++++ 2022/37xxx/CVE-2022-37967.json | 5 +++++ 2022/38xxx/CVE-2022-38023.json | 5 +++++ 2022/3xxx/CVE-2022-3500.json | 10 ++++++++++ 2022/41xxx/CVE-2022-41993.json | 11 ++++++++--- 2022/43xxx/CVE-2022-43443.json | 11 ++++++++--- 2022/43xxx/CVE-2022-43466.json | 11 ++++++++--- 2022/43xxx/CVE-2022-43486.json | 11 ++++++++--- 2022/44xxx/CVE-2022-44456.json | 15 +++++++++++---- 2022/46xxx/CVE-2022-46287.json | 11 ++++++++--- 2022/46xxx/CVE-2022-46288.json | 11 ++++++++--- 2022/46xxx/CVE-2022-46340.json | 5 +++++ 2022/46xxx/CVE-2022-46341.json | 5 +++++ 2022/46xxx/CVE-2022-46342.json | 5 +++++ 2022/46xxx/CVE-2022-46343.json | 5 +++++ 2022/46xxx/CVE-2022-46344.json | 5 +++++ 2022/4xxx/CVE-2022-4283.json | 5 +++++ 18 files changed, 119 insertions(+), 22 deletions(-) diff --git a/2022/36xxx/CVE-2022-36227.json b/2022/36xxx/CVE-2022-36227.json index 1417b9eab8de..8ca749aff91f 100644 --- a/2022/36xxx/CVE-2022-36227.json +++ b/2022/36xxx/CVE-2022-36227.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215", "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-e15be0091f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/" } ] } diff --git a/2022/37xxx/CVE-2022-37966.json b/2022/37xxx/CVE-2022-37966.json index 117d861c6631..cda05f149ff0 100644 --- a/2022/37xxx/CVE-2022-37966.json +++ b/2022/37xxx/CVE-2022-37966.json @@ -129,6 +129,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37966", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37966" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-cb92b4ea21", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCTYD5EQRS73QZTWPOC2ZO2FL7MMYXMS/" } ] }, diff --git a/2022/37xxx/CVE-2022-37967.json b/2022/37xxx/CVE-2022-37967.json index ce2248b6d0c7..a36c531c7742 100644 --- a/2022/37xxx/CVE-2022-37967.json +++ b/2022/37xxx/CVE-2022-37967.json @@ -129,6 +129,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37967", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37967" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-cb92b4ea21", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCTYD5EQRS73QZTWPOC2ZO2FL7MMYXMS/" } ] }, diff --git a/2022/38xxx/CVE-2022-38023.json b/2022/38xxx/CVE-2022-38023.json index 353c59b72c26..518acf20be66 100644 --- a/2022/38xxx/CVE-2022-38023.json +++ b/2022/38xxx/CVE-2022-38023.json @@ -129,6 +129,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38023", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38023" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-cb92b4ea21", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCTYD5EQRS73QZTWPOC2ZO2FL7MMYXMS/" } ] }, diff --git a/2022/3xxx/CVE-2022-3500.json b/2022/3xxx/CVE-2022-3500.json index a031773d1419..1f2575d4d011 100644 --- a/2022/3xxx/CVE-2022-3500.json +++ b/2022/3xxx/CVE-2022-3500.json @@ -58,6 +58,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-5a6ed3607d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-7a312cde45", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-8ad3246cc0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/" } ] }, diff --git a/2022/41xxx/CVE-2022-41993.json b/2022/41xxx/CVE-2022-41993.json index 40aa6bf70cf7..6cff361da648 100644 --- a/2022/41xxx/CVE-2022-41993.json +++ b/2022/41xxx/CVE-2022-41993.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41993", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,10 +45,14 @@ "references": { "reference_data": [ { - "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" + "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf", + "refsource": "MISC", + "name": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" }, { - "url": "https://jvn.jp/en/jp/JVN96321933/index.html" + "url": "https://jvn.jp/en/jp/JVN96321933/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN96321933/index.html" } ] }, diff --git a/2022/43xxx/CVE-2022-43443.json b/2022/43xxx/CVE-2022-43443.json index 59be3f188d33..7a075b823336 100644 --- a/2022/43xxx/CVE-2022-43443.json +++ b/2022/43xxx/CVE-2022-43443.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43443", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,10 +45,14 @@ "references": { "reference_data": [ { - "url": "https://www.buffalo.jp/news/detail/20221205-01.html" + "url": "https://www.buffalo.jp/news/detail/20221205-01.html", + "refsource": "MISC", + "name": "https://www.buffalo.jp/news/detail/20221205-01.html" }, { - "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html" + "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97099584/index.html" } ] }, diff --git a/2022/43xxx/CVE-2022-43466.json b/2022/43xxx/CVE-2022-43466.json index 7c6adfa17d9a..a7ce01bb4b7f 100644 --- a/2022/43xxx/CVE-2022-43466.json +++ b/2022/43xxx/CVE-2022-43466.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43466", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,10 +45,14 @@ "references": { "reference_data": [ { - "url": "https://www.buffalo.jp/news/detail/20221205-01.html" + "url": "https://www.buffalo.jp/news/detail/20221205-01.html", + "refsource": "MISC", + "name": "https://www.buffalo.jp/news/detail/20221205-01.html" }, { - "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html" + "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97099584/index.html" } ] }, diff --git a/2022/43xxx/CVE-2022-43486.json b/2022/43xxx/CVE-2022-43486.json index 736c8f23ea2d..d0cc828c733a 100644 --- a/2022/43xxx/CVE-2022-43486.json +++ b/2022/43xxx/CVE-2022-43486.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43486", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,10 +45,14 @@ "references": { "reference_data": [ { - "url": "https://www.buffalo.jp/news/detail/20221205-01.html" + "url": "https://www.buffalo.jp/news/detail/20221205-01.html", + "refsource": "MISC", + "name": "https://www.buffalo.jp/news/detail/20221205-01.html" }, { - "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html" + "url": "https://jvn.jp/en/vu/JVNVU97099584/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97099584/index.html" } ] }, diff --git a/2022/44xxx/CVE-2022-44456.json b/2022/44xxx/CVE-2022-44456.json index 01534dc6b664..eddee8d0195e 100644 --- a/2022/44xxx/CVE-2022-44456.json +++ b/2022/44xxx/CVE-2022-44456.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44456", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,13 +45,19 @@ "references": { "reference_data": [ { - "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_221014_en.pdf" + "url": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_221014_en.pdf", + "refsource": "MISC", + "name": "https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_221014_en.pdf" }, { - "url": "https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b" + "url": "https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b", + "refsource": "MISC", + "name": "https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b" }, { - "url": "https://jvn.jp/en/vu/JVNVU96873821/index.html" + "url": "https://jvn.jp/en/vu/JVNVU96873821/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU96873821/index.html" } ] }, diff --git a/2022/46xxx/CVE-2022-46287.json b/2022/46xxx/CVE-2022-46287.json index 0d4b4e710899..483bb6de4e01 100644 --- a/2022/46xxx/CVE-2022-46287.json +++ b/2022/46xxx/CVE-2022-46287.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46287", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,10 +45,14 @@ "references": { "reference_data": [ { - "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" + "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf", + "refsource": "MISC", + "name": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" }, { - "url": "https://jvn.jp/en/jp/JVN96321933/index.html" + "url": "https://jvn.jp/en/jp/JVN96321933/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN96321933/index.html" } ] }, diff --git a/2022/46xxx/CVE-2022-46288.json b/2022/46xxx/CVE-2022-46288.json index 4b81b008c144..60496fe2aa9f 100644 --- a/2022/46xxx/CVE-2022-46288.json +++ b/2022/46xxx/CVE-2022-46288.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46288", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,10 +45,14 @@ "references": { "reference_data": [ { - "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" + "url": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf", + "refsource": "MISC", + "name": "https://www.cals.jacic.or.jp/coreconso/pdf/coreconsoinfo20221215.pdf" }, { - "url": "https://jvn.jp/en/jp/JVN96321933/index.html" + "url": "https://jvn.jp/en/jp/JVN96321933/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN96321933/index.html" } ] }, diff --git a/2022/46xxx/CVE-2022-46340.json b/2022/46xxx/CVE-2022-46340.json index c56a737eb1c7..7d0b3a152f86 100644 --- a/2022/46xxx/CVE-2022-46340.json +++ b/2022/46xxx/CVE-2022-46340.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-c3a65f7c65", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-721a78b7e5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" } ] }, diff --git a/2022/46xxx/CVE-2022-46341.json b/2022/46xxx/CVE-2022-46341.json index a8b65a769230..165208661ccb 100644 --- a/2022/46xxx/CVE-2022-46341.json +++ b/2022/46xxx/CVE-2022-46341.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-c3a65f7c65", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-721a78b7e5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" } ] }, diff --git a/2022/46xxx/CVE-2022-46342.json b/2022/46xxx/CVE-2022-46342.json index ac4743fa80dd..448978890cf2 100644 --- a/2022/46xxx/CVE-2022-46342.json +++ b/2022/46xxx/CVE-2022-46342.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-c3a65f7c65", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-721a78b7e5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" } ] }, diff --git a/2022/46xxx/CVE-2022-46343.json b/2022/46xxx/CVE-2022-46343.json index 8ab1426682a5..f46c98493cce 100644 --- a/2022/46xxx/CVE-2022-46343.json +++ b/2022/46xxx/CVE-2022-46343.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-c3a65f7c65", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-721a78b7e5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" } ] }, diff --git a/2022/46xxx/CVE-2022-46344.json b/2022/46xxx/CVE-2022-46344.json index 0d3ffeb936eb..8e9f205d87bd 100644 --- a/2022/46xxx/CVE-2022-46344.json +++ b/2022/46xxx/CVE-2022-46344.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-c3a65f7c65", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-721a78b7e5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" } ] }, diff --git a/2022/4xxx/CVE-2022-4283.json b/2022/4xxx/CVE-2022-4283.json index 6b0c67d14cb1..ab303e3e4697 100644 --- a/2022/4xxx/CVE-2022-4283.json +++ b/2022/4xxx/CVE-2022-4283.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-c3a65f7c65", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-721a78b7e5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" } ] }, From ca39c06e5aeacb1e4765cdd18be0f2a3e59fcf8e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 04:00:41 +0000 Subject: [PATCH 106/754] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22922.json | 5 +++++ 2021/22xxx/CVE-2021-22923.json | 5 +++++ 2021/22xxx/CVE-2021-22925.json | 5 +++++ 2021/22xxx/CVE-2021-22926.json | 5 +++++ 2021/22xxx/CVE-2021-22945.json | 5 +++++ 2021/22xxx/CVE-2021-22946.json | 5 +++++ 2021/22xxx/CVE-2021-22947.json | 5 +++++ 2021/43xxx/CVE-2021-43527.json | 5 +++++ 2022/21xxx/CVE-2022-21620.json | 5 +++++ 2022/21xxx/CVE-2022-21621.json | 5 +++++ 2022/21xxx/CVE-2022-21627.json | 5 +++++ 2022/22xxx/CVE-2022-22576.json | 5 +++++ 2022/27xxx/CVE-2022-27774.json | 5 +++++ 2022/27xxx/CVE-2022-27775.json | 5 +++++ 2022/27xxx/CVE-2022-27776.json | 5 +++++ 2022/27xxx/CVE-2022-27779.json | 5 +++++ 2022/27xxx/CVE-2022-27780.json | 5 +++++ 2022/27xxx/CVE-2022-27781.json | 5 +++++ 2022/27xxx/CVE-2022-27782.json | 5 +++++ 2022/30xxx/CVE-2022-30115.json | 5 +++++ 2022/30xxx/CVE-2022-30698.json | 5 +++++ 2022/30xxx/CVE-2022-30699.json | 5 +++++ 2022/32xxx/CVE-2022-32205.json | 5 +++++ 2022/32xxx/CVE-2022-32206.json | 5 +++++ 2022/32xxx/CVE-2022-32207.json | 10 ++++++++++ 2022/32xxx/CVE-2022-32208.json | 10 ++++++++++ 2022/32xxx/CVE-2022-32221.json | 5 +++++ 2022/35xxx/CVE-2022-35252.json | 5 +++++ 2022/35xxx/CVE-2022-35260.json | 5 +++++ 2022/39xxx/CVE-2022-39421.json | 5 +++++ 2022/39xxx/CVE-2022-39422.json | 5 +++++ 2022/39xxx/CVE-2022-39423.json | 5 +++++ 2022/39xxx/CVE-2022-39424.json | 5 +++++ 2022/39xxx/CVE-2022-39425.json | 5 +++++ 2022/39xxx/CVE-2022-39426.json | 5 +++++ 2022/3xxx/CVE-2022-3140.json | 5 +++++ 2022/3xxx/CVE-2022-3204.json | 5 +++++ 2022/3xxx/CVE-2022-3479.json | 5 +++++ 2022/42xxx/CVE-2022-42915.json | 5 +++++ 2022/42xxx/CVE-2022-42916.json | 5 +++++ 40 files changed, 210 insertions(+) diff --git a/2021/22xxx/CVE-2021-22922.json b/2021/22xxx/CVE-2021-22922.json index 00b0a2a444f3..34d8e2e6fd4c 100644 --- a/2021/22xxx/CVE-2021-22922.json +++ b/2021/22xxx/CVE-2021-22922.json @@ -88,6 +88,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22923.json b/2021/22xxx/CVE-2021-22923.json index 9fd5bfaee0f4..fc5fbd07f0b0 100644 --- a/2021/22xxx/CVE-2021-22923.json +++ b/2021/22xxx/CVE-2021-22923.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22925.json b/2021/22xxx/CVE-2021-22925.json index d6b35cf3af85..da27ca5d2b4f 100644 --- a/2021/22xxx/CVE-2021-22925.json +++ b/2021/22xxx/CVE-2021-22925.json @@ -98,6 +98,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22926.json b/2021/22xxx/CVE-2021-22926.json index ad378c1e3b8b..e659ff95b18b 100644 --- a/2021/22xxx/CVE-2021-22926.json +++ b/2021/22xxx/CVE-2021-22926.json @@ -93,6 +93,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22945.json b/2021/22xxx/CVE-2021-22945.json index 21a5bb74d175..a27ab51bd31e 100644 --- a/2021/22xxx/CVE-2021-22945.json +++ b/2021/22xxx/CVE-2021-22945.json @@ -88,6 +88,11 @@ "refsource": "DEBIAN", "name": "DSA-5197", "url": "https://www.debian.org/security/2022/dsa-5197" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22946.json b/2021/22xxx/CVE-2021-22946.json index da86fdcfc14a..2f6c58adf784 100644 --- a/2021/22xxx/CVE-2021-22946.json +++ b/2021/22xxx/CVE-2021-22946.json @@ -118,6 +118,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22947.json b/2021/22xxx/CVE-2021-22947.json index 5787b5c09c54..97ea7a53e038 100644 --- a/2021/22xxx/CVE-2021-22947.json +++ b/2021/22xxx/CVE-2021-22947.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/43xxx/CVE-2021-43527.json b/2021/43xxx/CVE-2021-43527.json index d68a41589846..2b86666332dc 100644 --- a/2021/43xxx/CVE-2021-43527.json +++ b/2021/43xxx/CVE-2021-43527.json @@ -88,6 +88,11 @@ "refsource": "MISC", "name": "https://www.starwindsoftware.com/security/sw-20220802-0001/", "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-05", + "url": "https://security.gentoo.org/glsa/202212-05" } ] }, diff --git a/2022/21xxx/CVE-2022-21620.json b/2022/21xxx/CVE-2022-21620.json index 64eb43b5f2cd..5107dbfa362d 100644 --- a/2022/21xxx/CVE-2022-21620.json +++ b/2022/21xxx/CVE-2022-21620.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21621.json b/2022/21xxx/CVE-2022-21621.json index 66e54816e11f..c784faafada6 100644 --- a/2022/21xxx/CVE-2022-21621.json +++ b/2022/21xxx/CVE-2022-21621.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21627.json b/2022/21xxx/CVE-2022-21627.json index aecaf8ea7f35..e05fc624c0fe 100644 --- a/2022/21xxx/CVE-2022-21627.json +++ b/2022/21xxx/CVE-2022-21627.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/22xxx/CVE-2022-22576.json b/2022/22xxx/CVE-2022-22576.json index 930b7c664782..a5c1076a6662 100644 --- a/2022/22xxx/CVE-2022-22576.json +++ b/2022/22xxx/CVE-2022-22576.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/27xxx/CVE-2022-27774.json b/2022/27xxx/CVE-2022-27774.json index 6c53b15aa616..d1eeee147222 100644 --- a/2022/27xxx/CVE-2022-27774.json +++ b/2022/27xxx/CVE-2022-27774.json @@ -58,6 +58,11 @@ "refsource": "DEBIAN", "name": "DSA-5197", "url": "https://www.debian.org/security/2022/dsa-5197" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/27xxx/CVE-2022-27775.json b/2022/27xxx/CVE-2022-27775.json index ac72b1837105..a99f15dd0970 100644 --- a/2022/27xxx/CVE-2022-27775.json +++ b/2022/27xxx/CVE-2022-27775.json @@ -58,6 +58,11 @@ "refsource": "DEBIAN", "name": "DSA-5197", "url": "https://www.debian.org/security/2022/dsa-5197" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/27xxx/CVE-2022-27776.json b/2022/27xxx/CVE-2022-27776.json index f436bf5c3a09..f58cad8a4af7 100644 --- a/2022/27xxx/CVE-2022-27776.json +++ b/2022/27xxx/CVE-2022-27776.json @@ -73,6 +73,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-bca2c95559", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/27xxx/CVE-2022-27779.json b/2022/27xxx/CVE-2022-27779.json index 7bbab2c47cf4..3a6c7aa25b09 100644 --- a/2022/27xxx/CVE-2022-27779.json +++ b/2022/27xxx/CVE-2022-27779.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220609-0009/", "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/27xxx/CVE-2022-27780.json b/2022/27xxx/CVE-2022-27780.json index 2a7f04210fdf..b79def0d2808 100644 --- a/2022/27xxx/CVE-2022-27780.json +++ b/2022/27xxx/CVE-2022-27780.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220609-0009/", "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/27xxx/CVE-2022-27781.json b/2022/27xxx/CVE-2022-27781.json index fee03369a9b0..d95c95247347 100644 --- a/2022/27xxx/CVE-2022-27781.json +++ b/2022/27xxx/CVE-2022-27781.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/27xxx/CVE-2022-27782.json b/2022/27xxx/CVE-2022-27782.json index c38f2dddda70..e65c6b512a47 100644 --- a/2022/27xxx/CVE-2022-27782.json +++ b/2022/27xxx/CVE-2022-27782.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/30xxx/CVE-2022-30115.json b/2022/30xxx/CVE-2022-30115.json index 57e71e71509c..d000fb6e6e58 100644 --- a/2022/30xxx/CVE-2022-30115.json +++ b/2022/30xxx/CVE-2022-30115.