admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-13 16:00:35 +00:00
parent 174cb21fad
commit 4094ed9fa6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 581 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/0xxx/CVE-2022-0718.json
View File

@ -68,6 +68,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0718",
"url": "https://access.redhat.com/security/cve/CVE-2022-0718"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220913 [SECURITY] [DLA 3106-1] python-oslo.utils security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html"
}
]
},

2
2022/1xxx/CVE-2022-1697.json
View File

@ -65,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path, which can lead to privilege escalation. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation."
"value": "Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation."
}
]
}

2
2022/21xxx/CVE-2022-21225.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access."
"value": "Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access."
}
]
}

63
2022/35xxx/CVE-2022-35292.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business One",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In SAP Business One application when a service is created, the executable path contains spaces and isn\u2019t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3",
"refsource": "MISC",
"name": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3223392",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3223392"
}
]
}

119
2022/35xxx/CVE-2022-35294.json
View File

@ -4,14 +4,127 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KRNL64NUC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "KRNL64UC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "KERNEL 7.22"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.89"
},
{
"version_affected": "=",
"version_value": "7.54"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3",
"refsource": "MISC",
"name": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3218177",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3218177"
}
]
}

67
2022/35xxx/CVE-2022-35295.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence Platform (Version Management System)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "420"
},
{
"version_affected": "=",
"version_value": "430"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) - versions 420, 430, exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3",
"refsource": "MISC",
"name": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3159736",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3159736"
}
]
}

63
2022/35xxx/CVE-2022-35298.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35298",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Enterprise Portal (KMC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\u2019s web browser session."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3",
"refsource": "MISC",
"name": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3219164",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3219164"
}
]
}

63
2022/39xxx/CVE-2022-39014.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence Platform (CMC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "430"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3",
"refsource": "MISC",
"name": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3217303",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3217303"
}
]
}

79
2022/39xxx/CVE-2022-39799.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39799",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KERNEL 7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.89"
},
{
"version_affected": "=",
"version_value": "7.54"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3",
"refsource": "MISC",
"name": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3229820",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3229820"
}
]
}

71
2022/39xxx/CVE-2022-39801.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP GRC Access Control Emergency Access Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1100_700"
},
{
"version_affected": "=",
"version_value": "V1100_731"
},
{
"version_affected": "=",
"version_value": "V1200_750"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3",
"refsource": "MISC",
"name": "https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3237075",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3237075"
}
]
}

55
2022/3xxx/CVE-2022-3170.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "fixed in kernel 6.0-rc4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/6ab55ec0a938c7f943a4edba3d6514f775983887",
"url": "https://github.com/torvalds/linux/commit/6ab55ec0a938c7f943a4edba3d6514f775983887"
},
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/5934d9a0383619c14df91af8fd76261dc3de2f5f",
"url": "https://github.com/torvalds/linux/commit/5934d9a0383619c14df91af8fd76261dc3de2f5f"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system."
}
]
}

18
2022/3xxx/CVE-2022-3206.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}