admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-12 21:00:33 +00:00
parent 682da66bf8
commit 61fac7c736
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 237 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2018/18xxx/CVE-2018-18446.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18446",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dotpdn.com",
"refsource": "MISC",
"name": "https://www.dotpdn.com"
},
{
"url": "https://www.getpaint.net",
"refsource": "MISC",
"name": "https://www.getpaint.net"
},
{
"refsource": "MISC",
"name": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/",
"url": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/"
}
]
}

58
2018/18xxx/CVE-2018-18447.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18447",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dotpdn.com",
"refsource": "MISC",
"name": "https://www.dotpdn.com"
},
{
"url": "https://www.getpaint.net",
"refsource": "MISC",
"name": "https://www.getpaint.net"
},
{
"refsource": "MISC",
"name": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/",
"url": "https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/"
}
]
}

66
2021/36xxx/CVE-2021-36369.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mkj/dropbear/pull/128",
"refsource": "MISC",
"name": "https://github.com/mkj/dropbear/pull/128"
},
{
"url": "https://github.com/mkj/dropbear/releases",
"refsource": "MISC",
"name": "https://github.com/mkj/dropbear/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82",
"url": "https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82"
}
]
}

5
2022/36xxx/CVE-2022-36067.json
View File

@ -88,6 +88,11 @@
"name": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71",
"refsource": "MISC",
"url": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71"
},
{
"refsource": "MISC",
"name": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067",
"url": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067"
}
]
},

5
2022/40xxx/CVE-2022-40664.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20221011 CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher",
"url": "http://www.openwall.com/lists/oss-security/2022/10/12/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221012 Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher",
"url": "http://www.openwall.com/lists/oss-security/2022/10/12/2"
}
]
},

61
2022/41xxx/CVE-2022-41316.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-41316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discuss.hashicorp.com",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com"
},
{
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483"
}
]
}