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20221026 [SECURITY ADVISORY] CVE-2022-42916: HSTS bypass via IDN (curl)", "url": "http://www.openwall.com/lists/oss-security/2022/10/26/4" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/30xxx/CVE-2022-30698.json b/2022/30xxx/CVE-2022-30698.json index 034db018fcef..34df8ede3ba7 100644 --- a/2022/30xxx/CVE-2022-30698.json +++ b/2022/30xxx/CVE-2022-30698.json @@ -75,6 +75,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-0a914d5c6b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-02", + "url": "https://security.gentoo.org/glsa/202212-02" } ] } diff --git a/2022/30xxx/CVE-2022-30699.json b/2022/30xxx/CVE-2022-30699.json index cfa0578d3d9f..c1f8999cb913 100644 --- a/2022/30xxx/CVE-2022-30699.json +++ b/2022/30xxx/CVE-2022-30699.json @@ -75,6 +75,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-0a914d5c6b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-02", + "url": "https://security.gentoo.org/glsa/202212-02" } ] } diff --git a/2022/32xxx/CVE-2022-32205.json b/2022/32xxx/CVE-2022-32205.json index 587acfdafb1d..c9aa3e0d3b04 100644 --- a/2022/32xxx/CVE-2022-32205.json +++ b/2022/32xxx/CVE-2022-32205.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/32xxx/CVE-2022-32206.json b/2022/32xxx/CVE-2022-32206.json index 9fb638fa6937..ce898aa5aa03 100644 --- a/2022/32xxx/CVE-2022-32206.json +++ b/2022/32xxx/CVE-2022-32206.json @@ -88,6 +88,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/32xxx/CVE-2022-32207.json b/2022/32xxx/CVE-2022-32207.json index b557b46a7fc8..8e2267631659 100644 --- a/2022/32xxx/CVE-2022-32207.json +++ b/2022/32xxx/CVE-2022-32207.json @@ -73,6 +73,16 @@ "refsource": "FULLDISC", "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "url": "http://seclists.org/fulldisclosure/2022/Oct/41" + }, + { + "refsource": "FULLDISC", + "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", + "url": "http://seclists.org/fulldisclosure/2022/Oct/28" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/32xxx/CVE-2022-32208.json b/2022/32xxx/CVE-2022-32208.json index 8f4228cecd06..3707fd8a27b4 100644 --- a/2022/32xxx/CVE-2022-32208.json +++ b/2022/32xxx/CVE-2022-32208.json @@ -78,6 +78,16 @@ "refsource": "FULLDISC", "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "url": "http://seclists.org/fulldisclosure/2022/Oct/41" + }, + { + "refsource": "FULLDISC", + "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", + "url": "http://seclists.org/fulldisclosure/2022/Oct/28" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/32xxx/CVE-2022-32221.json b/2022/32xxx/CVE-2022-32221.json index bae58843499d..c684ac03a4c3 100644 --- a/2022/32xxx/CVE-2022-32221.json +++ b/2022/32xxx/CVE-2022-32221.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/1704017", "url": "https://hackerone.com/reports/1704017" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/35xxx/CVE-2022-35252.json b/2022/35xxx/CVE-2022-35252.json index 22c0647cb2ad..add34680a025 100644 --- a/2022/35xxx/CVE-2022-35252.json +++ b/2022/35xxx/CVE-2022-35252.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220930-0005/", "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/35xxx/CVE-2022-35260.json b/2022/35xxx/CVE-2022-35260.json index 8f0c79d7f5c8..3977495eefd3 100644 --- a/2022/35xxx/CVE-2022-35260.json +++ b/2022/35xxx/CVE-2022-35260.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/1721098", "url": "https://hackerone.com/reports/1721098" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/39xxx/CVE-2022-39421.json b/2022/39xxx/CVE-2022-39421.json index f6d7fb6f4d04..3da22a02cf31 100644 --- a/2022/39xxx/CVE-2022-39421.json +++ b/2022/39xxx/CVE-2022-39421.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/39xxx/CVE-2022-39422.json b/2022/39xxx/CVE-2022-39422.json index c5ffe81c899d..6ca90f0afade 100644 --- a/2022/39xxx/CVE-2022-39422.json +++ b/2022/39xxx/CVE-2022-39422.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/39xxx/CVE-2022-39423.json b/2022/39xxx/CVE-2022-39423.json index 8aed192c45ab..36880861997f 100644 --- a/2022/39xxx/CVE-2022-39423.json +++ b/2022/39xxx/CVE-2022-39423.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/39xxx/CVE-2022-39424.json b/2022/39xxx/CVE-2022-39424.json index 7ffd5dad5125..0e14f1fceabc 100644 --- a/2022/39xxx/CVE-2022-39424.json +++ b/2022/39xxx/CVE-2022-39424.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/39xxx/CVE-2022-39425.json b/2022/39xxx/CVE-2022-39425.json index d0c7f0b75588..6b397933e9d7 100644 --- a/2022/39xxx/CVE-2022-39425.json +++ b/2022/39xxx/CVE-2022-39425.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/39xxx/CVE-2022-39426.json b/2022/39xxx/CVE-2022-39426.json index 20d3d193736e..f621114dfad3 100644 --- a/2022/39xxx/CVE-2022-39426.json +++ b/2022/39xxx/CVE-2022-39426.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/3xxx/CVE-2022-3140.json b/2022/3xxx/CVE-2022-3140.json index b47f8400e8bb..ffd54307a6e8 100644 --- a/2022/3xxx/CVE-2022-3140.json +++ b/2022/3xxx/CVE-2022-3140.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-775c747e4a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-04", + "url": "https://security.gentoo.org/glsa/202212-04" } ] }, diff --git a/2022/3xxx/CVE-2022-3204.json b/2022/3xxx/CVE-2022-3204.json index 8e8a3e0ac397..d74adf0ec0c9 100644 --- a/2022/3xxx/CVE-2022-3204.json +++ b/2022/3xxx/CVE-2022-3204.json @@ -80,6 +80,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-204ee3da84", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-02", + "url": "https://security.gentoo.org/glsa/202212-02" } ] } diff --git a/2022/3xxx/CVE-2022-3479.json b/2022/3xxx/CVE-2022-3479.json index 7f524261abfa..dbc493e817c4 100644 --- a/2022/3xxx/CVE-2022-3479.json +++ b/2022/3xxx/CVE-2022-3479.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134331" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-05", + "url": "https://security.gentoo.org/glsa/202212-05" } ] }, diff --git a/2022/42xxx/CVE-2022-42915.json b/2022/42xxx/CVE-2022-42915.json index f9768dd8085b..ec47427cbb7c 100644 --- a/2022/42xxx/CVE-2022-42915.json +++ b/2022/42xxx/CVE-2022-42915.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221209-0010/", "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] } diff --git a/2022/42xxx/CVE-2022-42916.json b/2022/42xxx/CVE-2022-42916.json index 17c6d85c6ff3..51db680704cb 100644 --- a/2022/42xxx/CVE-2022-42916.json +++ b/2022/42xxx/CVE-2022-42916.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221209-0010/", "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] } From ac44d2536407255c0f1736935bd19b6a22339e32 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 06:00:39 +0000 Subject: [PATCH 107/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47523.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47524.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2022/47xxx/CVE-2022-47523.json create mode 100644 2022/47xxx/CVE-2022-47524.json diff --git a/2022/47xxx/CVE-2022-47523.json b/2022/47xxx/CVE-2022-47523.json new file mode 100644 index 000000000000..1c0e089c409b --- /dev/null +++ b/2022/47xxx/CVE-2022-47523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47523", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47524.json b/2022/47xxx/CVE-2022-47524.json new file mode 100644 index 000000000000..5c2b82dc9579 --- /dev/null +++ b/2022/47xxx/CVE-2022-47524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From a4165cf69fbb51cd961944e515c2a37e1ccf789e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 07:00:40 +0000 Subject: [PATCH 108/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47525.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47526.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47527.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47528.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47529.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47530.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47531.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47532.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47533.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47534.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47535.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47536.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47537.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47538.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47539.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47540.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47541.json | 18 ++++++++++++++++++ 17 files changed, 306 insertions(+) create mode 100644 2022/47xxx/CVE-2022-47525.json create mode 100644 2022/47xxx/CVE-2022-47526.json create mode 100644 2022/47xxx/CVE-2022-47527.json create mode 100644 2022/47xxx/CVE-2022-47528.json create mode 100644 2022/47xxx/CVE-2022-47529.json create mode 100644 2022/47xxx/CVE-2022-47530.json create mode 100644 2022/47xxx/CVE-2022-47531.json create mode 100644 2022/47xxx/CVE-2022-47532.json create mode 100644 2022/47xxx/CVE-2022-47533.json create mode 100644 2022/47xxx/CVE-2022-47534.json create mode 100644 2022/47xxx/CVE-2022-47535.json create mode 100644 2022/47xxx/CVE-2022-47536.json create mode 100644 2022/47xxx/CVE-2022-47537.json create mode 100644 2022/47xxx/CVE-2022-47538.json create mode 100644 2022/47xxx/CVE-2022-47539.json create mode 100644 2022/47xxx/CVE-2022-47540.json create mode 100644 2022/47xxx/CVE-2022-47541.json diff --git a/2022/47xxx/CVE-2022-47525.json b/2022/47xxx/CVE-2022-47525.json new file mode 100644 index 000000000000..719b0c05b3fc --- /dev/null +++ b/2022/47xxx/CVE-2022-47525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47526.json b/2022/47xxx/CVE-2022-47526.json new file mode 100644 index 000000000000..6914f0c75c2a --- /dev/null +++ b/2022/47xxx/CVE-2022-47526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47527.json b/2022/47xxx/CVE-2022-47527.json new file mode 100644 index 000000000000..98f6102c2dde --- /dev/null +++ b/2022/47xxx/CVE-2022-47527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47528.json b/2022/47xxx/CVE-2022-47528.json new file mode 100644 index 000000000000..91d145cadf4f --- /dev/null +++ b/2022/47xxx/CVE-2022-47528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47529.json b/2022/47xxx/CVE-2022-47529.json new file mode 100644 index 000000000000..39e16bb0f783 --- /dev/null +++ b/2022/47xxx/CVE-2022-47529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47530.json b/2022/47xxx/CVE-2022-47530.json new file mode 100644 index 000000000000..eecbe00fc247 --- /dev/null +++ b/2022/47xxx/CVE-2022-47530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47531.json b/2022/47xxx/CVE-2022-47531.json new file mode 100644 index 000000000000..d3dee866cf41 --- /dev/null +++ b/2022/47xxx/CVE-2022-47531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47532.json b/2022/47xxx/CVE-2022-47532.json new file mode 100644 index 000000000000..1c7b9a42fc39 --- /dev/null +++ b/2022/47xxx/CVE-2022-47532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47533.json b/2022/47xxx/CVE-2022-47533.json new file mode 100644 index 000000000000..bdeaf882b1bd --- /dev/null +++ b/2022/47xxx/CVE-2022-47533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47534.json b/2022/47xxx/CVE-2022-47534.json new file mode 100644 index 000000000000..a32719fb3aae --- /dev/null +++ b/2022/47xxx/CVE-2022-47534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47535.json b/2022/47xxx/CVE-2022-47535.json new file mode 100644 index 000000000000..fa737eac1d47 --- /dev/null +++ b/2022/47xxx/CVE-2022-47535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47536.json b/2022/47xxx/CVE-2022-47536.json new file mode 100644 index 000000000000..59b65afaeed8 --- /dev/null +++ b/2022/47xxx/CVE-2022-47536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47537.json b/2022/47xxx/CVE-2022-47537.json new file mode 100644 index 000000000000..8446ba582799 --- /dev/null +++ b/2022/47xxx/CVE-2022-47537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47538.json b/2022/47xxx/CVE-2022-47538.json new file mode 100644 index 000000000000..79a330a4159e --- /dev/null +++ b/2022/47xxx/CVE-2022-47538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47539.json b/2022/47xxx/CVE-2022-47539.json new file mode 100644 index 000000000000..0a6477e04924 --- /dev/null +++ b/2022/47xxx/CVE-2022-47539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47540.json b/2022/47xxx/CVE-2022-47540.json new file mode 100644 index 000000000000..9fda8cdeb4db --- /dev/null +++ b/2022/47xxx/CVE-2022-47540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47541.json b/2022/47xxx/CVE-2022-47541.json new file mode 100644 index 000000000000..3d7b5fe71e1f --- /dev/null +++ b/2022/47xxx/CVE-2022-47541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From fcc0183438ad3d28a9e322fa7a1d4e0fe2476e55 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 08:00:41 +0000 Subject: [PATCH 109/754] "-Synchronized-Data." --- 2022/47xxx/CVE-2022-47542.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47543.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47544.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47545.json | 18 ++++++++++++++++++ 2022/47xxx/CVE-2022-47546.json | 18 ++++++++++++++++++ 5 files changed, 90 insertions(+) create mode 100644 2022/47xxx/CVE-2022-47542.json create mode 100644 2022/47xxx/CVE-2022-47543.json create mode 100644 2022/47xxx/CVE-2022-47544.json create mode 100644 2022/47xxx/CVE-2022-47545.json create mode 100644 2022/47xxx/CVE-2022-47546.json diff --git a/2022/47xxx/CVE-2022-47542.json b/2022/47xxx/CVE-2022-47542.json new file mode 100644 index 000000000000..d6d886619823 --- /dev/null +++ b/2022/47xxx/CVE-2022-47542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47543.json b/2022/47xxx/CVE-2022-47543.json new file mode 100644 index 000000000000..1f59bce653d2 --- /dev/null +++ b/2022/47xxx/CVE-2022-47543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47544.json b/2022/47xxx/CVE-2022-47544.json new file mode 100644 index 000000000000..0fadaee06b36 --- /dev/null +++ b/2022/47xxx/CVE-2022-47544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47545.json b/2022/47xxx/CVE-2022-47545.json new file mode 100644 index 000000000000..ea43f5042748 --- /dev/null +++ b/2022/47xxx/CVE-2022-47545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47546.json b/2022/47xxx/CVE-2022-47546.json new file mode 100644 index 000000000000..f16a66018fcb --- /dev/null +++ b/2022/47xxx/CVE-2022-47546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 00e24fd3614f1c82118da60bdb5e1b7c3e8cb18b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 09:00:41 +0000 Subject: [PATCH 110/754] "-Synchronized-Data." --- 2016/20xxx/CVE-2016-20018.json | 67 ++++++++++++++++++ 2022/47xxx/CVE-2022-47547.json | 62 ++++++++++++++++ 2022/47xxx/CVE-2022-47548.json | 18 +++++ 2022/47xxx/CVE-2022-47549.json | 67 ++++++++++++++++++ 2022/47xxx/CVE-2022-47550.json | 18 +++++ 2022/47xxx/CVE-2022-47551.json | 18 +++++ 2022/47xxx/CVE-2022-47552.json | 18 +++++ 2022/4xxx/CVE-2022-4427.json | 126 +++++++++++++++++++++++++++++++-- 8 files changed, 390 insertions(+), 4 deletions(-) create mode 100644 2016/20xxx/CVE-2016-20018.json create mode 100644 2022/47xxx/CVE-2022-47547.json create mode 100644 2022/47xxx/CVE-2022-47548.json create mode 100644 2022/47xxx/CVE-2022-47549.json create mode 100644 2022/47xxx/CVE-2022-47550.json create mode 100644 2022/47xxx/CVE-2022-47551.json create mode 100644 2022/47xxx/CVE-2022-47552.json diff --git a/2016/20xxx/CVE-2016-20018.json b/2016/20xxx/CVE-2016-20018.json new file mode 100644 index 000000000000..f52015079d14 --- /dev/null +++ b/2016/20xxx/CVE-2016-20018.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-20018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ghostccamm.com/blog/knex_sqli/", + "refsource": "MISC", + "name": "https://www.ghostccamm.com/blog/knex_sqli/" + }, + { + "url": "https://github.com/knex/knex/issues/1227", + "refsource": "MISC", + "name": "https://github.com/knex/knex/issues/1227" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47547.json b/2022/47xxx/CVE-2022-47547.json new file mode 100644 index 000000000000..7fd2dcceadc7 --- /dev/null +++ b/2022/47xxx/CVE-2022-47547.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://arxiv.org/pdf/2212.05197.pdf", + "refsource": "MISC", + "name": "https://arxiv.org/pdf/2212.05197.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47548.json b/2022/47xxx/CVE-2022-47548.json new file mode 100644 index 000000000000..8091c5f7aa1e --- /dev/null +++ b/2022/47xxx/CVE-2022-47548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47549.json b/2022/47xxx/CVE-2022-47549.json new file mode 100644 index 000000000000..c97f0a78e944 --- /dev/null +++ b/2022/47xxx/CVE-2022-47549.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2022-47549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g", + "refsource": "MISC", + "name": "https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g" + }, + { + "url": "https://people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on_ARM_TrustZone_through_EM_faults_coredumps_and_UUID_confusion.pdf", + "refsource": "MISC", + "name": "https://people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on_ARM_TrustZone_through_EM_faults_coredumps_and_UUID_confusion.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47550.json b/2022/47xxx/CVE-2022-47550.json new file mode 100644 index 000000000000..fb1c96834681 --- /dev/null +++ b/2022/47xxx/CVE-2022-47550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47551.json b/2022/47xxx/CVE-2022-47551.json new file mode 100644 index 000000000000..e1354a1d8f68 --- /dev/null +++ b/2022/47xxx/CVE-2022-47551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47552.json b/2022/47xxx/CVE-2022-47552.json new file mode 100644 index 000000000000..def893b9dcbc --- /dev/null +++ b/2022/47xxx/CVE-2022-47552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4427.json b/2022/4xxx/CVE-2022-4427.json index 1f7cf2471abf..94db149bbde9 100644 --- a/2022/4xxx/CVE-2022-4427.json +++ b/2022/4xxx/CVE-2022-4427.json @@ -1,17 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@otrs.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OTRS AG", + "product": { + "product_data": [ + { + "product_name": "OTRS", + "version": { + "version_data": [ + { + "version_value": "7.0.1", + "version_affected": "=" + }, + { + "version_value": "8.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "((OTRS)) Community Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/", + "refsource": "MISC", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "OSA-2022-15", + "discovery": "EXTERNAL" + }, + "configuration": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "TicketSearch Webservice has to be configured
