Auto-Update: 2024-10-25T18:00:18.940756+00:00

CVE-2022/CVE-2022-303xx/CVE-2022-30354.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30354",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T16:15:08.663",
+  "lastModified": "2024-10-25T16:15:08.663",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30354",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-303xx/CVE-2022-30355.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30355",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T16:15:08.733",
+  "lastModified": "2024-10-25T16:15:08.733",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30355",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-303xx/CVE-2022-30356.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30356",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T17:15:03.387",
+  "lastModified": "2024-10-25T17:15:03.387",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/privilege-escalation#cve-2022-30356",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-303xx/CVE-2022-30357.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30357",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T17:15:03.450",
+  "lastModified": "2024-10-25T17:15:03.450",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30357",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-303xx/CVE-2022-30358.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30358",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T17:15:03.507",
+  "lastModified": "2024-10-25T17:15:03.507",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30358",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-303xx/CVE-2022-30359.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30359",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T17:15:03.570",
+  "lastModified": "2024-10-25T17:15:03.570",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30359",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-303xx/CVE-2022-30360.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30360",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T17:15:03.630",
+  "lastModified": "2024-10-25T17:15:03.630",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/stored-xss#cve-2022-30360",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-303xx/CVE-2022-30361.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2022-30361",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-25T17:15:03.700",
+  "lastModified": "2024-10-25T17:15:03.700",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2022/CVE-2022-489xx/CVE-2022-48989.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-48989",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-10-21T20:15:10.820",
-  "lastModified": "2024-10-23T15:13:25.583",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-10-25T16:02:05.787",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -15,15 +15,115 @@
       "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fscache: Corregir oops debido a ejecuci\u00f3n con cookie_lru y use_cookie Si una cookie caduca desde la LRU y el indicador LRU_DISCARD est\u00e1 configurado, pero la m\u00e1quina de estado a\u00fan no se ha ejecutado, es posible que otro hilo pueda llamar a fscache_use_cookie y comenzar a usarlo. Cuando finalmente se ejecuta cookie_worker, ver\u00e1 el indicador LRU_DISCARD configurado, har\u00e1 la transici\u00f3n de cookie->state a LRU_DISCARDING, que luego retirar\u00e1 la cookie. Una vez que se retira la cookie, se elimina el objeto, se producir\u00e1n los siguientes oops porque el objeto asociado con la cookie ahora es NULL. Corrija los oops borrando el bit LRU_DISCARD si otro hilo usa la cookie antes de que se ejecute cookie_worker. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000008 ... CPU: 31 PID: 44773 Comm: kworker/u130:1 Contaminado: GE 6.0.0-5.dneg.x86_64 #1 Nombre del hardware: Google Compute Engine/Google Compute Engine, BIOS Google 26/08/2022 Cola de trabajo: events_unbound netfs_rreq_write_to_cache_work [netfs] RIP: 0010:cachefiles_prepare_write+0x28/0x90 [cachefiles] ... Seguimiento de llamadas: netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs] process_one_work+0x217/0x3e0 worker_thread+0x4a/0x3b0 hilo+0xd6/0x100"
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-362"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.17",
+              "versionEndExcluding": "6.0.13",
+              "matchCriteriaId": "42D50790-F3F1-4BBF-8C57-2D40CE73EC80"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
+              "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
+              "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
+              "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*",
+              "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*",
+              "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*",
+              "matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*",
+              "matchCriteriaId": "8535320E-A0DB-4277-800E-D0CE5BBA59E8"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*",
+              "matchCriteriaId": "21718AA4-4056-40F2-968E-BDAA465A7872"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://git.kernel.org/stable/c/37f0b459c9b67e14fe4dcc3a15d286c4436ed01d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://git.kernel.org/stable/c/b5b52de3214a29911f949459a79f6640969b5487",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     }
   ]
 }