admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-01 21:00:31 +00:00
parent 146079861b
commit d108c6fa4f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
50 changed files with 2381 additions and 759 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
2020/4xxx/CVE-2020-4301.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6615285",
"title" : "IBM Security Bulletin 6615285 (Cognos Analytics)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6615285"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/176609",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve20204301-csrf (176609)"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AC" : "L",
"I" : "L",
"SCORE" : "4.300",
"C" : "N",
"AV" : "N",
"UI" : "R",
"A" : "N",
"S" : "U",
"PR" : "N"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
},
"product_name" : "Cognos Analytics"
}
]
},
"vendor_name" : "IBM"
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.",
"lang": "eng"
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6615285",
"title": "IBM Security Bulletin 6615285 (Cognos Analytics)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6615285"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176609",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve20204301-csrf (176609)"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AC": "L",
"I": "L",
"SCORE": "4.300",
"C": "N",
"AV": "N",
"UI": "R",
"A": "N",
"S": "U",
"PR": "N"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
},
"product_name": "Cognos Analytics"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2020-4301",
"DATE_PUBLIC" : "2022-08-31T00:00:00",
"STATE" : "PUBLIC"
}
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4301",
"DATE_PUBLIC": "2022-08-31T00:00:00",
"STATE": "PUBLIC"
}
}

186
2021/20xxx/CVE-2021-20468.json
View File

@ -1,96 +1,96 @@
{
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6615285",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6615285",
"title" : "IBM Security Bulletin 6615285 (Cognos Analytics)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196825",
"name" : "ibm-cognos-cve202120468-csrf (196825)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20468",
"DATE_PUBLIC" : "2022-08-31T00:00:00",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AC" : "L",
"I" : "L",
"AV" : "N",
"C" : "N",
"SCORE" : "4.300",
"A" : "N",
"UI" : "R",
"S" : "U",
"PR" : "N"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.",
"lang": "eng"
}
]
}
}
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6615285",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6615285",
"title": "IBM Security Bulletin 6615285 (Cognos Analytics)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196825",
"name": "ibm-cognos-cve202120468-csrf (196825)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20468",
"DATE_PUBLIC": "2022-08-31T00:00:00",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AC": "L",
"I": "L",
"AV": "N",
"C": "N",
"SCORE": "4.300",
"A": "N",
"UI": "R",
"S": "U",
"PR": "N"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

184
2021/29xxx/CVE-2021-29823.json
View File

@ -1,96 +1,96 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6615285",
"name" : "https://www.ibm.com/support/pages/node/6615285",
"title" : "IBM Security Bulletin 6615285 (Cognos Analytics)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/204465",
"refsource" : "XF",
"name" : "ibm-cognos-cve202129823-csrf (204465)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"I" : "L",
"AC" : "L",
"AV" : "N",
"C" : "N",
"SCORE" : "4.300",
"PR" : "N",
"A" : "N",
"UI" : "R",
"S" : "U"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
}
}
]
}
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.",
"lang": "eng"
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6615285",
"name": "https://www.ibm.com/support/pages/node/6615285",
"title": "IBM Security Bulletin 6615285 (Cognos Analytics)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204465",
"refsource": "XF",
"name": "ibm-cognos-cve202129823-csrf (204465)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"I": "L",
"AC": "L",
"AV": "N",
"C": "N",
"SCORE": "4.300",
"PR": "N",
"A": "N",
"UI": "R",
"S": "U"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-08-31T00:00:00",
"ID" : "CVE-2021-29823",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2022-08-31T00:00:00",
"ID": "CVE-2021-29823",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
}
}

186
2021/39xxx/CVE-2021-39009.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-08-31T00:00:00",
"ID" : "CVE-2021-39009",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"C" : "H",
"AV" : "L",
"SCORE" : "4.400",
"AC" : "L",
"I" : "N",
"S" : "U",
"A" : "N",
"UI" : "N",
"PR" : "H"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
},
"product_name" : "Cognos Analytics"
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6615285",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6615285 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/6615285"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve202139009-info-disc (213554)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554"
}
]
}
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-08-31T00:00:00",
"ID": "CVE-2021-39009",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"C": "H",
"AV": "L",
"SCORE": "4.400",
"AC": "L",
"I": "N",
"S": "U",
"A": "N",
"UI": "N",
"PR": "H"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
},
"product_name": "Cognos Analytics"
}
]
}
}
]
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554."
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6615285",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6615285 (Cognos Analytics)",
"name": "https://www.ibm.com/support/pages/node/6615285"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve202139009-info-disc (213554)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554"
}
]
}
}