" + } + ], + "value": "TicketSearch Webservice has to be configured\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to OTRS 7.0.40 Patch 1 or OTRS 8.0.28 Patch 1 released on 19th December 2022
" + } + ], + "value": "Update to OTRS 7.0.40 Patch 1 or OTRS 8.0.28 Patch 1 released on 19th December 2022\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Special thanks to Tim P\u00fcttmanns for reporting these vulnerability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } From fe57a2904e02f2064874abc38c3e1e6b626638bd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 10:00:39 +0000 Subject: [PATCH 111/754] "-Synchronized-Data." --- 2022/39xxx/CVE-2022-39842.json | 7 ++++++- 2022/4xxx/CVE-2022-4608.json | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 2022/4xxx/CVE-2022-4608.json diff --git a/2022/39xxx/CVE-2022-39842.json b/2022/39xxx/CVE-2022-39842.json index d707c4ae6ff7..360e2250172e 100644 --- a/2022/39xxx/CVE-2022-39842.json +++ b/2022/39xxx/CVE-2022-39842.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur." + "value": "** DISPUTED ** An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen." } ] }, @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/all/YylaC1wHHyLw22D3@kadam/T/", + "url": "https://lore.kernel.org/all/YylaC1wHHyLw22D3@kadam/T/" } ] } diff --git a/2022/4xxx/CVE-2022-4608.json b/2022/4xxx/CVE-2022-4608.json new file mode 100644 index 000000000000..832c12327248 --- /dev/null +++ b/2022/4xxx/CVE-2022-4608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 729f36021d0a004e0d1e2d106bde766ac3eb90ed Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Mon, 19 Dec 2022 11:32:06 +0100 Subject: [PATCH 112/754] CVE-2022-3875 - CVE-2022-3877 --- 2022/3xxx/CVE-2022-3875.json | 74 ++++++++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3876.json | 74 ++++++++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3877.json | 74 ++++++++++++++++++++++++++++++++++-- 3 files changed, 213 insertions(+), 9 deletions(-) diff --git a/2022/3xxx/CVE-2022-3875.json b/2022/3xxx/CVE-2022-3875.json index 6100cfd380a0..9791482d04ad 100644 --- a/2022/3xxx/CVE-2022-3875.json +++ b/2022/3xxx/CVE-2022-3875.json @@ -4,14 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3875", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Click Studios Passwordstate API authentication bypass by assumed-immutable data", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Click Studios", + "product": { + "product_data": [ + { + "product_name": "Passwordstate", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + }, + { + "product_name": "Passwordstate Browser Extension Chrome", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-302 Authentication Bypass by Assumed-Immutable Data" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + }, + { + "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + }, + { + "url": "https:\/\/vuldb.com\/?id.216244" } ] } diff --git a/2022/3xxx/CVE-2022-3876.json b/2022/3xxx/CVE-2022-3876.json index d4e57a0bed8d..44efd523df40 100644 --- a/2022/3xxx/CVE-2022-3876.json +++ b/2022/3xxx/CVE-2022-3876.json @@ -4,14 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Click Studios Passwordstate API authorization", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Click Studios", + "product": { + "product_data": [ + { + "product_name": "Passwordstate", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + }, + { + "product_name": "Passwordstate Browser Extension Chrome", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266 Incorrect Privilege Assignment -> CWE-285 Improper Authorization -> CWE-639 Authorization Bypass" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file \/api\/browserextension\/UpdatePassword\/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + }, + { + "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + }, + { + "url": "https:\/\/vuldb.com\/?id.216245" } ] } diff --git a/2022/3xxx/CVE-2022-3877.json b/2022/3xxx/CVE-2022-3877.json index b1adc08fd9dd..e1f96e3343ab 100644 --- a/2022/3xxx/CVE-2022-3877.json +++ b/2022/3xxx/CVE-2022-3877.json @@ -4,14 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Click Studios Passwordstate URL Field cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Click Studios", + "product": { + "product_data": [ + { + "product_name": "Passwordstate", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + }, + { + "product_name": "Passwordstate Browser Extension Chrome", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216246 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + }, + { + "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + }, + { + "url": "https:\/\/vuldb.com\/?id.216246" } ] } From 40cfb6fdfcfa206b1380179061d3a0c7067d61b2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 11:00:42 +0000 Subject: [PATCH 113/754] "-Synchronized-Data." --- 2022/1xxx/CVE-2022-1471.json | 15 +++++++ 2022/32xxx/CVE-2022-32749.json | 68 +++++++++++++++++++++++++++--- 2022/37xxx/CVE-2022-37392.json | 68 +++++++++++++++++++++++++++--- 2022/38xxx/CVE-2022-38653.json | 77 ++++++++++++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38659.json | 77 ++++++++++++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38662.json | 77 ++++++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3875.json | 18 +++++--- 2022/3xxx/CVE-2022-3876.json | 20 +++++---- 2022/3xxx/CVE-2022-3877.json | 18 +++++--- 2022/42xxx/CVE-2022-42453.json | 77 ++++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44750.json | 77 ++++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44751.json | 77 ++++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44752.json | 77 ++++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44753.json | 77 ++++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44754.json | 77 ++++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44755.json | 77 ++++++++++++++++++++++++++++++++-- 2022/47xxx/CVE-2022-47500.json | 68 +++++++++++++++++++++++++++--- 17 files changed, 971 insertions(+), 74 deletions(-) diff --git a/2022/1xxx/CVE-2022-1471.json b/2022/1xxx/CVE-2022-1471.json index ba06054f09e9..9a81fc1e3551 100644 --- a/2022/1xxx/CVE-2022-1471.json +++ b/2022/1xxx/CVE-2022-1471.json @@ -58,6 +58,21 @@ "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "refsource": "MISC", "name": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" + }, + { + "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479", + "refsource": "MISC", + "name": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479" + }, + { + "url": "https://github.com/mbechler/marshalsec", + "refsource": "MISC", + "name": "https://github.com/mbechler/marshalsec" + }, + { + "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", + "refsource": "MISC", + "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" } ] }, diff --git a/2022/32xxx/CVE-2022-32749.json b/2022/32xxx/CVE-2022-32749.json index bc80942e6930..2e852da3d538 100644 --- a/2022/32xxx/CVE-2022-32749.json +++ b/2022/32xxx/CVE-2022-32749.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "8.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Vijay Mamidi" + } + ] } \ No newline at end of file diff --git a/2022/37xxx/CVE-2022-37392.json b/2022/37xxx/CVE-2022-37392.json index c5342fd95c49..bfc09024fefc 100644 --- a/2022/37xxx/CVE-2022-37392.json +++ b/2022/37xxx/CVE-2022-37392.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "8.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Menno de Gier" + } + ] } \ No newline at end of file diff --git a/2022/38xxx/CVE-2022-38653.json b/2022/38xxx/CVE-2022-38653.json index bf7fa345c192..9136a952973b 100644 --- a/2022/38xxx/CVE-2022-38653.json +++ b/2022/38xxx/CVE-2022-38653.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Digital Experience", + "version": { + "version_data": [ + { + "version_value": "8.5, 9.0, 9.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/38xxx/CVE-2022-38659.json b/2022/38xxx/CVE-2022-38659.json index 70c3ce98e410..93b9dd1b87eb 100644 --- a/2022/38xxx/CVE-2022-38659.json +++ b/2022/38xxx/CVE-2022-38659.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.5 - 9.5.20, 10 - 10.0.7", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2022/38xxx/CVE-2022-38662.json b/2022/38xxx/CVE-2022-38662.json index 6b729ee60e31..13a95216659b 100644 --- a/2022/38xxx/CVE-2022-38662.json +++ b/2022/38xxx/CVE-2022-38662.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "HCL Digital Experience", + "version": { + "version_data": [ + { + "version_value": "8.5, 9.0, 9.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3875.json b/2022/3xxx/CVE-2022-3875.json index 9791482d04ad..cff17872d2e2 100644 --- a/2022/3xxx/CVE-2022-3875.json +++ b/2022/3xxx/CVE-2022-3875.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -32,7 +32,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -67,19 +67,25 @@ "cvss": { "version": "3.1", "baseScore": "7.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + "url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", + "refsource": "MISC", + "name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html" }, { - "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + "url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf", + "refsource": "MISC", + "name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" }, { - "url": "https:\/\/vuldb.com\/?id.216244" + "url": "https://vuldb.com/?id.216244", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216244" } ] } diff --git a/2022/3xxx/CVE-2022-3876.json b/2022/3xxx/CVE-2022-3876.json index 44efd523df40..c7bee5715c6d 100644 --- a/2022/3xxx/CVE-2022-3876.json +++ b/2022/3xxx/CVE-2022-3876.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -32,7 +32,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -59,7 +59,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file \/api\/browserextension\/UpdatePassword\/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability." + "value": "A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability." } ] }, @@ -67,19 +67,25 @@ "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + "url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", + "refsource": "MISC", + "name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html" }, { - "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + "url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf", + "refsource": "MISC", + "name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" }, { - "url": "https:\/\/vuldb.com\/?id.216245" + "url": "https://vuldb.com/?id.216245", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216245" } ] } diff --git a/2022/3xxx/CVE-2022-3877.json b/2022/3xxx/CVE-2022-3877.json index e1f96e3343ab..f075752fa89c 100644 --- a/2022/3xxx/CVE-2022-3877.json +++ b/2022/3xxx/CVE-2022-3877.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -32,7 +32,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -67,19 +67,25 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + "url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", + "refsource": "MISC", + "name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html" }, { - "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + "url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf", + "refsource": "MISC", + "name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" }, { - "url": "https:\/\/vuldb.com\/?id.216246" + "url": "https://vuldb.com/?id.216246", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216246" } ] } diff --git a/2022/42xxx/CVE-2022-42453.json b/2022/42xxx/CVE-2022-42453.json index 49556feeb47a..1d59f72e4466 100644 --- a/2022/42xxx/CVE-2022-42453.json +++ b/2022/42xxx/CVE-2022-42453.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42453", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.5 - 9.5.20, 10 - 10.0.7", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2022/44xxx/CVE-2022-44750.json b/2022/44xxx/CVE-2022-44750.json index d3d570a04aac..8786c3ac8b25 100644 --- a/2022/44xxx/CVE-2022-44750.json +++ b/2022/44xxx/CVE-2022-44750.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "IBM Domino", + "version": { + "version_data": [ + { + "version_value": "9", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/44xxx/CVE-2022-44751.json b/2022/44xxx/CVE-2022-44751.json index 31aedecb672d..ed75e9a480bd 100644 --- a/2022/44xxx/CVE-2022-44751.json +++ b/2022/44xxx/CVE-2022-44751.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44751", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "IBM Notes", + "version": { + "version_data": [ + { + "version_value": "9, 10", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/44xxx/CVE-2022-44752.json b/2022/44xxx/CVE-2022-44752.json index 16be1c721a58..7671c87fa205 100644 --- a/2022/44xxx/CVE-2022-44752.json +++ b/2022/44xxx/CVE-2022-44752.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "IBM Domino", + "version": { + "version_data": [ + { + "version_value": "9", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/44xxx/CVE-2022-44753.json b/2022/44xxx/CVE-2022-44753.json index 7fbad026a195..c6e6d5b45557 100644 --- a/2022/44xxx/CVE-2022-44753.json +++ b/2022/44xxx/CVE-2022-44753.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "IBM Notes", + "version": { + "version_data": [ + { + "version_value": "9, 10", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/44xxx/CVE-2022-44754.json b/2022/44xxx/CVE-2022-44754.json index 9c573eb8ea09..7b21b9791830 100644 --- a/2022/44xxx/CVE-2022-44754.json +++ b/2022/44xxx/CVE-2022-44754.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "IBM Domino", + "version": { + "version_data": [ + { + "version_value": "9", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/44xxx/CVE-2022-44755.json b/2022/44xxx/CVE-2022-44755.json index 5890d699f4df..4071e04fa7c0 100644 --- a/2022/44xxx/CVE-2022-44755.json +++ b/2022/44xxx/CVE-2022-44755.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "IBM Notes", + "version": { + "version_data": [ + { + "version_value": "9, 10", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/47xxx/CVE-2022-47500.json b/2022/47xxx/CVE-2022-47500.json index ea0b43bee2e8..bbd8d89c473a 100644 --- a/2022/47xxx/CVE-2022-47500.json +++ b/2022/47xxx/CVE-2022-47500.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Helix", + "version": { + "version_data": [ + { + "version_value": "0.8.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/lr74xtxxbb1t3dfn5qzzwl2xjr3qlbmh", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/lr74xtxxbb1t3dfn5qzzwl2xjr3qlbmh" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Everardo Padilla Saca" + } + ] } \ No newline at end of file From 24dc68f682078c07864f53d907e089e820dd5859 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 12:00:42 +0000 Subject: [PATCH 114/754] "-Synchronized-Data." --- 2022/40xxx/CVE-2022-40743.json | 81 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4609.json | 18 ++++++++ 2 files changed, 94 insertions(+), 5 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4609.json diff --git a/2022/40xxx/CVE-2022-40743.json b/2022/40xxx/CVE-2022-40743.json index c28327b3fd98..e642ef5eafa4 100644 --- a/2022/40xxx/CVE-2022-40743.json +++ b/2022/40xxx/CVE-2022-40743.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "9.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Disable the xdebug plugin or change the default header to activate the plugin." + } + ], + "value": "Disable the xdebug plugin or change the default header to activate the plugin." + } + ], + "credits": [ + { + "lang": "en", + "value": "Nick Frost" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4609.json b/2022/4xxx/CVE-2022-4609.json new file mode 100644 index 000000000000..0370304e9555 --- /dev/null +++ b/2022/4xxx/CVE-2022-4609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From a17f60205e3922bfd11be501662ac9571576b840 Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Mon, 19 Dec 2022 04:07:57 -0800 Subject: [PATCH 115/754] 5b3115c5-776c-43d3-a7be-c8dc13ab81ce --- 2022/4xxx/CVE-2022-4609.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4609.json b/2022/4xxx/CVE-2022-4609.json index 0370304e9555..e8ab1517ac60 100644 --- a/2022/4xxx/CVE-2022-4609.json +++ b/2022/4xxx/CVE-2022-4609.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4609", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in usememos/memos" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "usememos/memos", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "0.9.0" + } + ] + } + } + ] + }, + "vendor_name": "usememos" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce" + }, + { + "name": "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212", + "refsource": "MISC", + "url": "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212" + } + ] + }, + "source": { + "advisory": "5b3115c5-776c-43d3-a7be-c8dc13ab81ce", + "discovery": "EXTERNAL" + } } \ No newline at end of file From 8b8ab848688dca2c1c320d956353c29fd403f47b Mon Sep 17 00:00:00 2001 From: uuren Date: Mon, 19 Dec 2022 15:11:52 +0300 Subject: [PATCH 116/754] TR-CERT/CVE-2022-4422/20221219 --- 2022/4xxx/CVE-2022-4422.json | 110 ++++++++++++++++++++++++++++++----- 1 file changed, 96 insertions(+), 14 deletions(-) diff --git a/2022/4xxx/CVE-2022-4422.json b/2022/4xxx/CVE-2022-4422.json index 2abbc8febccd..9a47e2c8394e 100644 --- a/2022/4xxx/CVE-2022-4422.json +++ b/2022/4xxx/CVE-2022-4422.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "CVE_data_meta": { + "ID": "CVE-2022-4422", + "ASSIGNER": "cve@usom.gov.tr", + "DATE_PUBLIC": "2022-12-19T11:00:00.000Z", + "TITLE": "BULUTDESK CALLCENTER SQL Ä°njection", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [ + "SQL", + "Ä°njection" + ], + "advisory": "Call center System developed by Bulutses Bilgi Teknolojileri before version 3.0 has an unauthenticated Sql Ä°njection vulnerability. This has been fixed in the version 3.0 ", + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bulutses Bilgi Teknolojileri LTD. ÅžTÄ°.", + "product": { + "product_data": [ + { + "product_name": "BULUTDESK CALLCENTER", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "3.0", + "platform": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Call center System developed by Bulutses Bilgi Teknolojileri before version 3.0 has an unauthenticated Sql Ä°njection vulnerability. This has been fixed in the version 3.0 " + } ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This issue affects:\nBulutses Bilgi Teknolojileri LTD. ÅžTÄ°. BULUTDESK CALLCENTER\nversions prior to 3.0." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.usom.gov.tr/bildirim/tr-22-0747", + "name": "" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [] } \ No newline at end of file From d802f1bdf96269f2617a0ea4233e682062fcd8d1 Mon Sep 17 00:00:00 2001 From: uuren Date: Mon, 19 Dec 2022 15:48:50 +0300 Subject: [PATCH 117/754] TR-CERT/CVE-2022-3792/20221219 --- 2022/3xxx/CVE-2022-3792.json | 120 +++++++++++++++++++++++++++++++---- 1 file changed, 106 insertions(+), 14 deletions(-) diff --git a/2022/3xxx/CVE-2022-3792.json b/2022/3xxx/CVE-2022-3792.json index 1b34b800ba96..de2d1241c834 100644 --- a/2022/3xxx/CVE-2022-3792.json +++ b/2022/3xxx/CVE-2022-3792.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-3792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "CVE_data_meta": { + "ID": "CVE-2022-4422", + "ASSIGNER": "cve@usom.gov.tr", + "DATE_PUBLIC": "2022-12-19T12:00:00.000Z", + "TITLE": "GullsEye terminal operating system SQL Ä°njection", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [ + "SQL", + "Ä°njection" + ], + "advisory": "GullsEye terminal operating system developed by GullsEye before version 5.0.13 has an unauthenticated Sql Ä°njection vulnerability. This has been fixed in the version 5.0.13", + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GullsEye", + "product": { + "product_data": [ + { + "product_name": "GullsEye terminal operating system", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "5.0.13", + "platform": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "GullsEye terminal operating system developed by GullsEye before version 5.0.13 has an unauthenticated Sql Ä°njection vulnerability. This has been fixed in the version 5.0.13" + } ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This issue affects:\nTerminal Operating System versions before 5.0.13" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.usom.gov.tr/bildirim/tr-22-0747-2", + "name": "" + }, + { + "refsource": "CONFIRM", + "url": "https://omrylmz.com/cve-2022-3792-terminal-operation-system/", + "name": "" + }, + { + "refsource": "CONFIRM", + "url": "https://fordefence.com/cve-2022-3792-gullseye-terminal-operation-system/", + "name": "" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [] } \ No newline at end of file From 3969d5b09a7eb8d52e8211b64a5e685ef06b10fd Mon Sep 17 00:00:00 2001 From: TR-CERT <90907036+TR-CERT@users.noreply.github.com> Date: Mon, 19 Dec 2022 15:54:43 +0300 Subject: [PATCH 118/754] Update CVE-2022-3792.json --- 2022/3xxx/CVE-2022-3792.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2022/3xxx/CVE-2022-3792.json b/2022/3xxx/CVE-2022-3792.json index de2d1241c834..c5dd894d92ec 100644 --- a/2022/3xxx/CVE-2022-3792.json +++ b/2022/3xxx/CVE-2022-3792.json @@ -6,7 +6,7 @@ "engine": "Vulnogram 0.0.9" }, "CVE_data_meta": { - "ID": "CVE-2022-4422", + "ID": "CVE-2022-3792", "ASSIGNER": "cve@usom.gov.tr", "DATE_PUBLIC": "2022-12-19T12:00:00.000Z", "TITLE": "GullsEye terminal operating system SQL Ä°njection", @@ -107,4 +107,4 @@ "work_around": [], "solution": [], "credit": [] -} \ No newline at end of file +} From 60cab6d4c06c3c35782e2fbcb5187a263675d798 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 14:00:40 +0000 Subject: [PATCH 119/754] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36618.json | 18 ++++++++ 2020/36xxx/CVE-2020-36619.json | 18 ++++++++ 2021/4xxx/CVE-2021-4258.json | 18 ++++++++ 2021/4xxx/CVE-2021-4259.json | 18 ++++++++ 2021/4xxx/CVE-2021-4260.json | 18 ++++++++ 2021/4xxx/CVE-2021-4261.json | 18 ++++++++ 2021/4xxx/CVE-2021-4262.json | 18 ++++++++ 2022/3xxx/CVE-2022-3832.json | 67 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3937.json | 67 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3961.json | 67 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3983.json | 67 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3984.json | 67 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3985.json | 67 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3986.json | 67 +++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3987.json | 67 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4024.json | 75 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4050.json | 67 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4058.json | 75 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4061.json | 67 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4063.json | 67 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4106.json | 67 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4107.json | 75 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4108.json | 67 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4112.json | 67 +++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4124.json | 75 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4125.json | 75 +++++++++++++++++++++++++++++++--- 26 files changed, 1344 insertions(+), 95 deletions(-) create mode 100644 2020/36xxx/CVE-2020-36618.json create mode 100644 2020/36xxx/CVE-2020-36619.json create mode 100644 2021/4xxx/CVE-2021-4258.json create mode 100644 2021/4xxx/CVE-2021-4259.json create mode 100644 2021/4xxx/CVE-2021-4260.json create mode 100644 2021/4xxx/CVE-2021-4261.json create mode 100644 2021/4xxx/CVE-2021-4262.json diff --git a/2020/36xxx/CVE-2020-36618.json b/2020/36xxx/CVE-2020-36618.json new file mode 100644 index 000000000000..06713eda4f6c --- /dev/null +++ b/2020/36xxx/CVE-2020-36618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36619.json b/2020/36xxx/CVE-2020-36619.json new file mode 100644 index 000000000000..a52933b4ef3b --- /dev/null +++ b/2020/36xxx/CVE-2020-36619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4258.json b/2021/4xxx/CVE-2021-4258.json new file mode 100644 index 000000000000..8c9f1c625368 --- /dev/null +++ b/2021/4xxx/CVE-2021-4258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4259.json b/2021/4xxx/CVE-2021-4259.json new file mode 100644 index 000000000000..784402eca794 --- /dev/null +++ b/2021/4xxx/CVE-2021-4259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4260.json b/2021/4xxx/CVE-2021-4260.json new file mode 100644 index 000000000000..7b7aa15f6598 --- /dev/null +++ b/2021/4xxx/CVE-2021-4260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4261.json b/2021/4xxx/CVE-2021-4261.json new file mode 100644 index 000000000000..9dc4f4c76e72 --- /dev/null +++ b/2021/4xxx/CVE-2021-4261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4262.json b/2021/4xxx/CVE-2021-4262.json new file mode 100644 index 000000000000..40d985d8737d --- /dev/null +++ b/2021/4xxx/CVE-2021-4262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3832.json b/2022/3xxx/CVE-2022-3832.json index 9822e68e3e40..d380ff87fd77 100644 --- a/2022/3xxx/CVE-2022-3832.json +++ b/2022/3xxx/CVE-2022-3832.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "External Media", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/458ec2fd-4175-4cb4-b334-b63f6e643b92", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/458ec2fd-4175-4cb4-b334-b63f6e643b92" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "zhangyunpei" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3937.json b/2022/3xxx/CVE-2022-3937.json index 6b4bfa79d8b8..bc26f89c1659 100644 --- a/2022/3xxx/CVE-2022-3937.json +++ b/2022/3xxx/CVE-2022-3937.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3937", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Easy Video Player", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/ac7158c5-3d11-4865-b26f-41ab5a8120af", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/ac7158c5-3d11-4865-b26f-41ab5a8120af" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3961.json b/2022/3xxx/CVE-2022-3961.json index 56e2e46b9b9c..adc1c983da97 100644 --- a/2022/3xxx/CVE-2022-3961.json +++ b/2022/3xxx/CVE-2022-3961.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Directorist", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6aad6454-de1b-4304-9c14-05e28d08b253", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6aad6454-de1b-4304-9c14-05e28d08b253" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3983.json b/2022/3xxx/CVE-2022-3983.json index 5dc8ba8f8fa3..30d89d6b7af2 100644 --- a/2022/3xxx/CVE-2022-3983.json +++ b/2022/3xxx/CVE-2022-3983.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Checkout for PayPal", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0b48bbd6-7c77-44b8-a5d6-34e4a0747cf1", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0b48bbd6-7c77-44b8-a5d6-34e4a0747cf1" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3984.json b/2022/3xxx/CVE-2022-3984.json index eca01d8f040b..1cdb2de73687 100644 --- a/2022/3xxx/CVE-2022-3984.json +++ b/2022/3xxx/CVE-2022-3984.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Flowplayer Video Player", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/b4694e9d-3f38-4295-929d-0ad37b3cbbaa", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/b4694e9d-3f38-4295-929d-0ad37b3cbbaa" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3985.json b/2022/3xxx/CVE-2022-3985.json index f137d073089f..47a7eeb0eaf9 100644 --- a/2022/3xxx/CVE-2022-3985.json +++ b/2022/3xxx/CVE-2022-3985.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Videojs HTML5 Player", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/58f82e13-153e-41e8-a22b-a2e96b46a6dc", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/58f82e13-153e-41e8-a22b-a2e96b46a6dc" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3986.json b/2022/3xxx/CVE-2022-3986.json index dc4e61c8eb98..9142fba3e49c 100644 --- a/2022/3xxx/CVE-2022-3986.json +++ b/2022/3xxx/CVE-2022-3986.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Stripe Checkout", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/ad8077a1-7cbe-4aa1-ad7d-acb41027ed0a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/ad8077a1-7cbe-4aa1-ad7d-acb41027ed0a" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3987.json b/2022/3xxx/CVE-2022-3987.json index 746c4a636cef..acb2d5b3bc96 100644 --- a/2022/3xxx/CVE-2022-3987.json +++ b/2022/3xxx/CVE-2022-3987.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3987", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Responsive Lightbox2", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/d9309a09-34ba-4e56-b683-e677ad277b29", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/d9309a09-34ba-4e56-b683-e677ad277b29" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4024.json b/2022/4xxx/CVE-2022-4024.json index 4fb116d63049..0f42f468b0e5 100644 --- a/2022/4xxx/CVE-2022-4024.json +++ b/2022/4xxx/CVE-2022-4024.json @@ -1,18 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4024", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Registration Forms", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/a087fb45-6f6c-40ac-b48b-2cbceda86cbe" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4050.json b/2022/4xxx/CVE-2022-4050.json index e5c142e4bc81..833bd8c0ae21 100644 --- a/2022/4xxx/CVE-2022-4050.json +++ b/2022/4xxx/CVE-2022-4050.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "JoomSport", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4058.json b/2022/4xxx/CVE-2022-4058.json index 3a982e9a8f6e..85a963e827d4 100644 --- a/2022/4xxx/CVE-2022-4058.json +++ b/2022/4xxx/CVE-2022-4058.json @@ -1,18 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Photo Gallery by 10Web", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4061.json b/2022/4xxx/CVE-2022-4061.json index fcb6d2c997c7..0227d15c519d 100644 --- a/2022/4xxx/CVE-2022-4061.json +++ b/2022/4xxx/CVE-2022-4061.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "JobBoardWP", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4063.json b/2022/4xxx/CVE-2022-4063.json index 17fdfc988842..352916e4b71f 100644 --- a/2022/4xxx/CVE-2022-4063.json +++ b/2022/4xxx/CVE-2022-4063.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "InPost Gallery", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "cydave" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4106.json b/2022/4xxx/CVE-2022-4106.json index 6b99c232ec3a..c9d7b9cfa9af 100644 --- a/2022/4xxx/CVE-2022-4106.json +++ b/2022/4xxx/CVE-2022-4106.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 Files or Directories Accessible to External Parties" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Wholesale Market for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4107.json b/2022/4xxx/CVE-2022-4107.json index 106c5073fdc5..07d931d4c9f6 100644 --- a/2022/4xxx/CVE-2022-4107.json +++ b/2022/4xxx/CVE-2022-4107.json @@ -1,18 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 Files or Directories Accessible to External Parties" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "SMSA Shipping for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0b432858-722c-4bda-aa95-ad48e2097302" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4108.json b/2022/4xxx/CVE-2022-4108.json index b4c0b2eed3c9..01f607d6eb50 100644 --- a/2022/4xxx/CVE-2022-4108.json +++ b/2022/4xxx/CVE-2022-4108.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 Files or Directories Accessible to External Parties" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Wholesale Market for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/9d1770df-91f0-41e3-af0d-522ae4e62470", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/9d1770df-91f0-41e3-af0d-522ae4e62470" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4112.json b/2022/4xxx/CVE-2022-4112.json index 1b2ea4e4dc3b..117cb257be01 100644 --- a/2022/4xxx/CVE-2022-4112.json +++ b/2022/4xxx/CVE-2022-4112.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Quizlord", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/4cbce79d-9b7a-41f5-9c52-08933ea7c28e", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/4cbce79d-9b7a-41f5-9c52-08933ea7c28e" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Machupalli Sree Pragna" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4124.json b/2022/4xxx/CVE-2022-4124.json index 7cd0f3d6fd05..cd6cf6386264 100644 --- a/2022/4xxx/CVE-2022-4124.json +++ b/2022/4xxx/CVE-2022-4124.json @@ -1,18 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Popup Manager", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/60786bf8-c0d7-4d80-b189-866aba79bce2", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/60786bf8-c0d7-4d80-b189-866aba79bce2" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4125.json b/2022/4xxx/CVE-2022-4125.json index 4f5521243092..d2f94ed49128 100644 --- a/2022/4xxx/CVE-2022-4125.json +++ b/2022/4xxx/CVE-2022-4125.json @@ -1,18 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Popup Manager", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/7862084a-2821-4ef1-8d01-c9c8b3f28b05", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7862084a-2821-4ef1-8d01-c9c8b3f28b05" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ] } \ No newline at end of file From ecfb997f2c34003c356d0a0988d9f689f55903ea Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Mon, 19 Dec 2022 15:03:45 +0100 Subject: [PATCH 120/754] CVE-2020-36618 + CVE-2020-36619 --- 2020/36xxx/CVE-2020-36618.json | 64 ++++++++++++++++++++++++++++++-- 2020/36xxx/CVE-2020-36619.json | 67 ++++++++++++++++++++++++++++++++-- 2 files changed, 125 insertions(+), 6 deletions(-) diff --git a/2020/36xxx/CVE-2020-36618.json b/2020/36xxx/CVE-2020-36618.json index 06713eda4f6c..53856ca532d7 100644 --- a/2020/36xxx/CVE-2020-36618.json +++ b/2020/36xxx/CVE-2020-36618.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Furqan node-whois index.coffee prototype pollution", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Furqan", + "product": { + "product_data": [ + { + "product_name": "node-whois", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection -> CWE-94 Code Injection -> CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/FurqanSoftware\/node-whois\/pull\/105" + }, + { + "url": "https:\/\/github.com\/FurqanSoftware\/node-whois\/commit\/46ccc2aee8d063c7b6b4dee2c2834113b7286076" + }, + { + "url": "https:\/\/vuldb.com\/?id.216252" } ] } diff --git a/2020/36xxx/CVE-2020-36619.json b/2020/36xxx/CVE-2020-36619.json index a52933b4ef3b..1c80628c3c03 100644 --- a/2020/36xxx/CVE-2020-36619.json +++ b/2020/36xxx/CVE-2020-36619.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "multimon-ng demod_flex.c add_ch format string", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "multimon-ng", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-134 Format String" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/EliasOenal\/multimon-ng\/pull\/160" + }, + { + "url": "https:\/\/github.com\/EliasOenal\/multimon-ng\/releases\/tag\/1.2.0" + }, + { + "url": "https:\/\/github.com\/EliasOenal\/multimon-ng\/commit\/e5a51c508ef952e81a6da25b43034dd1ed023c07" + }, + { + "url": "https:\/\/vuldb.com\/?id.216269" } ] } From f68f0c35ad297b5aa3e2972f3114c08b6f2af0cc Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Mon, 19 Dec 2022 15:06:00 +0100 Subject: [PATCH 121/754] CVE-2021-4258 - CVE-2021-4262 --- 2021/4xxx/CVE-2021-4258.json | 61 ++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4259.json | 70 ++++++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4260.json | 61 ++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4261.json | 79 ++++++++++++++++++++++++++++++++++-- 2021/4xxx/CVE-2021-4262.json | 64 +++++++++++++++++++++++++++-- 5 files changed, 320 insertions(+), 15 deletions(-) diff --git a/2021/4xxx/CVE-2021-4258.json b/2021/4xxx/CVE-2021-4258.json index 8c9f1c625368..48459f459d32 100644 --- a/2021/4xxx/CVE-2021-4258.json +++ b/2021/4xxx/CVE-2021-4258.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4258", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "whohas Package Information cleartext transmission", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "whohas", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310 Cryptographic Issues -> CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.7", + "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/whohas\/whohas\/commit\/667c3e2e9178f15c23d7918b5db25cd0792c8472" + }, + { + "url": "https:\/\/vuldb.com\/?id.216251" } ] } diff --git a/2021/4xxx/CVE-2021-4259.json b/2021/4xxx/CVE-2021-4259.json index 784402eca794..ff7684854fcf 100644 --- a/2021/4xxx/CVE-2021-4259.json +++ b/2021/4xxx/CVE-2021-4259.