admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:CVEProject/cvelist

Browse Source
This commit is contained in:
CVE Team 2022-10-07 18:00:22 +00:00
commit f4a0675fdf
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 611 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
2020/13xxx/CVE-2020-13498.json
View File

@ -1,44 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13498",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-11-12",
"ASSIGNER": "talos-cna@cisco.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Pixar",
"version": {
"version_data": [
{
"version_value": "Pixar OpenUSD 20.05, Apple macOS Catalina 10.15.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
"description": {
"description_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
"lang": "eng",
"value": "An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file."
}
]
},
@ -51,14 +25,6 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.3,
@ -66,5 +32,59 @@
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_value": "Catalina 10.15.3",
"version_affected": "="
}
]
}
}
]
}
},
{
"vendor_name": "Pixar",
"product": {
"product_data": [
{
"product_name": "OpenUSD",
"version": {
"version_data": [
{
"version_value": "20.05",
"version_affected": "="
}
]
}
}
]
}
}
]
}
}
}

105
2022/22xxx/CVE-2022-22480.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6826695",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6826695 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/pages/node/6826695"
},
{
"name" : "ibm-qradar-cve202222480-info-disc (225889)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225889"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-22480",
"DATE_PUBLIC" : "2022-10-04T00:00:00",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"AC" : "H",
"S" : "U",
"UI" : "N",
"A" : "N",
"PR" : "N",
"AV" : "A",
"C" : "H",
"SCORE" : "5.300"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.4.0"
},
{
"version_value" : "7.5.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"data_type" : "CVE"
}

102
2022/22xxx/CVE-2022-22493.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-22493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6826727 (WebSphere Automation)",
"name" : "https://www.ibm.com/support/pages/node/6826727",
"url" : "https://www.ibm.com/support/pages/node/6826727",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-websphere-cve202222493-csrf (226449)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/226449",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2022-22493",
"DATE_PUBLIC" : "2022-10-04T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Automation for Cloud Pak for Watson AIOps",
"version" : {
"version_data" : [
{
"version_value" : "1.4.2"
}
]
}
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"UI" : "R",
"PR" : "L",
"S" : "U",
"AC" : "L",
"I" : "L",
"SCORE" : "3.500",
"C" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE"
}

4
2022/26xxx/CVE-2022-26376.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."
"value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."
}
]
},
@ -39,7 +39,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
"value": "CWE-787: Out-of-bounds Write"
}
]
}

2
2022/27xxx/CVE-2022-27631.json
View File

@ -39,7 +39,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
"value": "CWE-787: Out-of-bounds Write"
}
]
}

2
2022/28xxx/CVE-2022-28664.json
View File

@ -39,7 +39,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
"value": "CWE-787: Out-of-bounds Write"
}
]
}

2
2022/28xxx/CVE-2022-28665.json
View File

@ -39,7 +39,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
"value": "CWE-787: Out-of-bounds Write"
}
]
}

105
2022/30xxx/CVE-2022-30613.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30613",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.4.0"
},
{
"version_value" : "7.5.0"
}
]
},
"product_name" : "QRadar SIEM"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"I" : "N",
"AC" : "L",
"S" : "U",
"PR" : "H",
"A" : "N",
"UI" : "N",
"AV" : "L",
"C" : "H",
"SCORE" : "4.400"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6826693",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6826693 (QRadar SIEM)",
"name" : "https://www.ibm.com/support/pages/node/6826693"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/227366",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve202230613-info-disc (227366)"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-10-04T00:00:00",
"ID" : "CVE-2022-30613"
},
"data_format" : "MITRE",
"data_version" : "4.0"
}

118
2022/34xxx/CVE-2022-34308.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6826645",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6826645 (CICS TX Advanced)",
"name" : "https://www.ibm.com/support/pages/node/6826645"
},
{
"title" : "IBM Security Bulletin 6826647 (CICS TX Standard)",
"name" : "https://www.ibm.com/support/pages/node/6826647",
"url" : "https://www.ibm.com/support/pages/node/6826647",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-cics-cve202234308-dos (229437)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/229437"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-10-04T00:00:00",
"ID" : "CVE-2022-34308"
},
"description" : {
"description_data" : [
{
"value" : "IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "CICS TX Standard",
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
}
},
{
"product_name" : "CICS TX Advanced",
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"AC" : "L",
"S" : "U",
"A" : "H",
"UI" : "N",
"PR" : "N",
"AV" : "L",
"C" : "N",
"SCORE" : "6.200"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE"
}

102
2022/36xxx/CVE-2022-36772.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.7"
}
]
},
"product_name" : "InfoSphere Information Server"
}
]
}
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"UI" : "N",
"A" : "N",
"PR" : "L",
"I" : "N",
"AC" : "L",
"S" : "U",
"SCORE" : "4.300",
"C" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6612325 (InfoSphere Information Server)",
"name" : "https://www.ibm.com/support/pages/node/6612325",
"url" : "https://www.ibm.com/support/pages/node/6612325",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/233299",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-infosphere-cve202236772-info-disc (233299)"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-10-06T00:00:00",
"ID" : "CVE-2022-36772",
"STATE" : "PUBLIC"
},
"data_version" : "4.0"
}

102
2022/41xxx/CVE-2022-41291.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41291",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6823109",
"title" : "IBM Security Bulletin 6823109 (InfoSphere Information Server)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6823109"
},
{
"name" : "ibm-infosphere-cve202241291-session-fixati (236699)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/236699"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-41291",
"DATE_PUBLIC" : "2022-10-06T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "InfoSphere Information Server",
"version" : {
"version_data" : [
{
"version_value" : "11.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"AC" : "L",
"I" : "L",
"A" : "L",
"UI" : "N",
"PR" : "N",
"AV" : "A",
"C" : "L",
"SCORE" : "6.300"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE"
}