admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-01-04 09:01:08 +00:00
parent b2b3f6eb81
commit 2f2d14748b
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 46 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2021/34xxx/CVE-2021-34797.json
View File

@ -75,12 +75,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk",
"name": "https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk"
},
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4",
"name": "https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4"
}
]
},
@ -90,4 +92,4 @@
],
"discovery": "UNKNOWN"
}
}
}

11
2021/38xxx/CVE-2021-38542.json
View File

@ -33,7 +33,7 @@
"credit": [
{
"lang": "eng",
"value": "We thanks Benoit Tellier, Raphael Ouazana for reporting this vulnerability as well as Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel Münster University of Applied Science for their research and tools regarding STARTTLS security."
"value": "We thanks Benoit Tellier, Raphael Ouazana for reporting this vulnerability as well as Damian Poddebniak, Fabian Ising, Hanno B\u00f6ck, and Sebastian Schinzel M\u00fcnster University of Applied Science for their research and tools regarding STARTTLS security."
}
],
"data_format": "MITRE",
@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.\n"
"value": "Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information."
}
]
},
@ -70,8 +70,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/1"
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/1",
"name": "https://www.openwall.com/lists/oss-security/2022/01/04/1"
}
]
},
@ -87,4 +88,4 @@
"value": "We recommend to upgrade to Apache James 3.6.1, which fixes this vulnerability.\n\nFurthermore, we recommend, if possible to dis-activate STARTTLS and rely solely on explicit TLS for mail protocols, including SMTP, IMAP and POP3."
}
]
}
}

9
2021/40xxx/CVE-2021-40110.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1\n\nWe recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking."
"value": "In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking."
}
]
},
@ -70,8 +70,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/2"
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/2",
"name": "https://www.openwall.com/lists/oss-security/2022/01/04/2"
}
]
},
@ -81,4 +82,4 @@
],
"discovery": "UNKNOWN"
}
}
}

9
2021/40xxx/CVE-2021-40111.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1.\n\nThis vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade."
"value": "In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade."
}
]
},
@ -70,8 +70,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/3"
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/3",
"name": "https://www.openwall.com/lists/oss-security/2022/01/04/3"
}
]
},
@ -81,4 +82,4 @@
],
"discovery": "UNKNOWN"
}
}
}

9
2021/40xxx/CVE-2021-40525.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.\n\nDistributed and Cassandra based products are also not impacted."
"value": "Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/4"
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/01/04/4",
"name": "https://www.openwall.com/lists/oss-security/2022/01/04/4"
}
]
},
@ -85,4 +86,4 @@
"value": "This could also be mitigated by ensuring manageSieve is disabled, which is the case by default.\n"
}
]
}
}

18
2022/0xxx/CVE-2022-0088.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}