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4259", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "phpRedisAdmin login.inc.php authHttpDigest wrong operator in string comparison", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "phpRedisAdmin", + "version": { + "version_data": [ + { + "version_value": "1.17.0" + }, + { + "version_value": "1.17.1" + }, + { + "version_value": "1.17.2" + }, + { + "version_value": "1.17.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-597 Use of Wrong Operator in String Comparison" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in phpRedisAdmin up to 1.17.3. It has been classified as problematic. This affects the function authHttpDigest of the file includes\/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216267." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.0", + "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/erikdubbelboer\/phpRedisAdmin\/commit\/31aa7661e6db6f4dffbf9a635817832a0a11c7d9" + }, + { + "url": "https:\/\/vuldb.com\/?id.216267" } ] } diff --git a/2021/4xxx/CVE-2021-4260.json b/2021/4xxx/CVE-2021-4260.json index 7b7aa15f6598..f23240614e85 100644 --- a/2021/4xxx/CVE-2021-4260.json +++ b/2021/4xxx/CVE-2021-4260.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "oils-js Web.js redirect", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "oils-js", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 Open Redirect" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core\/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/mannyvergel\/oils-js\/commit\/fad8fbae824a7d367dacb90d56cb02c5cb999d42" + }, + { + "url": "https:\/\/vuldb.com\/?id.216268" } ] } diff --git a/2021/4xxx/CVE-2021-4261.json b/2021/4xxx/CVE-2021-4261.json index 9dc4f4c76e72..d4b97bf88252 100644 --- a/2021/4xxx/CVE-2021-4261.json +++ b/2021/4xxx/CVE-2021-4261.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4261", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "pacman-canvas db-handler.php addHighscore sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "pacman-canvas", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + }, + { + "version_value": "1.0.1" + }, + { + "version_value": "1.0.2" + }, + { + "version_value": "1.0.3" + }, + { + "version_value": "1.0.4" + }, + { + "version_value": "1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data\/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/platzhersh\/pacman-canvas\/commit\/29522c90ca1cebfce6453a5af5a45281d99b0646" + }, + { + "url": "https:\/\/github.com\/platzhersh\/pacman-canvas\/releases\/tag\/1.0.6" + }, + { + "url": "https:\/\/vuldb.com\/?id.216270" } ] } diff --git a/2021/4xxx/CVE-2021-4262.json b/2021/4xxx/CVE-2021-4262.json index 40d985d8737d..fd9b1fc30f4d 100644 --- a/2021/4xxx/CVE-2021-4262.json +++ b/2021/4xxx/CVE-2021-4262.json @@ -4,14 +4,72 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4262", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "laravel-jqgrid", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src\/Mgallegos\/LaravelJqgrid\/Repositories\/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/github.com\/mgallegos\/laravel-jqgrid\/pull\/72" + }, + { + "url": "https:\/\/github.com\/mgallegos\/laravel-jqgrid\/commit\/fbc2d94f43d0dc772767a5bdb2681133036f935e" + }, + { + "url": "https:\/\/vuldb.com\/?id.216271" } ] } From 4a407d3a07ec9c5ac64fc26e8f23da0ba458f7af Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Mon, 19 Dec 2022 15:06:01 +0100 Subject: [PATCH 122/754] CVE-2021-4258 - CVE-2021-4262 From 4b443879a02a69869a788527a7492b15bfe40c13 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 15:00:40 +0000 Subject: [PATCH 123/754] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36618.json | 16 +++++++++++----- 2020/36xxx/CVE-2020-36619.json | 20 ++++++++++++++------ 2021/4xxx/CVE-2021-4258.json | 12 ++++++++---- 2021/4xxx/CVE-2021-4259.json | 12 ++++++++---- 2021/4xxx/CVE-2021-4260.json | 14 +++++++++----- 2021/4xxx/CVE-2021-4261.json | 16 +++++++++++----- 2021/4xxx/CVE-2021-4262.json | 18 ++++++++++++------ 2022/3xxx/CVE-2022-3166.json | 2 +- 2022/4xxx/CVE-2022-4610.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4611.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4612.json | 18 ++++++++++++++++++ 2022/4xxx/CVE-2022-4613.json | 18 ++++++++++++++++++ 12 files changed, 146 insertions(+), 36 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4610.json create mode 100644 2022/4xxx/CVE-2022-4611.json create mode 100644 2022/4xxx/CVE-2022-4612.json create mode 100644 2022/4xxx/CVE-2022-4613.json diff --git a/2020/36xxx/CVE-2020-36618.json b/2020/36xxx/CVE-2020-36618.json index 53856ca532d7..eba94790e053 100644 --- a/2020/36xxx/CVE-2020-36618.json +++ b/2020/36xxx/CVE-2020-36618.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/FurqanSoftware\/node-whois\/pull\/105" + "url": "https://github.com/FurqanSoftware/node-whois/pull/105", + "refsource": "MISC", + "name": "https://github.com/FurqanSoftware/node-whois/pull/105" }, { - "url": "https:\/\/github.com\/FurqanSoftware\/node-whois\/commit\/46ccc2aee8d063c7b6b4dee2c2834113b7286076" + "url": "https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076", + "refsource": "MISC", + "name": "https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076" }, { - "url": "https:\/\/vuldb.com\/?id.216252" + "url": "https://vuldb.com/?id.216252", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216252" } ] } diff --git a/2020/36xxx/CVE-2020-36619.json b/2020/36xxx/CVE-2020-36619.json index 1c80628c3c03..fa1b98e2cfe6 100644 --- a/2020/36xxx/CVE-2020-36619.json +++ b/2020/36xxx/CVE-2020-36619.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,22 +57,30 @@ "cvss": { "version": "3.1", "baseScore": "5.5", - "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/EliasOenal\/multimon-ng\/pull\/160" + "url": "https://github.com/EliasOenal/multimon-ng/pull/160", + "refsource": "MISC", + "name": "https://github.com/EliasOenal/multimon-ng/pull/160" }, { - "url": "https:\/\/github.com\/EliasOenal\/multimon-ng\/releases\/tag\/1.2.0" + "url": "https://github.com/EliasOenal/multimon-ng/releases/tag/1.2.0", + "refsource": "MISC", + "name": "https://github.com/EliasOenal/multimon-ng/releases/tag/1.2.0" }, { - "url": "https:\/\/github.com\/EliasOenal\/multimon-ng\/commit\/e5a51c508ef952e81a6da25b43034dd1ed023c07" + "url": "https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07", + "refsource": "MISC", + "name": "https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07" }, { - "url": "https:\/\/vuldb.com\/?id.216269" + "url": "https://vuldb.com/?id.216269", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216269" } ] } diff --git a/2021/4xxx/CVE-2021-4258.json b/2021/4xxx/CVE-2021-4258.json index 48459f459d32..c01f31d7358f 100644 --- a/2021/4xxx/CVE-2021-4258.json +++ b/2021/4xxx/CVE-2021-4258.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.7", - "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/whohas\/whohas\/commit\/667c3e2e9178f15c23d7918b5db25cd0792c8472" + "url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472", + "refsource": "MISC", + "name": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472" }, { - "url": "https:\/\/vuldb.com\/?id.216251" + "url": "https://vuldb.com/?id.216251", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216251" } ] } diff --git a/2021/4xxx/CVE-2021-4259.json b/2021/4xxx/CVE-2021-4259.json index ff7684854fcf..0f822bd28c54 100644 --- a/2021/4xxx/CVE-2021-4259.json +++ b/2021/4xxx/CVE-2021-4259.json @@ -58,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in phpRedisAdmin up to 1.17.3. It has been classified as problematic. This affects the function authHttpDigest of the file includes\/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216267." + "value": "A vulnerability was found in phpRedisAdmin up to 1.17.3. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216267." } ] }, @@ -66,16 +66,20 @@ "cvss": { "version": "3.1", "baseScore": "5.0", - "vectorString": "CVSS:3.1\/AV:A\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/erikdubbelboer\/phpRedisAdmin\/commit\/31aa7661e6db6f4dffbf9a635817832a0a11c7d9" + "url": "https://github.com/erikdubbelboer/phpRedisAdmin/commit/31aa7661e6db6f4dffbf9a635817832a0a11c7d9", + "refsource": "MISC", + "name": "https://github.com/erikdubbelboer/phpRedisAdmin/commit/31aa7661e6db6f4dffbf9a635817832a0a11c7d9" }, { - "url": "https:\/\/vuldb.com\/?id.216267" + "url": "https://vuldb.com/?id.216267", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216267" } ] } diff --git a/2021/4xxx/CVE-2021-4260.json b/2021/4xxx/CVE-2021-4260.json index f23240614e85..780c1a0185a7 100644 --- a/2021/4xxx/CVE-2021-4260.json +++ b/2021/4xxx/CVE-2021-4260.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core\/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268." + "value": "A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/mannyvergel\/oils-js\/commit\/fad8fbae824a7d367dacb90d56cb02c5cb999d42" + "url": "https://github.com/mannyvergel/oils-js/commit/fad8fbae824a7d367dacb90d56cb02c5cb999d42", + "refsource": "MISC", + "name": "https://github.com/mannyvergel/oils-js/commit/fad8fbae824a7d367dacb90d56cb02c5cb999d42" }, { - "url": "https:\/\/vuldb.com\/?id.216268" + "url": "https://vuldb.com/?id.216268", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216268" } ] } diff --git a/2021/4xxx/CVE-2021-4261.json b/2021/4xxx/CVE-2021-4261.json index d4b97bf88252..37739a12b2ab 100644 --- a/2021/4xxx/CVE-2021-4261.json +++ b/2021/4xxx/CVE-2021-4261.json @@ -64,7 +64,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data\/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability." + "value": "A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability." } ] }, @@ -72,19 +72,25 @@ "cvss": { "version": "3.1", "baseScore": "6.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/platzhersh\/pacman-canvas\/commit\/29522c90ca1cebfce6453a5af5a45281d99b0646" + "url": "https://github.com/platzhersh/pacman-canvas/commit/29522c90ca1cebfce6453a5af5a45281d99b0646", + "refsource": "MISC", + "name": "https://github.com/platzhersh/pacman-canvas/commit/29522c90ca1cebfce6453a5af5a45281d99b0646" }, { - "url": "https:\/\/github.com\/platzhersh\/pacman-canvas\/releases\/tag\/1.0.6" + "url": "https://github.com/platzhersh/pacman-canvas/releases/tag/1.0.6", + "refsource": "MISC", + "name": "https://github.com/platzhersh/pacman-canvas/releases/tag/1.0.6" }, { - "url": "https:\/\/vuldb.com\/?id.216270" + "url": "https://vuldb.com/?id.216270", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216270" } ] } diff --git a/2021/4xxx/CVE-2021-4262.json b/2021/4xxx/CVE-2021-4262.json index fd9b1fc30f4d..f29d731b883e 100644 --- a/2021/4xxx/CVE-2021-4262.json +++ b/2021/4xxx/CVE-2021-4262.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src\/Mgallegos\/LaravelJqgrid\/Repositories\/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271." + "value": "A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271." } ] }, @@ -57,19 +57,25 @@ "cvss": { "version": "3.1", "baseScore": "5.5", - "vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/mgallegos\/laravel-jqgrid\/pull\/72" + "url": "https://github.com/mgallegos/laravel-jqgrid/pull/72", + "refsource": "MISC", + "name": "https://github.com/mgallegos/laravel-jqgrid/pull/72" }, { - "url": "https:\/\/github.com\/mgallegos\/laravel-jqgrid\/commit\/fbc2d94f43d0dc772767a5bdb2681133036f935e" + "url": "https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e", + "refsource": "MISC", + "name": "https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e" }, { - "url": "https:\/\/vuldb.com\/?id.216271" + "url": "https://vuldb.com/?id.216271", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216271" } ] } diff --git a/2022/3xxx/CVE-2022-3166.json b/2022/3xxx/CVE-2022-3166.json index 06f8b795f436..c1f1177901fd 100644 --- a/2022/3xxx/CVE-2022-3166.json +++ b/2022/3xxx/CVE-2022-3166.json @@ -92,7 +92,7 @@ "credits": [ { "lang": "en", - "value": "Parul Jajal & Dr Faruk Kazi from Veermata Jijabai Technological Institute" + "value": "Parul Sindhwad and Dr. Faruk Kazi of CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to Rockwell Automation" } ], "impact": { diff --git a/2022/4xxx/CVE-2022-4610.json b/2022/4xxx/CVE-2022-4610.json new file mode 100644 index 000000000000..d653d4543e4f --- /dev/null +++ b/2022/4xxx/CVE-2022-4610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4611.json b/2022/4xxx/CVE-2022-4611.json new file mode 100644 index 000000000000..918fe5ae10b0 --- /dev/null +++ b/2022/4xxx/CVE-2022-4611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4612.json b/2022/4xxx/CVE-2022-4612.json new file mode 100644 index 000000000000..5f593df2861e --- /dev/null +++ b/2022/4xxx/CVE-2022-4612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4613.json b/2022/4xxx/CVE-2022-4613.json new file mode 100644 index 000000000000..6a2b2190b5b8 --- /dev/null +++ b/2022/4xxx/CVE-2022-4613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 931ab9125c1a2df4e95962065f2478b338453fa8 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Mon, 19 Dec 2022 16:02:53 +0100 Subject: [PATCH 124/754] CVE-2022-4610 - CVE-2022-4613 --- 2022/4xxx/CVE-2022-4610.json | 75 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4611.json | 72 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4612.json | 75 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4613.json | 75 ++++++++++++++++++++++++++++++++++-- 4 files changed, 285 insertions(+), 12 deletions(-) diff --git a/2022/4xxx/CVE-2022-4610.json b/2022/4xxx/CVE-2022-4610.json index d653d4543e4f..ed7f0e972abe 100644 --- a/2022/4xxx/CVE-2022-4610.json +++ b/2022/4xxx/CVE-2022-4610.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Click Studios Passwordstate risky encryption", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Click Studios", + "product": { + "product_data": [ + { + "product_name": "Passwordstate", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + }, + { + "product_name": "Passwordstate Browser Extension Chrome", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310 Cryptographic Issues -> CWE-327 Risky Cryptographic Algorithm" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272." + } + ] + }, + "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "1.9", + "vectorString": "CVSS:3.1\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + }, + { + "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + }, + { + "url": "https:\/\/vuldb.com\/?id.216272" } ] } diff --git a/2022/4xxx/CVE-2022-4611.json b/2022/4xxx/CVE-2022-4611.json index 918fe5ae10b0..5db348991e8b 100644 --- a/2022/4xxx/CVE-2022-4611.json +++ b/2022/4xxx/CVE-2022-4611.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Click Studios Passwordstate hard-coded credentials", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Click Studios", + "product": { + "product_data": [ + { + "product_name": "Passwordstate", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + }, + { + "product_name": "Passwordstate Browser Extension Chrome", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255 Credentials Management -> CWE-259 Use of Hard-coded Password -> CWE-798 Hard-coded Credentials" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability." + } + ] + }, + "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + }, + { + "url": "https:\/\/vuldb.com\/?id.216273" } ] } diff --git a/2022/4xxx/CVE-2022-4612.json b/2022/4xxx/CVE-2022-4612.json index 5f593df2861e..1bc564396955 100644 --- a/2022/4xxx/CVE-2022-4612.json +++ b/2022/4xxx/CVE-2022-4612.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Click Studios Passwordstate insufficiently protected credentials", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Click Studios", + "product": { + "product_data": [ + { + "product_name": "Passwordstate", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + }, + { + "product_name": "Passwordstate Browser Extension Chrome", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability." + } + ] + }, + "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + }, + { + "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + }, + { + "url": "https:\/\/vuldb.com\/?id.216274" } ] } diff --git a/2022/4xxx/CVE-2022-4613.json b/2022/4xxx/CVE-2022-4613.json index 6a2b2190b5b8..ba1614d94379 100644 --- a/2022/4xxx/CVE-2022-4613.json +++ b/2022/4xxx/CVE-2022-4613.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "Click Studios Passwordstate Browser Extension Provisioning improper authorization", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Click Studios", + "product": { + "product_data": [ + { + "product_name": "Passwordstate", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + }, + { + "product_name": "Passwordstate Browser Extension Chrome", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266 Incorrect Privilege Assignment -> CWE-285 Improper Authorization" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275." + } + ] + }, + "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.0", + "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + }, + { + "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + }, + { + "url": "https:\/\/vuldb.com\/?id.216275" } ] } From e2276f8dacf663c4d137d0fb4084e4d065e7c6a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 16:00:41 +0000 Subject: [PATCH 125/754] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20180.json | 5 ++ 2021/33xxx/CVE-2021-33640.json | 50 +++++++++++++++- 2022/28xxx/CVE-2022-28173.json | 105 +++++++++++++++++++++++++++++++-- 2022/31xxx/CVE-2022-31683.json | 50 +++++++++++++++- 2022/42xxx/CVE-2022-42945.json | 50 +++++++++++++++- 2022/42xxx/CVE-2022-42946.json | 50 +++++++++++++++- 2022/42xxx/CVE-2022-42947.json | 50 +++++++++++++++- 2022/47xxx/CVE-2022-47512.json | 100 +++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4610.json | 20 ++++--- 2022/4xxx/CVE-2022-4611.json | 16 +++-- 2022/4xxx/CVE-2022-4612.json | 20 ++++--- 2022/4xxx/CVE-2022-4613.json | 20 ++++--- 12 files changed, 482 insertions(+), 54 deletions(-) diff --git a/2019/20xxx/CVE-2019-20180.json b/2019/20xxx/CVE-2019-20180.json index 3c27df9b4510..8e4e4a7c58f4 100644 --- a/2019/20xxx/CVE-2019-20180.json +++ b/2019/20xxx/CVE-2019-20180.