admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-24 16:00:47 +00:00
parent e1b752da32
commit 91427f014b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
31 changed files with 845 additions and 590 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/21xxx/CVE-2020-21046.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local privilege escalation vulnerability was identified within the \"luminati_net_updater_win_eagleget_com\" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://eagleget.com",
"refsource": "MISC",
"name": "http://eagleget.com"
},
{
"refsource": "MISC",
"name": "https://medium.com/@n1pwn/local-privilege-escalation-in-eagleget-1fde79fe47c0",
"url": "https://medium.com/@n1pwn/local-privilege-escalation-in-eagleget-1fde79fe47c0"
}
]
}

186
2021/29xxx/CVE-2021-29768.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29768",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6597241",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6597241",
"title" : "IBM Security Bulletin 6597241 (Cognos Analytics)"
},
{
"name" : "ibm-cognos-cve202129768-info-disc (202682)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202682"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"I" : "N",
"UI" : "N",
"AC" : "L",
"A" : "N",
"S" : "U",
"C" : "L",
"AV" : "N",
"SCORE" : "4.300"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29768",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
},
"product_name" : "Cognos Analytics"
}
]
}
"name": "https://www.ibm.com/support/pages/node/6597241",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6597241",
"title": "IBM Security Bulletin 6597241 (Cognos Analytics)"
},
{
"name": "ibm-cognos-cve202129768-info-disc (202682)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202682"
}
]
}
}
}
]
},
"description": {
"description_data": [
{
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"PR": "L",
"I": "N",
"UI": "N",
"AC": "L",
"A": "N",
"S": "U",
"C": "L",
"AV": "N",
"SCORE": "4.300"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
},
"product_name": "Cognos Analytics"
}
]
}
}
]
}
}
}

186
2021/38xxx/CVE-2021-38945.json
View File

@ -1,96 +1,96 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"PR" : "L",
"UI" : "R",
"AC" : "L",
"A" : "N",
"S" : "U",
"C" : "L",
"AV" : "N",
"SCORE" : "6.300"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6597241",
"title" : "IBM Security Bulletin 6597241 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/6597241",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/211238",
"refsource" : "XF",
"name" : "ibm-cognos-cve202138945-file-upload (211238)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238."
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
},
"product_name" : "Cognos Analytics"
}
]
}
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"PR": "L",
"UI": "R",
"AC": "L",
"A": "N",
"S": "U",
"C": "L",
"AV": "N",
"SCORE": "6.300"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6597241",
"title": "IBM Security Bulletin 6597241 (Cognos Analytics)",
"name": "https://www.ibm.com/support/pages/node/6597241",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211238",
"refsource": "XF",
"name": "ibm-cognos-cve202138945-file-upload (211238)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238."
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
},
"product_name": "Cognos Analytics"
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0"
}

198
2021/39xxx/CVE-2021-39047.json
View File

@ -1,102 +1,102 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6565099",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6565099",
"title" : "IBM Security Bulletin 6565099 (Planning Analytics)"
},
{
"name" : "https://www.ibm.com/support/pages/node/6597241",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6597241",
"title" : "IBM Security Bulletin 6597241 (Cognos Analytics)"
},
{
"name" : "ibm-cognos-cve202139047-xss (214349)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214349"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"I" : "L",
"UI" : "R",
"AC" : "L",
"A" : "N",
"S" : "C",
"C" : "L",
"AV" : "N",
"SCORE" : "6.100"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2021-39047",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-06-22T00:00:00"
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349."
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6565099",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6565099",
"title": "IBM Security Bulletin 6565099 (Planning Analytics)"
},
{
"name": "https://www.ibm.com/support/pages/node/6597241",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6597241",
"title": "IBM Security Bulletin 6597241 (Cognos Analytics)"
},
{
"name": "ibm-cognos-cve202139047-xss (214349)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214349"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"I": "L",
"UI": "R",
"AC": "L",
"A": "N",
"S": "C",
"C": "L",
"AV": "N",
"SCORE": "6.100"
},
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-39047",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-22T00:00:00"
}
}

5
2021/3xxx/CVE-2021-3611.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/issues/542",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0001/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
}
]
},

