admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-20 18:01:35 +00:00
parent f109d00eea
commit 4dbcafa822
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/21xxx/CVE-2021-21707.json
View File

@ -105,6 +105,11 @@
"refsource": "DEBIAN",
"name": "DSA-5082",
"url": "https://www.debian.org/security/2022/dsa-5082"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},

5
2021/41xxx/CVE-2021-41116.json
View File

@ -81,6 +81,11 @@
"name": "https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa",
"refsource": "MISC",
"url": "https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},

5
2021/41xxx/CVE-2021-41182.json
View File

@ -123,6 +123,11 @@
"refsource": "MISC",
"name": "https://www.drupal.org/sa-contrib-2022-004",
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},

5
2021/41xxx/CVE-2021-41183.json
View File

@ -133,6 +133,11 @@
"refsource": "CONFIRM",
"name": "https://www.drupal.org/sa-core-2022-001",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},

5
2021/41xxx/CVE-2021-41184.json
View File

@ -113,6 +113,11 @@
"refsource": "CONFIRM",
"name": "https://www.drupal.org/sa-core-2022-001",
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},

5
2022/0xxx/CVE-2022-0778.json
View File

@ -152,6 +152,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-08",
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
}

5
2022/23xxx/CVE-2022-23943.json
View File

@ -121,6 +121,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220321-0001/",
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},

5
2022/24xxx/CVE-2022-24785.json
View File

@ -86,6 +86,11 @@
"name": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5",
"refsource": "MISC",
"url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},

2
2022/24xxx/CVE-2022-24799.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript.\nIf a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue.\n\n\n### Patches\n* The issue has been fixed in wire-webapp **2022-03-30-production.0** and is already deployed on all Wire managed services.\n* On-premise instances of wire-webapp need to be updated to docker tag **2022-03-30-production.0-v0.29.2-0-d144552** or wire-server **2022-03-30 (chart/4.8.0)**, so that their applications are no longer affected.\n\n### Workarounds\n* No workarounds known\n\n### For more information\n\nIf you have any questions or comments about this advisory feel free to email us at [vulnerability-report@wire.com](mailto:vulnerability-report@wire.com)\n\n### Credits\nWe thank [Posix](https://twitter.com/po6ix) for reporting this vulnerability\n"
"value": "wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown \u201ccode highlighting\u201d in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue. ### Patches * The issue has been fixed in wire-webapp **2022-03-30-production.0** and is already deployed on all Wire managed services. * On-premise instances of wire-webapp need to be updated to docker tag **2022-03-30-production.0-v0.29.2-0-d144552** or wire-server **2022-03-30 (chart/4.8.0)**, so that their applications are no longer affected. ### Workarounds * No workarounds known ### For more information If you have any questions or comments about this advisory feel free to email us at [vulnerability-report@wire.com](mailto:vulnerability-report@wire.com) ### Credits We thank [Posix](https://twitter.com/po6ix) for reporting this vulnerability"
}
]
},

5
2022/24xxx/CVE-2022-24828.json
View File

@ -84,6 +84,11 @@
"name": "https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709",
"refsource": "MISC",
"url": "https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
}
]
},