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/10016", "url": "https://wpvulndb.com/vulnerabilities/10016" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996", + "url": "https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996" } ] } diff --git a/2021/33xxx/CVE-2021-33640.json b/2021/33xxx/CVE-2021-33640.json index 8776fd795580..098377dade21 100644 --- a/2021/33xxx/CVE-2021-33640.json +++ b/2021/33xxx/CVE-2021-33640.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libtar", + "version": { + "version_data": [ + { + "version_value": "libtar-1.2.20-21 in openEuler 22.03 LTS and libtar-1.2.20-19 in openEuler 20.03 LTS" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar", + "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free)." } ] } diff --git a/2022/28xxx/CVE-2022-28173.json b/2022/28xxx/CVE-2022-28173.json index f952295d311f..114ed97302b5 100644 --- a/2022/28xxx/CVE-2022-28173.json +++ b/2022/28xxx/CVE-2022-28173.json @@ -1,18 +1,111 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "hsrc@hikvision.com", + "DATE_PUBLIC": "2022-12-16T07:00:00.000Z", "ID": "CVE-2022-28173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DS-3WF0AC-2NT", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "V1.1.0", + "version_value": "V1.1.0" + } + ] + } + }, + { + "product_name": "DS-3WF01C-2N/O", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "V1.0.4", + "version_value": "V1.0.4 " + } + ] + } + } + ] + }, + "vendor_name": "hikvision" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Souvik Kandar, Arko Dhar" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/", + "name": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "https://www.hikvision.com/content/dam/hikvision/en/support/cybersecyrity/security-advisory/DS-3WF0AC-2NT_V1.1.0-build220929_EN.bin" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31683.json b/2022/31xxx/CVE-2022-31683.json index 0ddb8f65c6b5..b59b8d2e9f13 100644 --- a/2022/31xxx/CVE-2022-31683.json +++ b/2022/31xxx/CVE-2022-31683.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Concourse", + "version": { + "version_data": [ + { + "version_value": "Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf", + "url": "https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team." } ] } diff --git a/2022/42xxx/CVE-2022-42945.json b/2022/42xxx/CVE-2022-42945.json index 1c47395d625e..b88ff694c4e3 100644 --- a/2022/42xxx/CVE-2022-42945.json +++ b/2022/42xxx/CVE-2022-42945.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "DWG TrueView", + "version": { + "version_data": [ + { + "version_value": "2023" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Search Order Hijacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0024", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0024" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system." } ] } diff --git a/2022/42xxx/CVE-2022-42946.json b/2022/42xxx/CVE-2022-42946.json index cb134dbb1d8d..597e03932fb5 100644 --- a/2022/42xxx/CVE-2022-42946.json +++ b/2022/42xxx/CVE-2022-42946.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Maya", + "version": { + "version_data": [ + { + "version_value": "2023" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process." } ] } diff --git a/2022/42xxx/CVE-2022-42947.json b/2022/42xxx/CVE-2022-42947.json index 2b3ee8cba3b4..4a07ca451c6e 100644 --- a/2022/42xxx/CVE-2022-42947.json +++ b/2022/42xxx/CVE-2022-42947.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Maya", + "version": { + "version_data": [ + { + "version_value": "2023" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution." } ] } diff --git a/2022/47xxx/CVE-2022-47512.json b/2022/47xxx/CVE-2022-47512.json index bff8e50b9dc9..1910bdf16236 100644 --- a/2022/47xxx/CVE-2022-47512.json +++ b/2022/47xxx/CVE-2022-47512.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", + "DATE_PUBLIC": "2022-12-15T19:21:00.000Z", "ID": "CVE-2022-47512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Sensitive Data Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hybrid Cloud Observability (HCO)/ SolarWinds Platform", + "version": { + "version_data": [ + { + "platform": "Windows ", + "version_affected": "=", + "version_name": "SolarWinds ", + "version_value": " 2022.4" + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "SolarWinds would like to thank our Thwack MVP's for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected" } ] + }, + "generator": { + "engine": "vulnogram 0.1.0-rc1" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm", + "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm" + }, + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "SolarWinds has released a Service Release to address this vulnerability in Hybrid Cloud Observability (HCO)/ SolarWinds Platform (2022.4.1) " + } + ], + "source": { + "discovery": "USER" } } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4610.json b/2022/4xxx/CVE-2022-4610.json index ed7f0e972abe..67c1c68b0969 100644 --- a/2022/4xxx/CVE-2022-4610.json +++ b/2022/4xxx/CVE-2022-4610.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -32,7 +32,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -63,24 +63,30 @@ } ] }, - "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker", "impact": { "cvss": { "version": "3.1", "baseScore": "1.9", - "vectorString": "CVSS:3.1\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:N" + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + "url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", + "refsource": "MISC", + "name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html" }, { - "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + "url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf", + "refsource": "MISC", + "name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" }, { - "url": "https:\/\/vuldb.com\/?id.216272" + "url": "https://vuldb.com/?id.216272", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216272" } ] } diff --git a/2022/4xxx/CVE-2022-4611.json b/2022/4xxx/CVE-2022-4611.json index 5db348991e8b..63b025c44f01 100644 --- a/2022/4xxx/CVE-2022-4611.json +++ b/2022/4xxx/CVE-2022-4611.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -32,7 +32,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -63,21 +63,25 @@ } ] }, - "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker", "impact": { "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + "url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", + "refsource": "MISC", + "name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html" }, { - "url": "https:\/\/vuldb.com\/?id.216273" + "url": "https://vuldb.com/?id.216273", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216273" } ] } diff --git a/2022/4xxx/CVE-2022-4612.json b/2022/4xxx/CVE-2022-4612.json index 1bc564396955..7247d4efc573 100644 --- a/2022/4xxx/CVE-2022-4612.json +++ b/2022/4xxx/CVE-2022-4612.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -32,7 +32,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -63,24 +63,30 @@ } ] }, - "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker", "impact": { "cvss": { "version": "3.1", "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + "url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", + "refsource": "MISC", + "name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html" }, { - "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + "url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf", + "refsource": "MISC", + "name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" }, { - "url": "https:\/\/vuldb.com\/?id.216274" + "url": "https://vuldb.com/?id.216274", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216274" } ] } diff --git a/2022/4xxx/CVE-2022-4613.json b/2022/4xxx/CVE-2022-4613.json index ba1614d94379..32dce1751aac 100644 --- a/2022/4xxx/CVE-2022-4613.json +++ b/2022/4xxx/CVE-2022-4613.json @@ -22,7 +22,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -32,7 +32,7 @@ "version": { "version_data": [ { - "version_value": "n\/a" + "version_value": "n/a" } ] } @@ -63,24 +63,30 @@ } ] }, - "credit": "Constantin M\u00fcller\/Jan Benninger\/Pascal Zenker", + "credit": "Constantin M\u00fcller/Jan Benninger/Pascal Zenker", "impact": { "cvss": { "version": "3.1", "baseScore": "5.0", - "vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L" + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } }, "references": { "reference_data": [ { - "url": "https:\/\/modzero.com\/modlog\/archives\/2022\/12\/19\/better_make_sure_your_password_manager_is_secure\/index.html" + "url": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html", + "refsource": "MISC", + "name": "https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html" }, { - "url": "https:\/\/www.modzero.com\/static\/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" + "url": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf", + "refsource": "MISC", + "name": "https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf" }, { - "url": "https:\/\/vuldb.com\/?id.216275" + "url": "https://vuldb.com/?id.216275", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216275" } ] } From 4fde82cf325bc6db29288d408599a877d77ad972 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 17:00:40 +0000 Subject: [PATCH 126/754] "-Synchronized-Data." --- 2022/40xxx/CVE-2022-40435.json | 66 +++++++++++++++++++++++--- 2022/45xxx/CVE-2022-45046.json | 87 +++------------------------------- 2022/47xxx/CVE-2022-47553.json | 18 +++++++ 2022/47xxx/CVE-2022-47554.json | 18 +++++++ 2022/47xxx/CVE-2022-47555.json | 18 +++++++ 2022/47xxx/CVE-2022-47556.json | 18 +++++++ 2022/47xxx/CVE-2022-47557.json | 18 +++++++ 2022/47xxx/CVE-2022-47558.json | 18 +++++++ 2022/47xxx/CVE-2022-47559.json | 18 +++++++ 2022/47xxx/CVE-2022-47560.json | 18 +++++++ 2022/47xxx/CVE-2022-47561.json | 18 +++++++ 2022/47xxx/CVE-2022-47562.json | 18 +++++++ 2022/47xxx/CVE-2022-47563.json | 18 +++++++ 2022/47xxx/CVE-2022-47564.json | 18 +++++++ 2022/47xxx/CVE-2022-47565.json | 18 +++++++ 2022/47xxx/CVE-2022-47566.json | 18 +++++++ 2022/47xxx/CVE-2022-47567.json | 18 +++++++ 2022/47xxx/CVE-2022-47568.json | 18 +++++++ 2022/47xxx/CVE-2022-47569.json | 18 +++++++ 2022/47xxx/CVE-2022-47570.json | 18 +++++++ 2022/47xxx/CVE-2022-47571.json | 18 +++++++ 2022/47xxx/CVE-2022-47572.json | 18 +++++++ 2022/47xxx/CVE-2022-47573.json | 18 +++++++ 2022/47xxx/CVE-2022-47574.json | 18 +++++++ 2022/47xxx/CVE-2022-47575.json | 18 +++++++ 2022/47xxx/CVE-2022-47576.json | 18 +++++++ 2023/22xxx/CVE-2023-22224.json | 18 +++++++ 2023/22xxx/CVE-2023-22225.json | 18 +++++++ 28 files changed, 534 insertions(+), 87 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47553.json create mode 100644 2022/47xxx/CVE-2022-47554.json create mode 100644 2022/47xxx/CVE-2022-47555.json create mode 100644 2022/47xxx/CVE-2022-47556.json create mode 100644 2022/47xxx/CVE-2022-47557.json create mode 100644 2022/47xxx/CVE-2022-47558.json create mode 100644 2022/47xxx/CVE-2022-47559.json create mode 100644 2022/47xxx/CVE-2022-47560.json create mode 100644 2022/47xxx/CVE-2022-47561.json create mode 100644 2022/47xxx/CVE-2022-47562.json create mode 100644 2022/47xxx/CVE-2022-47563.json create mode 100644 2022/47xxx/CVE-2022-47564.json create mode 100644 2022/47xxx/CVE-2022-47565.json create mode 100644 2022/47xxx/CVE-2022-47566.json create mode 100644 2022/47xxx/CVE-2022-47567.json create mode 100644 2022/47xxx/CVE-2022-47568.json create mode 100644 2022/47xxx/CVE-2022-47569.json create mode 100644 2022/47xxx/CVE-2022-47570.json create mode 100644 2022/47xxx/CVE-2022-47571.json create mode 100644 2022/47xxx/CVE-2022-47572.json create mode 100644 2022/47xxx/CVE-2022-47573.json create mode 100644 2022/47xxx/CVE-2022-47574.json create mode 100644 2022/47xxx/CVE-2022-47575.json create mode 100644 2022/47xxx/CVE-2022-47576.json create mode 100644 2023/22xxx/CVE-2023-22224.json create mode 100644 2023/22xxx/CVE-2023-22225.json diff --git a/2022/40xxx/CVE-2022-40435.json b/2022/40xxx/CVE-2022-40435.json index b460ee637f81..416a77aa73f1 100644 --- a/2022/40xxx/CVE-2022-40435.json +++ b/2022/40xxx/CVE-2022-40435.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://employee.com", + "refsource": "MISC", + "name": "http://employee.com" + }, + { + "url": "https://www.sourcecodester.com", + "refsource": "MISC", + "name": "https://www.sourcecodester.com" + }, + { + "refsource": "MISC", + "name": "https://isaghojaria.medium.com/employee-performance-evaluation-system-v1-0-fdf7eb5eaf92", + "url": "https://isaghojaria.medium.com/employee-performance-evaluation-system-v1-0-fdf7eb5eaf92" } ] } diff --git a/2022/45xxx/CVE-2022-45046.json b/2022/45xxx/CVE-2022-45046.json index dadec6a8e2da..3984e4717b19 100644 --- a/2022/45xxx/CVE-2022-45046.json +++ b/2022/45xxx/CVE-2022-45046.json @@ -1,93 +1,18 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@apache.org", "ID": "CVE-2022-45046", - "STATE": "PUBLIC", - "TITLE": "Apache Camel-LDAP allows LDAP injection when using the filter option" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apache Camel", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "Apache Camel", - "version_value": "3.14.6" - }, - { - "version_affected": "<", - "version_name": "Apache Camel", - "version_value": "3.18.4" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } + "ASSIGNER": "security@apache.org", + "STATE": "REJECT" }, - "credit": [ - { - "lang": "eng", - "value": "Apache Camel would like to thank 4ra1n from Chaitin Tech" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4." - } - ] - }, - "generator": { - "engine": "vulnogram 0.1.0-rc1" - }, - "impact": [ - {} - ], - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "LDAP injection" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://camel.apache.org/security/CVE-2022-45046.html", - "name": "https://camel.apache.org/security/CVE-2022-45046.html" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20221205 CVE-2022-45046: Apache Camel: LDAP Injection in Camel-LDAP", - "url": "http://www.openwall.com/lists/oss-security/2022/12/05/2" + "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] - }, - "source": { - "defect": [ - "CAMEL-18696" - ], - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47553.json b/2022/47xxx/CVE-2022-47553.json new file mode 100644 index 000000000000..3793ffee0a7c --- /dev/null +++ b/2022/47xxx/CVE-2022-47553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47554.json b/2022/47xxx/CVE-2022-47554.json new file mode 100644 index 000000000000..ae177ce2b6c1 --- /dev/null +++ b/2022/47xxx/CVE-2022-47554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47555.json b/2022/47xxx/CVE-2022-47555.json new file mode 100644 index 000000000000..e6297ad4867d --- /dev/null +++ b/2022/47xxx/CVE-2022-47555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47555", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47556.json b/2022/47xxx/CVE-2022-47556.json new file mode 100644 index 000000000000..67a39471a949 --- /dev/null +++ b/2022/47xxx/CVE-2022-47556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47557.json b/2022/47xxx/CVE-2022-47557.json new file mode 100644 index 000000000000..28b5230accb2 --- /dev/null +++ b/2022/47xxx/CVE-2022-47557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47558.json b/2022/47xxx/CVE-2022-47558.json new file mode 100644 index 000000000000..b914a665ddf1 --- /dev/null +++ b/2022/47xxx/CVE-2022-47558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47559.json b/2022/47xxx/CVE-2022-47559.json new file mode 100644 index 000000000000..040a373ac636 --- /dev/null +++ b/2022/47xxx/CVE-2022-47559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47560.json b/2022/47xxx/CVE-2022-47560.json new file mode 100644 index 000000000000..83842838d278 --- /dev/null +++ b/2022/47xxx/CVE-2022-47560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47561.json b/2022/47xxx/CVE-2022-47561.json new file mode 100644 index 000000000000..c3e911cc4190 --- /dev/null +++ b/2022/47xxx/CVE-2022-47561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47562.json b/2022/47xxx/CVE-2022-47562.json new file mode 100644 index 000000000000..3f6173c79717 --- /dev/null +++ b/2022/47xxx/CVE-2022-47562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47563.json b/2022/47xxx/CVE-2022-47563.json new file mode 100644 index 000000000000..b1f4939586f5 --- /dev/null +++ b/2022/47xxx/CVE-2022-47563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47564.json b/2022/47xxx/CVE-2022-47564.json new file mode 100644 index 000000000000..ab4671fc3da8 --- /dev/null +++ b/2022/47xxx/CVE-2022-47564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47565.json b/2022/47xxx/CVE-2022-47565.json new file mode 100644 index 000000000000..e6d239f7deca --- /dev/null +++ b/2022/47xxx/CVE-2022-47565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47566.json b/2022/47xxx/CVE-2022-47566.json new file mode 100644 index 000000000000..ba28e74567f2 --- /dev/null +++ b/2022/47xxx/CVE-2022-47566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47567.json b/2022/47xxx/CVE-2022-47567.json new file mode 100644 index 000000000000..f8bc08dc4325 --- /dev/null +++ b/2022/47xxx/CVE-2022-47567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47568.json b/2022/47xxx/CVE-2022-47568.json new file mode 100644 index 000000000000..697dbab46fc8 --- /dev/null +++ b/2022/47xxx/CVE-2022-47568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47569.json b/2022/47xxx/CVE-2022-47569.json new file mode 100644 index 000000000000..862d8f7a740e --- /dev/null +++ b/2022/47xxx/CVE-2022-47569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47570.json b/2022/47xxx/CVE-2022-47570.json new file mode 100644 index 000000000000..dd34bcbfe80c --- /dev/null +++ b/2022/47xxx/CVE-2022-47570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47571.json b/2022/47xxx/CVE-2022-47571.json new file mode 100644 index 000000000000..7427e1249a23 --- /dev/null +++ b/2022/47xxx/CVE-2022-47571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47572.json b/2022/47xxx/CVE-2022-47572.json new file mode 100644 index 000000000000..6732d94364ce --- /dev/null +++ b/2022/47xxx/CVE-2022-47572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47573.json b/2022/47xxx/CVE-2022-47573.json new file mode 100644 index 000000000000..4809fc700e27 --- /dev/null +++ b/2022/47xxx/CVE-2022-47573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47574.json b/2022/47xxx/CVE-2022-47574.json new file mode 100644 index 000000000000..f0c7a422f065 --- /dev/null +++ b/2022/47xxx/CVE-2022-47574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47575.json b/2022/47xxx/CVE-2022-47575.json new file mode 100644 index 000000000000..a3d66ac25c75 --- /dev/null +++ b/2022/47xxx/CVE-2022-47575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47576.json b/2022/47xxx/CVE-2022-47576.json new file mode 100644 index 000000000000..fe855bd3af71 --- /dev/null +++ b/2022/47xxx/CVE-2022-47576.