5
2021/3xxx/CVE-2021-3750.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://gitlab.com/qemu-project/qemu/-/issues/556",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/556"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0003/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0003/"
}
]
},

4
2022/20xxx/CVE-2022-20828.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user.\r This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module.\r Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.\r "
"value": "A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2022/20xxx/CVE-2022-20829.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software.\r This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine.\r Notes:\r \r To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software.\r Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM.\r \r Cisco has released and will release software updates that address this vulnerability. "
"value": "A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

5
2022/21xxx/CVE-2022-21123.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-177a008b98",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0008/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0008/"
}
]
},

5
2022/21xxx/CVE-2022-21125.json
View File

@ -68,6 +68,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-177a008b98",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0008/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0008/"
}
]
},

5
2022/21xxx/CVE-2022-21127.json
View File

@ -53,6 +53,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0008/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0008/"
}
]
},

5
2022/21xxx/CVE-2022-21166.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-177a008b98",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0008/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0008/"
}
]
},

5
2022/21xxx/CVE-2022-21180.json
View File

@ -53,6 +53,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0006/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0006/"
}
]
},

180
2022/22xxx/CVE-2022-22502.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "21.0.1"
},
{
"version_value" : "21.0.2"
}
]
},
"product_name" : "Robotic Process Automation"
}
]
}
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2022-22502",
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6597667",
"title" : "IBM Security Bulletin 6597667 (Robotic Process Automation)",
"url" : "https://www.ibm.com/support/pages/node/6597667"
},
{
"refsource" : "XF",
"name" : "ibm-rpa-cve202222502-xss (227124)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/227124"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "R",
"I" : "L",
"PR" : "L",
"AC" : "L",
"A" : "N",
"S" : "C",
"C" : "L",
"SCORE" : "5.400",
"AV" : "N"
}
}
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
},
"product_name": "Robotic Process Automation"
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2022-22502",
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6597667",
"title": "IBM Security Bulletin 6597667 (Robotic Process Automation)",
"url": "https://www.ibm.com/support/pages/node/6597667"
},
{
"refsource": "XF",
"name": "ibm-rpa-cve202222502-xss (227124)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227124"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "R",
"I": "L",
"PR": "L",
"AC": "L",
"A": "N",
"S": "C",
"C": "L",
"SCORE": "5.400",
"AV": "N"
}
}
}
}

5
2022/24xxx/CVE-2022-24436.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0007/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
}
]
},

5
2022/26xxx/CVE-2022-26377.json
View File

@ -78,6 +78,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-26377: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/2"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},

56
2022/27xxx/CVE-2022-27238.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-27238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to the victim or when notification about the attacker leaving room is displayed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/",
"url": "https://www.mgm-sp.com/en/cve-2022-27238-bigbluebutton-xss/"
}
]
}

5
2022/28xxx/CVE-2022-28330.json
View File

@ -79,6 +79,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-28330: Apache HTTP Server: read beyond bounds in mod_isapi",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/3"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},

7
2022/28xxx/CVE-2022-28614.json
View File

@ -85,6 +85,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/4"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},
@ -98,4 +103,4 @@
"value": "released in 2.4.54"
}
]
}
}

5
2022/28xxx/CVE-2022-28615.json
View File

@ -78,6 +78,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-28615: Apache HTTP Server: Read beyond bounds in ap_strcmp_match()",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/9"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},

5
2022/28xxx/CVE-2022-28738.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2022-28738",
"url": "https://security-tracker.debian.org/tracker/CVE-2022-28738"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0002/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0002/"
}
]
}

5
2022/28xxx/CVE-2022-28739.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/",
"url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0002/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0002/"
}
]
}

61
2022/29xxx/CVE-2022-29330.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-29330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://vitalpbx.com",
"refsource": "MISC",
"name": "http://vitalpbx.com"
},
{
"refsource": "MISC",
"name": "https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day",
"url": "https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day"
}
]
}

5
2022/29xxx/CVE-2022-29404.json
View File

@ -77,6 +77,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-29404: Apache HTTP Server: Denial of service in mod_lua r:parsebody",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/5"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},

18
2022/2xxx/CVE-2022-2198.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2022/30xxx/CVE-2022-30126.json
View File

