Skip to content

Commit

Permalink
"-Synchronized-Data."
Browse files Browse the repository at this point in the history
  • Loading branch information
@cve-team
cve-team committed Nov 23, 2022
1 parent 9f2d993 commit 6fd1d24
Show file tree
Hide file tree
Showing 15 changed files with 494 additions and 107 deletions.
53 changes: 51 additions & 2 deletions 2009/1xxx/CVE-2009-1142.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1142",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
Expand All @@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.gentoo.org/264577",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/264577"
},
{
"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848",
"refsource": "MISC",
"name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
}
]
}
Expand Down
53 changes: 51 additions & 2 deletions 2009/1xxx/CVE-2009-1143.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1143",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
Expand All @@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.gentoo.org/264577",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/264577"
},
{
"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848",
"refsource": "MISC",
"name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
}
]
}
Expand Down
15 changes: 15 additions & 0 deletions 2020/1xxx/CVE-2020-1045.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,21 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-48fa1ad65c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318",
"url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318"
},
{
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600",
"url": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3699",
"url": "https://access.redhat.com/errata/RHSA-2020:3699"
}
]
}
Expand Down
56 changes: 50 additions & 6 deletions 2021/35xxx/CVE-2021-35284.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rizalafani/cms-php/issues/1",
"refsource": "MISC",
"name": "https://github.com/rizalafani/cms-php/issues/1"
}
]
}
Expand Down
6 changes: 3 additions & 3 deletions 2021/38xxx/CVE-2021-38578.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
"version": {
"version_data": [
{
"version_value": "edk2-stable201808",
"version_value": "edk-stable202208",
"version_affected": "="
}
]
Expand Down Expand Up @@ -74,10 +74,10 @@
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6\">https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6</a><br>"
"value": "patch&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6\">https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6</a><br><br>"
}
],
"value": " https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n"
"value": "patch\u00a0 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n\n"
}
],
"impact": {
Expand Down
133 changes: 67 additions & 66 deletions 2022/23xxx/CVE-2022-23740.json
View file
Original file line number Diff line number Diff line change
@@ -1,73 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2022-23740",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.7",
"version_value": "3.7.1"
}
]
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2022-23740",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.7",
"version_value": "3.7.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-88"
}
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1",
"name": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"source": {
"discovery": "EXTERNAL"
}
}
Loading

0 comments on commit 6fd1d24

Please sign in to comment.