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47576", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22224.json b/2023/22xxx/CVE-2023-22224.json new file mode 100644 index 000000000000..a262f5f7d640 --- /dev/null +++ b/2023/22xxx/CVE-2023-22224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22225.json b/2023/22xxx/CVE-2023-22225.json new file mode 100644 index 000000000000..7067f114ed82 --- /dev/null +++ b/2023/22xxx/CVE-2023-22225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 9f9a0a9fdab4db6fa79b2ea985d78759bf6bc2f5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 18:00:41 +0000 Subject: [PATCH 127/754] "-Synchronized-Data." --- 2022/43xxx/CVE-2022-43289.json | 61 ++++++++++++++++++++++++++++++---- 2023/22xxx/CVE-2023-22226.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22227.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22228.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22229.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22230.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22231.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22232.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22233.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22234.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22235.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22236.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22237.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22238.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22239.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22240.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22241.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22242.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22243.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22244.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22245.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22246.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22247.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22248.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22249.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22250.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22251.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22252.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22253.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22254.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22255.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22256.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22257.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22258.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22259.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22260.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22261.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22262.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22263.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22264.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22265.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22266.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22267.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22268.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22269.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22270.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22271.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22272.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22273.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22274.json | 18 ++++++++++ 2023/22xxx/CVE-2023-22275.json | 18 ++++++++++ 51 files changed, 955 insertions(+), 6 deletions(-) create mode 100644 2023/22xxx/CVE-2023-22226.json create mode 100644 2023/22xxx/CVE-2023-22227.json create mode 100644 2023/22xxx/CVE-2023-22228.json create mode 100644 2023/22xxx/CVE-2023-22229.json create mode 100644 2023/22xxx/CVE-2023-22230.json create mode 100644 2023/22xxx/CVE-2023-22231.json create mode 100644 2023/22xxx/CVE-2023-22232.json create mode 100644 2023/22xxx/CVE-2023-22233.json create mode 100644 2023/22xxx/CVE-2023-22234.json create mode 100644 2023/22xxx/CVE-2023-22235.json create mode 100644 2023/22xxx/CVE-2023-22236.json create mode 100644 2023/22xxx/CVE-2023-22237.json create mode 100644 2023/22xxx/CVE-2023-22238.json create mode 100644 2023/22xxx/CVE-2023-22239.json create mode 100644 2023/22xxx/CVE-2023-22240.json create mode 100644 2023/22xxx/CVE-2023-22241.json create mode 100644 2023/22xxx/CVE-2023-22242.json create mode 100644 2023/22xxx/CVE-2023-22243.json create mode 100644 2023/22xxx/CVE-2023-22244.json create mode 100644 2023/22xxx/CVE-2023-22245.json create mode 100644 2023/22xxx/CVE-2023-22246.json create mode 100644 2023/22xxx/CVE-2023-22247.json create mode 100644 2023/22xxx/CVE-2023-22248.json create mode 100644 2023/22xxx/CVE-2023-22249.json create mode 100644 2023/22xxx/CVE-2023-22250.json create mode 100644 2023/22xxx/CVE-2023-22251.json create mode 100644 2023/22xxx/CVE-2023-22252.json create mode 100644 2023/22xxx/CVE-2023-22253.json create mode 100644 2023/22xxx/CVE-2023-22254.json create mode 100644 2023/22xxx/CVE-2023-22255.json create mode 100644 2023/22xxx/CVE-2023-22256.json create mode 100644 2023/22xxx/CVE-2023-22257.json create mode 100644 2023/22xxx/CVE-2023-22258.json create mode 100644 2023/22xxx/CVE-2023-22259.json create mode 100644 2023/22xxx/CVE-2023-22260.json create mode 100644 2023/22xxx/CVE-2023-22261.json create mode 100644 2023/22xxx/CVE-2023-22262.json create mode 100644 2023/22xxx/CVE-2023-22263.json create mode 100644 2023/22xxx/CVE-2023-22264.json create mode 100644 2023/22xxx/CVE-2023-22265.json create mode 100644 2023/22xxx/CVE-2023-22266.json create mode 100644 2023/22xxx/CVE-2023-22267.json create mode 100644 2023/22xxx/CVE-2023-22268.json create mode 100644 2023/22xxx/CVE-2023-22269.json create mode 100644 2023/22xxx/CVE-2023-22270.json create mode 100644 2023/22xxx/CVE-2023-22271.json create mode 100644 2023/22xxx/CVE-2023-22272.json create mode 100644 2023/22xxx/CVE-2023-22273.json create mode 100644 2023/22xxx/CVE-2023-22274.json create mode 100644 2023/22xxx/CVE-2023-22275.json diff --git a/2022/43xxx/CVE-2022-43289.json b/2022/43xxx/CVE-2022-43289.json index 561d0ec8373d..78bc194382f4 100644 --- a/2022/43xxx/CVE-2022-43289.json +++ b/2022/43xxx/CVE-2022-43289.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43289", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43289", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jsummers/deark/issues/52", + "refsource": "MISC", + "name": "https://github.com/jsummers/deark/issues/52" + }, + { + "url": "https://github.com/jsummers/deark", + "refsource": "MISC", + "name": "https://github.com/jsummers/deark" } ] } diff --git a/2023/22xxx/CVE-2023-22226.json b/2023/22xxx/CVE-2023-22226.json new file mode 100644 index 000000000000..f8a854ef8eb7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22227.json b/2023/22xxx/CVE-2023-22227.json new file mode 100644 index 000000000000..5639134072f4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22228.json b/2023/22xxx/CVE-2023-22228.json new file mode 100644 index 000000000000..39b7362821a9 --- /dev/null +++ b/2023/22xxx/CVE-2023-22228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22229.json b/2023/22xxx/CVE-2023-22229.json new file mode 100644 index 000000000000..1e72ed880a6b --- /dev/null +++ b/2023/22xxx/CVE-2023-22229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22230.json b/2023/22xxx/CVE-2023-22230.json new file mode 100644 index 000000000000..1f86fadfb990 --- /dev/null +++ b/2023/22xxx/CVE-2023-22230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22231.json b/2023/22xxx/CVE-2023-22231.json new file mode 100644 index 000000000000..07a0032350c6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22231.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22231", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22232.json b/2023/22xxx/CVE-2023-22232.json new file mode 100644 index 000000000000..e4e98bf334fc --- /dev/null +++ b/2023/22xxx/CVE-2023-22232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22233.json b/2023/22xxx/CVE-2023-22233.json new file mode 100644 index 000000000000..9df080bfbdda --- /dev/null +++ b/2023/22xxx/CVE-2023-22233.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22233", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22234.json b/2023/22xxx/CVE-2023-22234.json new file mode 100644 index 000000000000..b239aa6708f0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22234.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22234", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22235.json b/2023/22xxx/CVE-2023-22235.json new file mode 100644 index 000000000000..2a3113a605b8 --- /dev/null +++ b/2023/22xxx/CVE-2023-22235.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22235", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22236.json b/2023/22xxx/CVE-2023-22236.json new file mode 100644 index 000000000000..bdc418913e06 --- /dev/null +++ b/2023/22xxx/CVE-2023-22236.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22236", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22237.json b/2023/22xxx/CVE-2023-22237.json new file mode 100644 index 000000000000..d323a78101a0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22237.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22237", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22238.json b/2023/22xxx/CVE-2023-22238.json new file mode 100644 index 000000000000..86d92098a6d0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22238.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22238", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22239.json b/2023/22xxx/CVE-2023-22239.json new file mode 100644 index 000000000000..98df40245ee3 --- /dev/null +++ b/2023/22xxx/CVE-2023-22239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22240.json b/2023/22xxx/CVE-2023-22240.json new file mode 100644 index 000000000000..9be1b12316fb --- /dev/null +++ b/2023/22xxx/CVE-2023-22240.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22240", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22241.json b/2023/22xxx/CVE-2023-22241.json new file mode 100644 index 000000000000..b86760c47d74 --- /dev/null +++ b/2023/22xxx/CVE-2023-22241.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22241", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22242.json b/2023/22xxx/CVE-2023-22242.json new file mode 100644 index 000000000000..d335ba98a1d4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22243.json b/2023/22xxx/CVE-2023-22243.json new file mode 100644 index 000000000000..dd5ea30e80b6 --- /dev/null +++ b/2023/22xxx/CVE-2023-22243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22244.json b/2023/22xxx/CVE-2023-22244.json new file mode 100644 index 000000000000..bdd88fdd109b --- /dev/null +++ b/2023/22xxx/CVE-2023-22244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22245.json b/2023/22xxx/CVE-2023-22245.json new file mode 100644 index 000000000000..77118aa0d2f0 --- /dev/null +++ b/2023/22xxx/CVE-2023-22245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22246.json b/2023/22xxx/CVE-2023-22246.json new file mode 100644 index 000000000000..3b65e188d116 --- /dev/null +++ b/2023/22xxx/CVE-2023-22246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22247.json b/2023/22xxx/CVE-2023-22247.json new file mode 100644 index 000000000000..bc04df1658a7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22248.json b/2023/22xxx/CVE-2023-22248.json new file mode 100644 index 000000000000..975bed0691b7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22249.json b/2023/22xxx/CVE-2023-22249.json new file mode 100644 index 000000000000..0414756f4c15 --- /dev/null +++ b/2023/22xxx/CVE-2023-22249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22250.json b/2023/22xxx/CVE-2023-22250.json new file mode 100644 index 000000000000..77524f877a01 --- /dev/null +++ b/2023/22xxx/CVE-2023-22250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22251.json b/2023/22xxx/CVE-2023-22251.json new file mode 100644 index 000000000000..0b30eddb5318 --- /dev/null +++ b/2023/22xxx/CVE-2023-22251.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22251", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22252.json b/2023/22xxx/CVE-2023-22252.json new file mode 100644 index 000000000000..19d73a8b19de --- /dev/null +++ b/2023/22xxx/CVE-2023-22252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22253.json b/2023/22xxx/CVE-2023-22253.json new file mode 100644 index 000000000000..d70384467eb7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22254.json b/2023/22xxx/CVE-2023-22254.json new file mode 100644 index 000000000000..d74966d9e33d --- /dev/null +++ b/2023/22xxx/CVE-2023-22254.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22254", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22255.json b/2023/22xxx/CVE-2023-22255.json new file mode 100644 index 000000000000..c5d50e2c01f7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22256.json b/2023/22xxx/CVE-2023-22256.json new file mode 100644 index 000000000000..ee67a963f4c4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22257.json b/2023/22xxx/CVE-2023-22257.json new file mode 100644 index 000000000000..dddd135cc725 --- /dev/null +++ b/2023/22xxx/CVE-2023-22257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22258.json b/2023/22xxx/CVE-2023-22258.json new file mode 100644 index 000000000000..09294ccc785c --- /dev/null +++ b/2023/22xxx/CVE-2023-22258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22259.json b/2023/22xxx/CVE-2023-22259.json new file mode 100644 index 000000000000..7aca95beedb8 --- /dev/null +++ b/2023/22xxx/CVE-2023-22259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22260.json b/2023/22xxx/CVE-2023-22260.json new file mode 100644 index 000000000000..911a6d2191f8 --- /dev/null +++ b/2023/22xxx/CVE-2023-22260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22261.json b/2023/22xxx/CVE-2023-22261.json new file mode 100644 index 000000000000..a1fdcc39e16b --- /dev/null +++ b/2023/22xxx/CVE-2023-22261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22262.json b/2023/22xxx/CVE-2023-22262.json new file mode 100644 index 000000000000..e512b2e42d3f --- /dev/null +++ b/2023/22xxx/CVE-2023-22262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22263.json b/2023/22xxx/CVE-2023-22263.json new file mode 100644 index 000000000000..aa9d07461d87 --- /dev/null +++ b/2023/22xxx/CVE-2023-22263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22264.json b/2023/22xxx/CVE-2023-22264.json new file mode 100644 index 000000000000..ad4deb3abc6d --- /dev/null +++ b/2023/22xxx/CVE-2023-22264.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22264", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22265.json b/2023/22xxx/CVE-2023-22265.json new file mode 100644 index 000000000000..07612230bcf4 --- /dev/null +++ b/2023/22xxx/CVE-2023-22265.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22265", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22266.json b/2023/22xxx/CVE-2023-22266.json new file mode 100644 index 000000000000..6dc043cc2f36 --- /dev/null +++ b/2023/22xxx/CVE-2023-22266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22267.json b/2023/22xxx/CVE-2023-22267.json new file mode 100644 index 000000000000..5f527bc9f2ca --- /dev/null +++ b/2023/22xxx/CVE-2023-22267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22268.json b/2023/22xxx/CVE-2023-22268.json new file mode 100644 index 000000000000..752417333553 --- /dev/null +++ b/2023/22xxx/CVE-2023-22268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22269.json b/2023/22xxx/CVE-2023-22269.json new file mode 100644 index 000000000000..76114b41265b --- /dev/null +++ b/2023/22xxx/CVE-2023-22269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22270.json b/2023/22xxx/CVE-2023-22270.json new file mode 100644 index 000000000000..a6f36f622eaa --- /dev/null +++ b/2023/22xxx/CVE-2023-22270.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22270", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22271.json b/2023/22xxx/CVE-2023-22271.json new file mode 100644 index 000000000000..24ae669f1933 --- /dev/null +++ b/2023/22xxx/CVE-2023-22271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22272.json b/2023/22xxx/CVE-2023-22272.json new file mode 100644 index 000000000000..e8fd1a2bc46d --- /dev/null +++ b/2023/22xxx/CVE-2023-22272.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22272", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22273.json b/2023/22xxx/CVE-2023-22273.json new file mode 100644 index 000000000000..93c8aa937961 --- /dev/null +++ b/2023/22xxx/CVE-2023-22273.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22273", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22274.json b/2023/22xxx/CVE-2023-22274.json new file mode 100644 index 000000000000..e2010d010d1f --- /dev/null +++ b/2023/22xxx/CVE-2023-22274.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22274", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22275.json b/2023/22xxx/CVE-2023-22275.json new file mode 100644 index 000000000000..ef1cbbd8de28 --- /dev/null +++ b/2023/22xxx/CVE-2023-22275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From a08b6fbde0ba8ca0306c2cde406500a41962c3bc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 20:00:38 +0000 Subject: [PATCH 128/754] "-Synchronized-Data." --- 2022/30xxx/CVE-2022-30679.json | 90 +++++++++++++++++++++++++++++++--- 2022/35xxx/CVE-2022-35693.json | 90 +++++++++++++++++++++++++++++++--- 2022/35xxx/CVE-2022-35695.json | 90 +++++++++++++++++++++++++++++++--- 2022/3xxx/CVE-2022-3775.json | 50 +++++++++++++++++-- 2022/40xxx/CVE-2022-40607.json | 83 +++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41418.json | 66 ++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42345.