@ -88,6 +88,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220531 CVE-2022-30973: Apache Tika: Missing fix for CVE-2022-30126 in 1.28.2",
"url": "http://www.openwall.com/lists/oss-security/2022/05/31/2"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0004/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0004/"
}
]
},

5
2022/30xxx/CVE-2022-30522.json
View File

@ -77,6 +77,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-30522: Apache HTTP Server: mod_sed denial of service",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/6"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},

5
2022/30xxx/CVE-2022-30556.json
View File

@ -77,6 +77,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-30556: Apache HTTP Server: Information Disclosure in mod_lua with websockets",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/7"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},

204
2022/31xxx/CVE-2022-31767.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ID" : "CVE-2022-31767"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6597533 (CICS TX Standard)",
"url" : "https://www.ibm.com/support/pages/node/6597533",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6597533"
},
{
"title" : "IBM Security Bulletin 6597531 (CICS TX Advanced)",
"url" : "https://www.ibm.com/support/pages/node/6597531",
"name" : "https://www.ibm.com/support/pages/node/6597531",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-cics-cve202231767-command-execution (227980)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/227980",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"SCORE" : "9.800",
"C" : "H",
"S" : "U",
"A" : "H",
"AC" : "L",
"PR" : "N",
"I" : "H",
"UI" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ID": "CVE-2022-31767"
},
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
},
"product_name" : "CICS TX Advanced"
},
{
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
},
"product_name" : "CICS TX Standard"
}
]
}
"title": "IBM Security Bulletin 6597533 (CICS TX Standard)",
"url": "https://www.ibm.com/support/pages/node/6597533",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6597533"
},
{
"title": "IBM Security Bulletin 6597531 (CICS TX Advanced)",
"url": "https://www.ibm.com/support/pages/node/6597531",
"name": "https://www.ibm.com/support/pages/node/6597531",
"refsource": "CONFIRM"
},
{
"name": "ibm-cics-cve202231767-command-execution (227980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227980",
"title": "X-Force Vulnerability Report"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
},
"description": {
"description_data": [
{
"value": "IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"SCORE": "9.800",
"C": "H",
"S": "U",
"A": "H",
"AC": "L",
"PR": "N",
"I": "H",
"UI": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.1"
}
]
},
"product_name": "CICS TX Advanced"
},
{
"version": {
"version_data": [
{
"version_value": "11.1"
}
]
},
"product_name": "CICS TX Standard"
}
]
}
}
]
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}

5
2022/31xxx/CVE-2022-31813.json
View File

@ -78,6 +78,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220608 CVE-2022-31813: Apache HTTP Server: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism",
"url": "http://www.openwall.com/lists/oss-security/2022/06/08/8"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220624-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220624-0005/"
}
]
},

180
2022/33xxx/CVE-2022-33953.json
View File

@ -1,93 +1,93 @@
{
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "21.0.1"
},
{
"version_value" : "21.0.2"
}
]
},
"product_name" : "Robotic Process Automation"
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-33953",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-06-22T00:00:00"
},
"description" : {
"description_data" : [
{
"value" : "IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6597669",
"url" : "https://www.ibm.com/support/pages/node/6597669",
"title" : "IBM Security Bulletin 6597669 (Robotic Process Automation)"
},
{
"name" : "ibm-rpa-cve202233953-info-disc (229198)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/229198",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AV" : "P",
"SCORE" : "4.600",
"C" : "H",
"S" : "U",
"A" : "N",
"AC" : "L",
"I" : "N",
"PR" : "N",
"UI" : "N"
}
}
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "21.0.1"
},
{
"version_value": "21.0.2"
}
]
},
"product_name": "Robotic Process Automation"
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2022-33953",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-22T00:00:00"
},
"description": {
"description_data": [
{
"value": "IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6597669",
"url": "https://www.ibm.com/support/pages/node/6597669",
"title": "IBM Security Bulletin 6597669 (Robotic Process Automation)"
},
{
"name": "ibm-rpa-cve202233953-info-disc (229198)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229198",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AV": "P",
"SCORE": "4.600",
"C": "H",
"S": "U",
"A": "N",
"AC": "L",
"I": "N",
"PR": "N",
"UI": "N"
}
}
}
}