admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 19:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-02 15:00:39 +00:00
parent bb7cd2a8c8
commit 15681e65fc
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 222 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2021/45xxx/CVE-2021-45446.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security.vulnerabilities@hitachivantara.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-548",
"cweId": "CWE-548"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi Vantara",
"product": {
"product_data": [
{
"product_name": "Pentaho Business Analytics Server",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
},
{
"version_value": "9.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/6744813983501",
"refsource": "MISC",
"name": "https://support.pentaho.com/hc/en-us/articles/6744813983501"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

95
2021/45xxx/CVE-2021-45447.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45447",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security.vulnerabilities@hitachivantara.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi Vantara",
"product": {
"product_data": [
{
"product_name": "Pentaho Business Analytics Server",
"version": {
"version_data": [
{
"version_value": "9.0.0.0",
"version_affected": "="
},
{
"version_value": "1.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/6744504393101",
"refsource": "MISC",
"name": "https://support.pentaho.com/hc/en-us/articles/6744504393101"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe defect may be mitigated now by disabling the Data Lineage feature or updating to a patched version<br>"
}
],
"value": "\nThe defect may be mitigated now by disabling the Data Lineage feature or updating to a patched version\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
]
}

15
2022/3xxx/CVE-2022-3602.json
View File

@ -166,6 +166,21 @@
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
}
]
}

15
2022/3xxx/CVE-2022-3786.json
View File

@ -166,6 +166,21 @@
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
}
]
}

5
2022/43xxx/CVE-2022-43670.json
View File

@ -72,6 +72,11 @@
"refsource": "MISC",
"url": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs",
"name": "https://lists.apache.org/thread/o68l3l3crfxz107fr9dm74y8vg8kj2cs"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path",
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/8"
}
]
},

18
2022/44xxx/CVE-2022-44635.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-44635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}