admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-26 18:00:41 +00:00
parent da20e31860
commit 0d237ecfce
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 910 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2022/0xxx/CVE-2022-0084.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0084",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xnio",
"version": {
"version_data": [
{
"version_value": "Fixed in v3.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 - Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0084",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"refsource": "MISC",
"name": "https://github.com/xnio/xnio/pull/291",
"url": "https://github.com/xnio/xnio/pull/291"
},
{
"refsource": "MISC",
"name": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12",
"url": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up."
}
]
}

60
2022/0xxx/CVE-2022-0168.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Affects v5.4\u20135.12, v5.13-rc+HEAD"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0168",
"url": "https://access.redhat.com/security/cve/CVE-2022-0168"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service (DOS) issue was found in the Linux kernel\u2019s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system."
}
]
}

60
2022/0xxx/CVE-2022-0171.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Fixed in kernel 5.18-rc4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-459 - Incomplete Cleanup."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2038940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038940"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0171",
"url": "https://access.redhat.com/security/cve/CVE-2022-0171"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV)."
}
]
}

70
2022/0xxx/CVE-2022-0175.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "virglrenderer",
"version": {
"version_data": [
{
"version_value": "Affects v0.9.0 and later."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-909 - Missing Initialization of Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2022-0175",
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0175"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0175",
"url": "https://access.redhat.com/security/cve/CVE-2022-0175"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure."
}
]
}

70
2022/0xxx/CVE-2022-0207.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "vdsm",
"version": {
"version_data": [
{
"version_value": "Fixed in v4.50.0.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"
},
{
"refsource": "MISC",
"name": "https://gerrit.ovirt.org/c/vdsm/+/118025",
"url": "https://gerrit.ovirt.org/c/vdsm/+/118025"
},
{
"refsource": "MISC",
"name": "https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=53b0036fc72d3b8877d4e7f047d705e5a4c722e8",
"url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=53b0036fc72d3b8877d4e7f047d705e5a4c722e8"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0207",
"url": "https://access.redhat.com/security/cve/CVE-2022-0207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text."
}
]
}

70
2022/0xxx/CVE-2022-0216.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "Affects QEMU < v6.0.0, Fixed in v7.1.0-rc0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 - Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://starlabs.sg/advisories/22/22-0216/",
"url": "https://starlabs.sg/advisories/22/22-0216/"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2036953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036953"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/issues/972",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/972"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0216",
"url": "https://access.redhat.com/security/cve/CVE-2022-0216"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service."
}
]
}

60
2022/0xxx/CVE-2022-0217.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "prosody",
"version": {
"version_data": [
{
"version_value": "Fixed in prosody 0.11.12, Affects all versions with support for WebSockets."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), CWE-20 - Improper Input Validation."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2040639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040639"
},
{
"refsource": "MISC",
"name": "https://prosody.im/security/advisory_20220113/",
"url": "https://prosody.im/security/advisory_20220113/"
},
{
"refsource": "MISC",
"name": "https://prosody.im/security/advisory_20220113/1.patch",
"url": "https://prosody.im/security/advisory_20220113/1.patch"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611)."
}
]
}

55
2022/0xxx/CVE-2022-0225.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "Not-Known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268"
},
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack."
}
]
}

116
2022/31xxx/CVE-2022-31773.json
View File

@ -1,73 +1,73 @@
{
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Access"
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
"data_type": "CVE",
"references": {
"reference_data": [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6615307 (DataPower Gateway)",
"url" : "https://www.ibm.com/support/pages/node/6615307",
"name" : "https://www.ibm.com/support/pages/node/6615307"
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6615307 (DataPower Gateway)",
"url": "https://www.ibm.com/support/pages/node/6615307",
"name": "https://www.ibm.com/support/pages/node/6615307"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/228357",
"name" : "ibm-datapower-cve202231773-csrf (228357)"
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228357",
"name": "ibm-datapower-cve202231773-csrf (228357)"
}
]
},
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"value" : "IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.",
"lang" : "eng"
"value": "IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.",
"lang": "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "2018.4.1.0"
"version_value": "2018.4.1.0"
},
{
"version_value" : "10.0.1.0"
"version_value": "10.0.1.0"
},
{
"version_value" : "10.0.2.0"
"version_value": "10.0.2.0"
},
{
"version_value" : "10.0.4.0"
"version_value": "10.0.4.0"
},
{
"version_value" : "2018.4.1.21"
"version_value": "2018.4.1.21"
},
{
"version_value" : "10.0.1.8"
"version_value": "10.0.1.8"
}
]
},
"product_name" : "DataPower Gateway"
"product_name": "DataPower Gateway"
}
]
}
@ -75,30 +75,30 @@
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-31773",
"DATE_PUBLIC" : "2022-08-25T00:00:00"
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-31773",
"DATE_PUBLIC": "2022-08-25T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM" : {
"C" : "H",
"SCORE" : "8.800",
"A" : "H",
"S" : "U",
"UI" : "R",
"I" : "H",
"AC" : "L",
"PR" : "N",
"AV" : "N"
"BM": {
"C": "H",
"SCORE": "8.800",
"A": "H",
"S": "U",
"UI": "R",
"I": "H",
"AC": "L",
"PR": "N",
"AV": "N"
}
}
}

61
2022/34xxx/CVE-2022-34301.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot",
"refsource": "MISC",
"name": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/309662",
"url": "https://www.kb.cert.org/vuls/id/309662"
}
]
}

61
2022/34xxx/CVE-2022-34302.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot",
"refsource": "MISC",
"name": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/309662",
"url": "https://www.kb.cert.org/vuls/id/309662"
}
]
}

61
2022/34xxx/CVE-2022-34303.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34303",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot",
"refsource": "MISC",
"name": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/309662",
"url": "https://www.kb.cert.org/vuls/id/309662"
}
]
}

108
2022/35xxx/CVE-2022-35714.json
View File

@ -1,93 +1,93 @@
{
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116."
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value" : "7.6.1.1"
"version_value": "7.6.1.1"
},
{
"version_value" : "7.6.1.2"
"version_value": "7.6.1.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"url" : "https://www.ibm.com/support/pages/node/6615273",
"title" : "IBM Security Bulletin 6615273 (Maximo Asset Management)",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6615273"
"url": "https://www.ibm.com/support/pages/node/6615273",
"title": "IBM Security Bulletin 6615273 (Maximo Asset Management)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6615273"
},
{
"name" : "ibm-maximo-cve202235714-xss (231116)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
"name": "ibm-maximo-cve202235714-xss (231116)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-35714",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-08-25T00:00:00"
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2022-35714",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-08-25T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
},
"BM" : {
"C" : "L",
"SCORE" : "5.400",
"A" : "N",
"UI" : "R",
"S" : "C",
"AV" : "N",
"PR" : "L",
"I" : "L",
"AC" : "L"
"BM": {
"C": "L",
"SCORE": "5.400",
"A": "N",
"UI": "R",
"S": "C",
"AV": "N",
"PR": "L",
"I": "L",
"AC": "L"
}
}
},
"data_format" : "MITRE"
"data_format": "MITRE"
}

56
2022/36xxx/CVE-2022-36522.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2021/Jul/0",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Jul/0"
}
]
}

18
2022/38xxx/CVE-2022-38784.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}