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42346.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42348.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42349.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42350.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42352.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42354.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42356.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42357.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42362.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42364.json | 90 +++++++++++++++++++++++++++++++--- 2022/42xxx/CVE-2022-42365.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44463.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44465.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44466.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44467.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44470.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44471.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44474.json | 90 +++++++++++++++++++++++++++++++--- 2022/44xxx/CVE-2022-44488.json | 90 +++++++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4614.json | 18 +++++++ 2022/4xxx/CVE-2022-4615.json | 18 +++++++ 2022/4xxx/CVE-2022-4616.json | 18 +++++++ 29 files changed, 2172 insertions(+), 151 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4614.json create mode 100644 2022/4xxx/CVE-2022-4615.json create mode 100644 2022/4xxx/CVE-2022-4616.json diff --git a/2022/30xxx/CVE-2022-30679.json b/2022/30xxx/CVE-2022-30679.json index a5a6934c0519..1f6d1c604a26 100644 --- a/2022/30xxx/CVE-2022-30679.json +++ b/2022/30xxx/CVE-2022-30679.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-30679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35693.json b/2022/35xxx/CVE-2022-35693.json index 57b884a33e32..bbc2fdccf859 100644 --- a/2022/35xxx/CVE-2022-35693.json +++ b/2022/35xxx/CVE-2022-35693.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-35693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35695.json b/2022/35xxx/CVE-2022-35695.json index 493aba0a9136..ba0a1438dd29 100644 --- a/2022/35xxx/CVE-2022-35695.json +++ b/2022/35xxx/CVE-2022-35695.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-35695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3775.json b/2022/3xxx/CVE-2022-3775.json index 0178c799cd58..bc968268c089 100644 --- a/2022/3xxx/CVE-2022-3775.json +++ b/2022/3xxx/CVE-2022-3775.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "grub2", + "version": { + "version_data": [ + { + "version_value": "All up to 2.06" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2022-3775", + "url": "https://access.redhat.com/security/cve/cve-2022-3775" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded." } ] } diff --git a/2022/40xxx/CVE-2022-40607.json b/2022/40xxx/CVE-2022-40607.json index 621eb3eaf966..42e4f2b6c1c5 100644 --- a/2022/40xxx/CVE-2022-40607.json +++ b/2022/40xxx/CVE-2022-40607.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Scale", + "version": { + "version_data": [ + { + "version_value": "5.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6848231", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6848231" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235740" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/41xxx/CVE-2022-41418.json b/2022/41xxx/CVE-2022-41418.json index 3b94c842e732..b53ac9ccd07b 100644 --- a/2022/41xxx/CVE-2022-41418.json +++ b/2022/41xxx/CVE-2022-41418.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41418", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41418", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/BlogEngine/BlogEngine.NET/commit/7f927567db94462ffd37e128c0a53c11c1f81a8d", + "refsource": "MISC", + "name": "https://github.com/BlogEngine/BlogEngine.NET/commit/7f927567db94462ffd37e128c0a53c11c1f81a8d" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95", + "url": "https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95" + }, + { + "url": "https://gist.github.com/tree-chtsec/a02258bb6dea0d16e7e631898c066e05", + "refsource": "MISC", + "name": "https://gist.github.com/tree-chtsec/a02258bb6dea0d16e7e631898c066e05" } ] } diff --git a/2022/42xxx/CVE-2022-42345.json b/2022/42xxx/CVE-2022-42345.json index 0be72c9677c2..b4a88ff059d1 100644 --- a/2022/42xxx/CVE-2022-42345.json +++ b/2022/42xxx/CVE-2022-42345.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42345", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42346.json b/2022/42xxx/CVE-2022-42346.json index 57ae0768a6c0..a475fe47c921 100644 --- a/2022/42xxx/CVE-2022-42346.json +++ b/2022/42xxx/CVE-2022-42346.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42348.json b/2022/42xxx/CVE-2022-42348.json index ed30106b964b..495ec902c050 100644 --- a/2022/42xxx/CVE-2022-42348.json +++ b/2022/42xxx/CVE-2022-42348.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42348", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42349.json b/2022/42xxx/CVE-2022-42349.json index 2d69db39629d..cef8611eb0ef 100644 --- a/2022/42xxx/CVE-2022-42349.json +++ b/2022/42xxx/CVE-2022-42349.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42349", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42350.json b/2022/42xxx/CVE-2022-42350.json index 80f756340ade..4365e9c73fc1 100644 --- a/2022/42xxx/CVE-2022-42350.json +++ b/2022/42xxx/CVE-2022-42350.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42350", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42352.json b/2022/42xxx/CVE-2022-42352.json index c23649e3b670..b8d9f7dbcd34 100644 --- a/2022/42xxx/CVE-2022-42352.json +++ b/2022/42xxx/CVE-2022-42352.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42354.json b/2022/42xxx/CVE-2022-42354.json index f2fa4482ac0e..1a21edbb19ca 100644 --- a/2022/42xxx/CVE-2022-42354.json +++ b/2022/42xxx/CVE-2022-42354.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42356.json b/2022/42xxx/CVE-2022-42356.json index 7a1ce427689e..a869248abf28 100644 --- a/2022/42xxx/CVE-2022-42356.json +++ b/2022/42xxx/CVE-2022-42356.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42357.json b/2022/42xxx/CVE-2022-42357.json index a2fb6fa72cad..018eb2807598 100644 --- a/2022/42xxx/CVE-2022-42357.json +++ b/2022/42xxx/CVE-2022-42357.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42362.json b/2022/42xxx/CVE-2022-42362.json index c91a8af88cbe..381193dc810a 100644 --- a/2022/42xxx/CVE-2022-42362.json +++ b/2022/42xxx/CVE-2022-42362.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42364.json b/2022/42xxx/CVE-2022-42364.json index 32e2dd688058..7f21022cba5c 100644 --- a/2022/42xxx/CVE-2022-42364.json +++ b/2022/42xxx/CVE-2022-42364.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/42xxx/CVE-2022-42365.json b/2022/42xxx/CVE-2022-42365.json index cf733fa48b7d..db8d9adba72a 100644 --- a/2022/42xxx/CVE-2022-42365.json +++ b/2022/42xxx/CVE-2022-42365.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-42365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44463.json b/2022/44xxx/CVE-2022-44463.json index 6ff148efc14a..a86114fd89ed 100644 --- a/2022/44xxx/CVE-2022-44463.json +++ b/2022/44xxx/CVE-2022-44463.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44465.json b/2022/44xxx/CVE-2022-44465.json index 2d2c25e9819a..2f60bd50a93f 100644 --- a/2022/44xxx/CVE-2022-44465.json +++ b/2022/44xxx/CVE-2022-44465.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44466.json b/2022/44xxx/CVE-2022-44466.json index c4eff765e6a7..2359ada7dfde 100644 --- a/2022/44xxx/CVE-2022-44466.json +++ b/2022/44xxx/CVE-2022-44466.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44467.json b/2022/44xxx/CVE-2022-44467.json index 200727bb6171..537e606ad4da 100644 --- a/2022/44xxx/CVE-2022-44467.json +++ b/2022/44xxx/CVE-2022-44467.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44470.json b/2022/44xxx/CVE-2022-44470.json index 62604370ef8a..6f4e0340591e 100644 --- a/2022/44xxx/CVE-2022-44470.json +++ b/2022/44xxx/CVE-2022-44470.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44471.json b/2022/44xxx/CVE-2022-44471.json index c1bfd2ceffc1..86f9a699e730 100644 --- a/2022/44xxx/CVE-2022-44471.json +++ b/2022/44xxx/CVE-2022-44471.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44471", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44474.json b/2022/44xxx/CVE-2022-44474.json index 7c647f39a48a..433a95a032a5 100644 --- a/2022/44xxx/CVE-2022-44474.json +++ b/2022/44xxx/CVE-2022-44474.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM Reflected XSS Arbitrary code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (Reflected XSS) (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44488.json b/2022/44xxx/CVE-2022-44488.json index a84bdd3ea923..149de81f1ac2 100644 --- a/2022/44xxx/CVE-2022-44488.json +++ b/2022/44xxx/CVE-2022-44488.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2022-12-13T23:00:00.000Z", "ID": "CVE-2022-44488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AEM URL Redirection to Untrusted Site Security feature bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.14.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 3.5, + "baseSeverity": "Low", + "confidentialityImpact": "None", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4614.json b/2022/4xxx/CVE-2022-4614.json new file mode 100644 index 000000000000..44bbd4909883 --- /dev/null +++ b/2022/4xxx/CVE-2022-4614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4615.json b/2022/4xxx/CVE-2022-4615.json new file mode 100644 index 000000000000..1e8c8e186574 --- /dev/null +++ b/2022/4xxx/CVE-2022-4615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4616.json b/2022/4xxx/CVE-2022-4616.json new file mode 100644 index 000000000000..db9eb22c5982 --- /dev/null +++ b/2022/4xxx/CVE-2022-4616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 7d019ed78bbdc5cff8aebe803c063d7a42201b7a Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Mon, 19 Dec 2022 12:03:22 -0800 Subject: [PATCH 129/754] 8b429330-3096-4fe4-85e0-1a9143e4dca5 --- 2022/4xxx/CVE-2022-4614.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4614.json b/2022/4xxx/CVE-2022-4614.json index 44bbd4909883..f97fcc0ad871 100644 --- a/2022/4xxx/CVE-2022-4614.json +++ b/2022/4xxx/CVE-2022-4614.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4614", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in alagrede/znote-app" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "alagrede/znote-app", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.7.11" + } + ] + } + } + ] + }, + "vendor_name": "alagrede" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/8b429330-3096-4fe4-85e0-1a9143e4dca5", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/8b429330-3096-4fe4-85e0-1a9143e4dca5" + }, + { + "name": "https://github.com/alagrede/znote-app/commit/d889337b9c3ed16ca1aa43837af0960321dd77f2", + "refsource": "MISC", + "url": "https://github.com/alagrede/znote-app/commit/d889337b9c3ed16ca1aa43837af0960321dd77f2" + } + ] + }, + "source": { + "advisory": "8b429330-3096-4fe4-85e0-1a9143e4dca5", + "discovery": "EXTERNAL" + } } \ No newline at end of file From 3f1b6683736b9c5fb1223d23427f2c8d1d331bba Mon Sep 17 00:00:00 2001 From: Ben Harvie Date: Mon, 19 Dec 2022 12:03:54 -0800 Subject: [PATCH 130/754] 9c66ece4-bcaa-417d-8b98-e8daff8a728b --- 2022/4xxx/CVE-2022-4615.json | 101 +++++++++++++++++++++++++++++------ 1 file changed, 86 insertions(+), 15 deletions(-) diff --git a/2022/4xxx/CVE-2022-4615.json b/2022/4xxx/CVE-2022-4615.json index 1e8c8e186574..6de2dc7a0f33 100644 --- a/2022/4xxx/CVE-2022-4615.json +++ b/2022/4xxx/CVE-2022-4615.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-4615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-4615", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Reflected in openemr/openemr" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openemr/openemr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "openemr" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b" + }, + { + "name": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14" + } + ] + }, + "source": { + "advisory": "9c66ece4-bcaa-417d-8b98-e8daff8a728b", + "discovery": "EXTERNAL" + } } \ No newline at end of file From 253877ac478138aadc1a35be4161dee55c4cb21a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 21:00:39 +0000 Subject: [PATCH 131/754] "-Synchronized-Data." --- 2022/38xxx/CVE-2022-38708.json | 83 ++++++++++++++++++++++++++++++++-- 2022/39xxx/CVE-2022-39160.json | 83 ++++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43883.json | 82 +++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43887.json | 83 ++++++++++++++++++++++++++++++++-- 2022/45xxx/CVE-2022-45041.json | 61 ++++++++++++++++++++++--- 5 files changed, 370 insertions(+), 22 deletions(-) diff --git a/2022/38xxx/CVE-2022-38708.json b/2022/38xxx/CVE-2022-38708.json index fbbba6b12440..90e90d45323a 100644 --- a/2022/38xxx/CVE-2022-38708.json +++ b/2022/38xxx/CVE-2022-38708.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.1.7 11.2.0, 11.2.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6841801", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6841801" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234180", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234180" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/39xxx/CVE-2022-39160.json b/2022/39xxx/CVE-2022-39160.json index d29e687a9a11..ef8689eac3ac 100644 --- a/2022/39xxx/CVE-2022-39160.json +++ b/2022/39xxx/CVE-2022-39160.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.1.7, 11.2.0, 11.2.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6841801", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6841801" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235064", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235064" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43883.json b/2022/43xxx/CVE-2022-43883.json index 713ad96d41b9..a9c3ba981af0 100644 --- a/2022/43xxx/CVE-2022-43883.json +++ b/2022/43xxx/CVE-2022-43883.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "117 Improper Output Neutralization for Logs" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.1.7, 11.2.0, 11.2.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6841801", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6841801" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240266", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240266" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43887.json b/2022/43xxx/CVE-2022-43887.json index 2fa90d20d886..3a57d9d223cf 100644 --- a/2022/43xxx/CVE-2022-43887.json +++ b/2022/43xxx/CVE-2022-43887.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.1.7, 11.2.0, 11.2.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6841801", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6841801" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240450" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/45xxx/CVE-2022-45041.json b/2022/45xxx/CVE-2022-45041.json index 41792121967b..5e2e1754eab7 100644 --- a/2022/45xxx/CVE-2022-45041.json +++ b/2022/45xxx/CVE-2022-45041.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45041", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45041", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection exits in xinhu < 2.5.0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/N1k0la-T/somefiles/blob/main/sqli.py", + "refsource": "MISC", + "name": "https://github.com/N1k0la-T/somefiles/blob/main/sqli.py" + }, + { + "refsource": "MISC", + "name": "https://github.com/N1k0la-T/vulnerability/issues/1", + "url": "https://github.com/N1k0la-T/vulnerability/issues/1" } ] } From 46916ea0fb526b8570fed7024927ac3cbe50ee44 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Dec 2022 22:00:39 +0000 Subject: [PATCH 132/754] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23536.json | 113 +++++++++++++++++++++++++++++++-- 2022/23xxx/CVE-2022-23543.json | 76 ++++++++++++++++++++-- 2022/40xxx/CVE-2022-40434.json | 66 +++++++++++++++++-- 2022/44xxx/CVE-2022-44940.json | 56 ++++++++++++++-- 4 files changed, 291 insertions(+), 20 deletions(-) diff --git a/2022/23xxx/CVE-2022-23536.json b/2022/23xxx/CVE-2022-23536.json index 42e9e86fb23a..7468fc869d10 100644 --- a/2022/23xxx/CVE-2022-23536.json +++ b/2022/23xxx/CVE-2022-23536.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-184: Incomplete List of Disallowed Inputs", + "cweId": "CWE-184" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-641: Improper Restriction of Names for Files and Other Resources", + "cweId": "CWE-641" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cortexproject", + "product": { + "product_data": [ + { + "product_name": "cortex", + "version": { + "version_data": [ + { + "version_value": ">= 1.13.0, <= 1.13.1", + "version_affected": "=" + }, + { + "version_value": "= 1.14.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j", + "refsource": "MISC", + "name": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j" + }, + { + "url": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration", + "refsource": "MISC", + "name": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration" + }, + { + "url": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2", + "refsource": "MISC", + "name": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2" + }, + { + "url": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1", + "refsource": "MISC", + "name": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1" + } + ] + }, + "source": { + "advisory": "GHSA-cq2g-pw6q-hf7j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23543.json b/2022/23xxx/CVE-2022-23543.json index 22805b6eab4e..9f80a85060c4 100644 --- a/2022/23xxx/CVE-2022-23543.json +++ b/2022/23xxx/CVE-2022-23543.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `