admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-23 18:00:34 +00:00
parent a984747787
commit a644140cd0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 1170 additions and 469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

252
2022/22xxx/CVE-2022-22423.json
View File

@ -1,129 +1,129 @@
{
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-22423",
"DATE_PUBLIC" : "2022-09-22T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "CCA for MTM 4767",
"version" : {
"version_data" : [
{
"version_value" : "5.7.11"
},
{
"version_value" : "5.0"
},
{
"version_value" : "5.1"
},
{
"version_value" : "5.2"
},
{
"version_value" : "5.3"
},
{
"version_value" : "5.4"
},
{
"version_value" : "5.5"
},
{
"version_value" : "5.6"
},
{
"version_value" : "5.7"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
},
{
"version_value" : "7.3.43"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6695893",
"url" : "https://www.ibm.com/support/pages/node/6695893",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6695893 (AIX)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/223596",
"name" : "ibm-cca-cve202222423-dos (223596)"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"I" : "N",
"AC" : "L",
"UI" : "N",
"PR" : "L",
"C" : "N",
"SCORE" : "6.500",
"AV" : "L",
"A" : "H"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
}
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22423",
"DATE_PUBLIC": "2022-09-22T00:00:00",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CCA for MTM 4767",
"version": {
"version_data": [
{
"version_value": "5.7.11"
},
{
"version_value": "5.0"
},
{
"version_value": "5.1"
},
{
"version_value": "5.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "5.6"
},
{
"version_value": "5.7"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.3"
},
{
"version_value": "7.3.43"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6695893",
"url": "https://www.ibm.com/support/pages/node/6695893",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6695893 (AIX)"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223596",
"name": "ibm-cca-cve202222423-dos (223596)"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"I": "N",
"AC": "L",
"UI": "N",
"PR": "L",
"C": "N",
"SCORE": "6.500",
"AV": "L",
"A": "H"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
}
}

176
2022/34xxx/CVE-2022-34348.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-09-22T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2022-34348"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.1"
}
]
},
"product_name" : "Partner Engagement Manager"
}
]
}
}
]
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6695927 (Partner Engagement Manager)",
"url" : "https://www.ibm.com/support/pages/node/6695927",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6695927"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/230017",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202234348-xxe (230017)"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"S" : "U",
"AC" : "L",
"UI" : "N",
"PR" : "L",
"SCORE" : "7.100",
"C" : "H",
"AV" : "N",
"A" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-09-22T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2022-34348"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.1"
}
]
},
"product_name": "Partner Engagement Manager"
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017."
}
]
}
}
}
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6695927 (Partner Engagement Manager)",
"url": "https://www.ibm.com/support/pages/node/6695927",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6695927"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230017",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202234348-xxe (230017)"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "N",
"S": "U",
"AC": "L",
"UI": "N",
"PR": "L",
"SCORE": "7.100",
"C": "H",
"AV": "N",
"A": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017."
}
]
}
}

61
2022/35xxx/CVE-2022-35091.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35091.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35091.md"
}
]
}

61
2022/35xxx/CVE-2022-35092.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35092.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35092.md"
}
]
}

61
2022/35xxx/CVE-2022-35093.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35093.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35093.md"
}
]
}

61
2022/35xxx/CVE-2022-35094.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35094.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35094.md"
}
]
}

61
2022/35xxx/CVE-2022-35095.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35095.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35095.md"
}
]
}

61
2022/35xxx/CVE-2022-35096.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35096.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35096.md"
}
]
}

61
2022/35xxx/CVE-2022-35097.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35097.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35097.md"
}
]
}

61
2022/35xxx/CVE-2022-35098.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35098.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35098.md"
}
]
}

61
2022/35xxx/CVE-2022-35099.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-35099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-35099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matthiaskramm/swftools/issues/182",
"refsource": "MISC",
"name": "https://github.com/matthiaskramm/swftools/issues/182"
},
{
"refsource": "MISC",
"name": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35099.md",
"url": "https://github.com/Cvjark/Poc/blob/main/swftools/pdf2swf/CVE-2022-35099.md"
}
]
}