186
2021/39xxx/CVE-2021-39045.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-08-31T00:00:00",
"ID" : "CVE-2021-39045",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"C" : "H",
"AV" : "L",
"SCORE" : "6.200",
"AC" : "L",
"I" : "N",
"S" : "U",
"A" : "N",
"UI" : "N",
"PR" : "N"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6615285",
"title" : "IBM Security Bulletin 6615285 (Cognos Analytics)",
"url" : "https://www.ibm.com/support/pages/node/6615285"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-cognos-cve202139045-info-disc (214345)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/214345"
}
]
}
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-08-31T00:00:00",
"ID": "CVE-2021-39045",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"C": "H",
"AV": "L",
"SCORE": "6.200",
"AC": "L",
"I": "N",
"S": "U",
"A": "N",
"UI": "N",
"PR": "N"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6615285",
"title": "IBM Security Bulletin 6615285 (Cognos Analytics)",
"url": "https://www.ibm.com/support/pages/node/6615285"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve202139045-info-disc (214345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214345"
}
]
}
}

55
2022/1xxx/CVE-2022-1615.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1615",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Samba",
"version": {
"version_data": [
{
"version_value": "Samba 4.1 and newer"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=15103",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15103"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/samba-team/samba/-/merge_requests/2644",
"url": "https://gitlab.com/samba-team/samba/-/merge_requests/2644"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values."
}
]
}

55
2022/1xxx/CVE-2022-1632.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Openshift",
"version": {
"version_data": [
{
"version_value": "Openshift 4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2022-1632",
"url": "https://access.redhat.com/security/cve/cve-2022-1632"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality."
}
]
}

55
2022/1xxx/CVE-2022-1677.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Openshift",
"version": {
"version_data": [
{
"version_value": "Openshift 3.11 and 4.6 onwards"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2076211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076211"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1677",
"url": "https://access.redhat.com/security/cve/CVE-2022-1677"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control."
}
]
}

55
2022/1xxx/CVE-2022-1729.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1729",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "linux kernel",
"version": {
"version_data": [
{
"version_value": "linux kernel 5.18 rc9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-366"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/05/20/2",
"url": "https://www.openwall.com/lists/oss-security/2022/05/20/2"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc."
}
]
}

60
2022/1xxx/CVE-2022-1902.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Advanced Cluster Security for Kubernetes",
"version": {
"version_data": [
{
"version_value": "Red Hat Advanced Cluster Security for Kubernetes 3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1902",
"url": "https://access.redhat.com/security/cve/CVE-2022-1902"
},
{
"refsource": "MISC",
"name": "https://github.com/stackrox/stackrox/pull/1803",
"url": "https://github.com/stackrox/stackrox/pull/1803"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges."
}
]
}

70
2022/23xxx/CVE-2022-23452.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23452",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "openstack/barbican",
"version": {
"version_data": [
{
"version_value": "Fixed in v14.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 - Incorrect Authorization."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025090"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2022908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022908"
},
{
"refsource": "MISC",
"name": "https://storyboard.openstack.org/#!/story/2009297",
"url": "https://storyboard.openstack.org/#!/story/2009297"
},
{
"refsource": "MISC",
"name": "https://review.opendev.org/c/openstack/barbican/+/814200",
"url": "https://review.opendev.org/c/openstack/barbican/+/814200"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-23452",
"url": "https://access.redhat.com/security/cve/CVE-2022-23452"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service."
}
]
}

55
2022/2xxx/CVE-2022-2238.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Advanced Cluster Management for Kubernetes",
"version": {
"version_data": [
{
"version_value": "Red Hat Advanced Cluster Management for Kubernetes 2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89->CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2101669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101669"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2238",
"url": "https://access.redhat.com/security/cve/CVE-2022-2238"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting."
}
]
}

55
2022/2xxx/CVE-2022-2256.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "keycloak as shipped in Red Hat Single Sign-On 7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942"
},
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality."
}
]
}

50
2022/2xxx/CVE-2022-2308.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "uknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2103900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103900"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers."
}
]
}

55
2022/2xxx/CVE-2022-2319.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server 21.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1320"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938",
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939",
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length."
}
]
}

60
2022/2xxx/CVE-2022-2320.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_value": "xorg-x11-server 21.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938",
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938"
},
{
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939",
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939"
},
{
"refsource": "MISC",
"name": "https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc",
"url": "https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root."
}
]
}

55
2022/2xxx/CVE-2022-2403.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Openshift",
"version": {
"version_data": [
{
"version_value": "Openshift 4.9 onwards"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101959"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2403",
"url": "https://access.redhat.com/security/cve/CVE-2022-2403"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate."
}
]
}

55
2022/2xxx/CVE-2022-2447.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2447",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "openstack-keystone",
"version": {
"version_data": [
{
"version_value": "openstack-keystone as shipped in Red Hat OpenStack 16.1 and 16.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-324"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2105419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105419"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2447",
"url": "https://access.redhat.com/security/cve/CVE-2022-2447"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access."
}
]
}

55
2022/2xxx/CVE-2022-2639.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.18"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-192->CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2084479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084479"
},
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8",
"url": "https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
]
}

55
2022/2xxx/CVE-2022-2663.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-923"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2022/08/30/1",
"url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl@dgl.cx/T/",
"url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl@dgl.cx/T/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured."
}
]
}

55
2022/2xxx/CVE-2022-2738.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "podman",
"version": {
"version_data": [
{
"version_value": "podman 1.6.4-32.el7_9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2738",
"url": "https://access.redhat.com/security/cve/CVE-2022-2738"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification."
}
]
}

55
2022/2xxx/CVE-2022-2739.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "podman",
"version": {
"version_data": [
{
"version_value": "podman 1.6.4-32.el7_9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116927"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2739",
"url": "https://access.redhat.com/security/cve/CVE-2022-2739"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables."
}
]
}

50
2022/2xxx/CVE-2022-2764.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "undertow 2.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations."
}
]
}

50
2022/2xxx/CVE-2022-2806.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ovirt-log-collector",
"version": {
"version_data": [
{
"version_value": "sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/sosreport/sos/pull/2947",
"url": "https://github.com/sosreport/sos/pull/2947"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev"
}
]
}

6
2022/2xxx/CVE-2022-2831.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "Blender 3.3.0 Alpha"
"version_value": "Blender 3.3.0"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Integer Overflow"
"value": "CWE-190"
}
]
}
@ -65,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "A loaded (and valid) image can be crafted such that an out-of-bounds read or write occurs when the image converted to thumbnail that is flipped vertically. Crash occured in source/blender/blendthumb/src/blendthumb_extract.cc"
"value": "A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption."
}
]
}

6
2022/2xxx/CVE-2022-2832.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "Blender 3.3.0 Alpha"
"version_value": "Blender 3.3.0"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Null pointer reference"
"value": "CWE-395"
}
]
}
@ -65,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS."
"value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
}
]
}

184
2022/30xxx/CVE-2022-30614.json
View File

@ -1,96 +1,96 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6615285",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6615285 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/6615285"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591",
"refsource" : "XF",
"name" : "ibm-cognos-cve202230614-dos (227591)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591."
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Cognos Analytics",
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
}
}
]
}
"url": "https://www.ibm.com/support/pages/node/6615285",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6615285 (Cognos Analytics)",
"name": "https://www.ibm.com/support/pages/node/6615285"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227591",
"refsource": "XF",
"name": "ibm-cognos-cve202230614-dos (227591)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "6.500",
"C" : "N",
"AV" : "N",
"AC" : "L",
"I" : "N",
"S" : "U",
"UI" : "N",
"A" : "H",
"PR" : "L"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-30614",
"DATE_PUBLIC" : "2022-08-31T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cognos Analytics",
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
}
}
]
}
}
]
}
]
},
"data_format" : "MITRE"
}
}
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"SCORE": "6.500",
"C": "N",
"AV": "N",
"AC": "L",
"I": "N",
"S": "U",
"UI": "N",
"A": "H",
"PR": "L"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-30614",
"DATE_PUBLIC": "2022-08-31T00:00:00",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"data_format": "MITRE"
}

56
2022/36xxx/CVE-2022-36601.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/",
"refsource": "MISC",
"name": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/"
}
]
}

56
2022/36xxx/CVE-2022-36602.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/",
"refsource": "MISC",
"name": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/"
}
]
}

56
2022/36xxx/CVE-2022-36603.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/",
"refsource": "MISC",
"name": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/"
}
]
}

56
2022/36xxx/CVE-2022-36604.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/",
"refsource": "MISC",
"name": "https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/"
}
]
}

66
2022/36xxx/CVE-2022-36621.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36621",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"url": "https://github.com/Samsung/mTower",
"refsource": "MISC",
"name": "https://github.com/Samsung/mTower"
},
{
"url": "https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api_objects.c#L223",
"refsource": "MISC",
"name": "https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api_objects.c#L223"
}
]
}

71
2022/36xxx/CVE-2022-36622.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36622",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-36622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"url": "https://github.com/Samsung/mTower",
"refsource": "MISC",
"name": "https://github.com/Samsung/mTower"
},
{
"url": "https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api_objects.c#L84",
"refsource": "MISC",
"name": "https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api_objects.c#L84"
},
{
"url": "https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/tee/tee_svc.c#L965",
"refsource": "MISC",
"name": "https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/tee/tee_svc.c#L965"
}
]
}

186
2022/36xxx/CVE-2022-36773.json
View File

@ -1,96 +1,96 @@
{
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-08-31T00:00:00",
"ID" : "CVE-2022-36773",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"I" : "N",
"AV" : "N",
"C" : "H",
"SCORE" : "7.100",
"A" : "L",
"UI" : "N",
"S" : "U",
"PR" : "L"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-08-31T00:00:00",
"ID": "CVE-2022-36773",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.2.0"
},
{
"version_value" : "11.1.7"
},
{
"version_value" : "11.2.1"
}
]
},
"product_name" : "Cognos Analytics"
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6615285 (Cognos Analytics)",
"name" : "https://www.ibm.com/support/pages/node/6615285",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6615285"
},
{
"name" : "ibm-cognos-cve202236773-xxe (233571)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571"
}
]
}
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"I": "N",
"AV": "N",
"C": "H",
"SCORE": "7.100",
"A": "L",
"UI": "N",
"S": "U",
"PR": "L"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.2.0"
},
{
"version_value": "11.1.7"
},
{
"version_value": "11.2.1"
}
]
},
"product_name": "Cognos Analytics"
}
]
}
}
]
}
},
"data_version": "4.0",
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6615285 (Cognos Analytics)",
"name": "https://www.ibm.com/support/pages/node/6615285",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6615285"
},
{
"name": "ibm-cognos-cve202236773-xxe (233571)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233571"
}
]
}
}

50
2022/38xxx/CVE-2022-38126.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.39"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=29289",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29289"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service."
}
]
}

50
2022/38xxx/CVE-2022-38127.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38127",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.39"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=29290",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29290"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data."
}
]
}

50
2022/38xxx/CVE-2022-38128.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-38128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.39"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=29370",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29370"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker."
}
]
}

18
2022/39xxx/CVE-2022-39160.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39160",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39161.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39162.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39162",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39163.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39164.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39165.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39166.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39167.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39168.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/39xxx/CVE-2022-39169.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2022/3xxx/CVE-2022-3078.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3078",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.16-rc6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e6a21a14106d9718aa4f8e115b1e474888eeba44",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e6a21a14106d9718aa4f8e115b1e474888eeba44"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c."
}
]
}

18
2022/3xxx/CVE-2022-3092.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/3xxx/CVE-2022-3093.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}