admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-07 12:00:35 +00:00
parent 1a62410484
commit 28fc5d286a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
2 changed files with 78 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2022/2xxx/CVE-2022-2188.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2188",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "trellixpsirt@trellix.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-274: Privilege Escalation "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trellix",
"product": {
"product_data": [
{
"product_name": "DXL Broker",
"version": {
"version_data": [
{
"version_value": "5.x",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10383",
"refsource": "MISC",
"name": "https://kcm.trellix.com/corporate/index?page=content&id=SB10383"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

9
2022/37xxx/CVE-2022-37865.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "With Apache Ivy 2.4.0 an optional packaging attribute has been\nintroduced that allows artifacts to be unpacked on the fly if they used\npack200 or zip packaging.\n\nFor artifacts using the \"zip\", \"jar\" or \"war\" packaging Ivy prior to\n2.5.1 doesn't verify the target path when extracting the archive. An\narchive containing absolute paths or paths that try to traverse\n\"upwards\" using \"..\" sequences can then write files to any location on\nthe local fie system that the user executing Ivy has write access to.\n\nIvy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1."
"value": "With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the \"zip\", \"jar\" or \"war\" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse \"upwards\" using \"..\" sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1."
}
]
},
@ -73,12 +73,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy",
"name": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}