174
2022/35xxx/CVE-2022-35721.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Jazz for Service Management",
"version" : {
"version_data" : [
{
"version_value" : "1.1.3"
}
]
}
}
]
}
"value": "IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-09-22T00:00:00",
"ID" : "CVE-2022-35721",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "C",
"I" : "L",
"AC" : "L",
"UI" : "N",
"PR" : "L",
"C" : "L",
"SCORE" : "6.400",
"AV" : "N",
"A" : "N"
},
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6695811",
"url" : "https://www.ibm.com/support/pages/node/6695811",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6695811 (Jazz for Service Management)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/231380",
"refsource" : "XF",
"name" : "ibm-jazz-cve202235721-xss (231380)"
}
]
},
"data_type" : "CVE"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Jazz for Service Management",
"version": {
"version_data": [
{
"version_value": "1.1.3"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-09-22T00:00:00",
"ID": "CVE-2022-35721",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"BM": {
"S": "C",
"I": "L",
"AC": "L",
"UI": "N",
"PR": "L",
"C": "L",
"SCORE": "6.400",
"AV": "N",
"A": "N"
},
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6695811",
"url": "https://www.ibm.com/support/pages/node/6695811",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6695811 (Jazz for Service Management)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231380",
"refsource": "XF",
"name": "ibm-jazz-cve202235721-xss (231380)"
}
]
},
"data_type": "CVE"
}

66
2022/36xxx/CVE-2022-36338.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36338",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge"
},
{
"refsource": "MISC",
"name": "https://binarly.io/advisories/BRLY-2022-017/index.html",
"url": "https://binarly.io/advisories/BRLY-2022-017/index.html"
},
{
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge/SA-2022029",
"url": "https://www.insyde.com/security-pledge/SA-2022029"
}
]
}

61
2022/36xxx/CVE-2022-36944.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.scala-lang.org/download/",
"refsource": "MISC",
"name": "https://www.scala-lang.org/download/"
},
{
"refsource": "MISC",
"name": "https://github.com/scala/scala/pull/10118",
"url": "https://github.com/scala/scala/pull/10118"
}
]
}

2
2022/38xxx/CVE-2022-38339.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Safe Software FME Server v2022.0.1.1 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page."
"value": "Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page."
}
]
},

2
2022/38xxx/CVE-2022-38340.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Safe Software FME Server v2022.0.1.1 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload."
"value": "Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload."
}
]
},

2
2022/38xxx/CVE-2022-38341.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Safe Software FME Server v2022.0.1.1 and below does not employ server-side validation."
"value": "Safe Software FME Server v2021.2.5 and below does not employ server-side validation."
}
]
},

7
2022/38xxx/CVE-2022-38342.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks."
"value": "Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks."
}
]
},
@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://community.safe.com/s/article/Known-Issue-FME-Server-XXE-vulnerability-via-adding-a-repository-item",
"url": "https://community.safe.com/s/article/Known-Issue-FME-Server-XXE-vulnerability-via-adding-a-repository-item"
},
{
"refsource": "MISC",
"name": "https://community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload",
"url": "https://community.safe.com/s/article/Known-Issue-FME-Server-vulnerability-with-arbitrary-path-traversal-and-file-upload"
}
]
},

18
2022/3xxx/CVE-2022-3288.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/3xxx/CVE-2022-3289.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/3xxx/CVE-2022-3290.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2022/40xxx/CVE-2022-40358.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40358",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/ajaxplorer/files/ajaxplorer/stable-channel/4.2.3/"
},
{
"refsource": "MISC",
"name": "https://cxsecurity.com/issue/WLB-2022090059",
"url": "https://cxsecurity.com/issue/WLB-2022090059"
}
]
}

61
2022/40xxx/CVE-2022-40359.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40359",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://code.google.com/archive/p/kfm/downloads",
"refsource": "MISC",
"name": "https://code.google.com/archive/p/kfm/downloads"
},
{
"refsource": "MISC",
"name": "https://cxsecurity.com/issue/WLB-2022090057",
"url": "https://cxsecurity.com/issue/WLB-2022090057"
}
]
}

172
2022/40xxx/CVE-2022-40748.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6695961 (InfoSphere Information Server)",
"url" : "https://www.ibm.com/support/pages/node/6695961",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6695961"
},
{
"name" : "ibm-services-cve202240748-xss (236586)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/236586",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"SCORE" : "5.400",
"C" : "L",
"A" : "N",
"PR" : "L",
"I" : "L",
"S" : "C",
"UI" : "R",
"AC" : "L"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2022-40748",
"DATE_PUBLIC" : "2022-09-22T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "InfoSphere Information Server",
"version" : {
"version_data" : [
{
"version_value" : "11.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 6695961 (InfoSphere Information Server)",
"url": "https://www.ibm.com/support/pages/node/6695961",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6695961"
},
{
"name": "ibm-services-cve202240748-xss (236586)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236586",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AV": "N",
"SCORE": "5.400",
"C": "L",
"A": "N",
"PR": "L",
"I": "L",
"S": "C",
"UI": "R",
"AC": "L"
}
}
},
"CVE_data_meta": {
"ID": "CVE-2022-40748",
"DATE_PUBLIC": "2022-09-22T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "11.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.",
"lang" : "eng"
}
]
},
"data_version" : "4.0"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.",
"lang": "eng"
}
]
},
"data_version": "4.0"
}