admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-01 13:02:00 +00:00
parent e32460b560
commit 03ba63b669
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 194 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
2021/41xxx/CVE-2021-41040.json
View File

@ -11,22 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "The Eclipse Foundation",
"product": {
"product_data": [
{
"product_name": "Eclipse Wakaama",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.0"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -45,15 +44,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
"value": "n/a"
}
]
}
@ -73,4 +64,4 @@
}
]
}
}
}

19
2021/41xxx/CVE-2021-41571.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user.\n\nThe Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic.\nAuthorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger.\nSo it may happen that the user is able to read from a ledger that contains data owned by another tenant.\n\nThis issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions."
"value": "In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic. Authorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger. So it may happen that the user is able to read from a ledger that contains data owned by another tenant. This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions."
}
]
},
@ -74,16 +74,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pulsar.apache.org/admin-rest-api/#operation/getLastMessageId"
"refsource": "MISC",
"url": "https://pulsar.apache.org/admin-rest-api/#operation/getLastMessageId",
"name": "https://pulsar.apache.org/admin-rest-api/#operation/getLastMessageId"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/apache/pulsar/issues/11814"
"refsource": "MISC",
"url": "https://github.com/apache/pulsar/issues/11814",
"name": "https://github.com/apache/pulsar/issues/11814"
},
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/8n3k7pvyh4cf9q2jfzb6pb32ync6xlvr"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/8n3k7pvyh4cf9q2jfzb6pb32ync6xlvr",
"name": "https://lists.apache.org/thread/8n3k7pvyh4cf9q2jfzb6pb32ync6xlvr"
}
]
},
@ -99,4 +102,4 @@
"value": "If you are running Pulsar behind a proxy you can disable access to the REST API for the flawed API \n\n/admin/v2/non-persistent/{tenant}/{namespace}/{topic}/ledger/{ledgerId}/entry/{entryId}"
}
]
}
}

2
2021/43xxx/CVE-2021-43859.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.\n"
"value": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible."
}
]
},

61
2021/45xxx/CVE-2021-45416.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://rosariosis.com",
"refsource": "MISC",
"name": "http://rosariosis.com"
},
{
"refsource": "MISC",
"name": "https://github.com/86x/CVE-2021-45416",
"url": "https://github.com/86x/CVE-2021-45416"
}
]
}

61
2021/46xxx/CVE-2021-46253.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-46253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://anchorcms.com",
"refsource": "MISC",
"name": "https://anchorcms.com"
},
{
"refsource": "MISC",
"name": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2021-46253/CVE-2021-46253.pdf",
"url": "https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2021-46253/CVE-2021-46253.pdf"
}
]
}

18
2022/0xxx/CVE-2022-0440.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/0xxx/CVE-2022-0441.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/0xxx/CVE-2022-0442.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

8
2022/21xxx/CVE-2022-21687.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "gh-ost",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 1.1.3"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "github"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
"value": "n/a"
}
]
}

8
2022/23xxx/CVE-2022-23596.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "junrar",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 7.4.1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "junrar"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
"value": "n/a"
}
]
}

8
2022/23xxx/CVE-2022-23597.json
View File

@ -12,18 +12,18 @@
"product": {
"product_data": [
{
"product_name": "element-desktop",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "< 1.9.7"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "vector-im"
"vendor_name": "n/a"
}
]
}
@ -61,7 +61,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
"value": "n/a"
}
]
}