From 3bb04c7855fc8b2a52f782336e80aa8a494a92d0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 Apr 2022 17:01:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/41xxx/CVE-2021-41161.json | 2 +- 2021/46xxx/CVE-2021-46784.json | 18 ++++ 2022/0xxx/CVE-2022-0995.json | 5 + 2022/22xxx/CVE-2022-22436.json | 174 ++++++++++++++++----------------- 2022/24xxx/CVE-2022-24870.json | 2 +- 2022/28xxx/CVE-2022-28810.json | 5 + 2022/29xxx/CVE-2022-29563.json | 18 ++++ 2022/29xxx/CVE-2022-29564.json | 18 ++++ 8 files changed, 153 insertions(+), 89 deletions(-) create mode 100644 2021/46xxx/CVE-2021-46784.json create mode 100644 2022/29xxx/CVE-2022-29563.json create mode 100644 2022/29xxx/CVE-2022-29564.json diff --git a/2021/41xxx/CVE-2021-41161.json b/2021/41xxx/CVE-2021-41161.json index 6ad5dda7901..76203c1db90 100644 --- a/2021/41xxx/CVE-2021-41161.json +++ b/2021/41xxx/CVE-2021-41161.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue.\n" + "value": "Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue." } ] }, diff --git a/2021/46xxx/CVE-2021-46784.json b/2021/46xxx/CVE-2021-46784.json new file mode 100644 index 00000000000..91607a651d1 --- /dev/null +++ b/2021/46xxx/CVE-2021-46784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0995.json b/2022/0xxx/CVE-2022-0995.json index abea1b72272..1c9ca2ef00c 100644 --- a/2022/0xxx/CVE-2022-0995.json +++ b/2022/0xxx/CVE-2022-0995.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html", "url": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html", + "url": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html" } ] }, diff --git a/2022/22xxx/CVE-2022-22436.json b/2022/22xxx/CVE-2022-22436.json index 50320c64821..4259a3b331b 100644 --- a/2022/22xxx/CVE-2022-22436.json +++ b/2022/22xxx/CVE-2022-22436.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AC" : "L", - "I" : "L", - "S" : "C", - "UI" : "R", - "SCORE" : "5.400", - "C" : "L", - "PR" : "L", - "AV" : "N", - "A" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6.1.2" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + }, + "BM": { + "AC": "L", + "I": "L", + "S": "C", + "UI": "R", + "SCORE": "5.400", + "C": "L", + "PR": "L", + "AV": "N", + "A": "N" } - ] - } - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2022-22436", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2022-04-20T00:00:00" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6573667 (Maximo Asset Management)", - "url" : "https://www.ibm.com/support/pages/node/6573667", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6573667" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/224164", - "name" : "ibm-maximo-cve202222436-xss (224164)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6.1.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0" -} + } + }, + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2022-22436", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2022-04-20T00:00:00" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6573667 (Maximo Asset Management)", + "url": "https://www.ibm.com/support/pages/node/6573667", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6573667" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224164", + "name": "ibm-maximo-cve202222436-xss (224164)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0" +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24870.json b/2022/24xxx/CVE-2022-24870.json index cb87873bd63..0126ab01643 100644 --- a/2022/24xxx/CVE-2022-24870.json +++ b/2022/24xxx/CVE-2022-24870.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue.\n" + "value": "Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to upgrade. There are no known workarounds for this issue." } ] }, diff --git a/2022/28xxx/CVE-2022-28810.json b/2022/28xxx/CVE-2022-28810.json index e627d9ba29c..60d2cb6396e 100644 --- a/2022/28xxx/CVE-2022-28810.json +++ b/2022/28xxx/CVE-2022-28810.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html", "url": "https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html", + "url": "http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html" } ] } diff --git a/2022/29xxx/CVE-2022-29563.json b/2022/29xxx/CVE-2022-29563.json new file mode 100644 index 00000000000..27a14ae1787 --- /dev/null +++ b/2022/29xxx/CVE-2022-29563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-29563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29564.json b/2022/29xxx/CVE-2022-29564.json new file mode 100644 index 00000000000..bca6bf8d29a --- /dev/null +++ b/2022/29xxx/CVE-2022-29564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-29564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file