"-Synchronized-Data."

2022/34xxx/CVE-2022-34711.json

@@ -244,7 +244,9 @@
     "references": {
         "reference_data": [
             {
-        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34711"
+                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34711",
+                "refsource": "MISC",
+                "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34711"
             }
         ]
     },

2022/35xxx/CVE-2022-35822.json

@@ -244,7 +244,9 @@
     "references": {
         "reference_data": [
             {
-        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35822"
+                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35822",
+                "refsource": "MISC",
+                "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35822"
             }
         ]
     },

2022/38xxx/CVE-2022-38186.json

@@ -1,6 +1,6 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "PSIRT@esri.com",
+        "ASSIGNER": "psirt@esri.com",
         "DATE_PUBLIC": "2022-06-28T17:04:00.000Z",
         "ID": "CVE-2022-38186",
         "STATE": "PUBLIC"
@@ -38,7 +38,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser."
+                "value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
             }
         ]
     },

2022/38xxx/CVE-2022-38188.json

@@ -1,6 +1,6 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "PSIRT@esri.com",
+        "ASSIGNER": "psirt@esri.com",
         "DATE_PUBLIC": "2022-06-28T17:19:00.000Z",
         "ID": "CVE-2022-38188",
         "STATE": "PUBLIC"
@@ -38,7 +38,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser."
+                "value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
             }
         ]
     },

2022/38xxx/CVE-2022-38190.json

@@ -1,6 +1,6 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "PSIRT@esri.com",
+        "ASSIGNER": "psirt@esri.com",
         "DATE_PUBLIC": "2022-06-28T17:26:00.000Z",
         "ID": "CVE-2022-38190",
         "STATE": "PUBLIC",
@@ -45,7 +45,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser"
+                "value": "A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user\u2019s browser"
             }
         ]
     },

2022/38xxx/CVE-2022-38368.json

@@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2022-38368",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access",
+                "refsource": "MISC",
+                "name": "https://docs.aviatrix.com/HowTos/PSIRT_Advisories.html#aviatrix-controller-and-gateways-unauthorized-access"
+            }
+        ]
+    }
+}