admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-01-25 14:01:18 +00:00
parent 4389b87513
commit 6ce81281a2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 474 additions and 343 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2015/7xxx/CVE-2015-7547.json
View File

@ -411,6 +411,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html",
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
},
{
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
}
]
}

5
2020/25xxx/CVE-2020-25684.json
View File

@ -78,6 +78,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
}
]
},

5
2020/25xxx/CVE-2020-25685.json
View File

@ -73,6 +73,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-2e4c3d5a9d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
}
]
},

5
2020/25xxx/CVE-2020-25686.json
View File

@ -73,6 +73,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-2e4c3d5a9d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
}
]
},

7
2021/45xxx/CVE-2021-45029.json
View File

@ -62,12 +62,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639",
"name": "https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

56
2021/45xxx/CVE-2021-45846.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45846",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a \"type\" attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/slic3r/Slic3r/issues/5117",
"refsource": "MISC",
"name": "https://github.com/slic3r/Slic3r/issues/5117"
}
]
}

66
2021/45xxx/CVE-2021-45847.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45847",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/slic3r/Slic3r/issues/5118",
"refsource": "MISC",
"name": "https://github.com/slic3r/Slic3r/issues/5118"
},
{
"url": "https://github.com/slic3r/Slic3r/issues/5119",
"refsource": "MISC",
"name": "https://github.com/slic3r/Slic3r/issues/5119"
},
{
"url": "https://github.com/slic3r/Slic3r/issues/5120",
"refsource": "MISC",
"name": "https://github.com/slic3r/Slic3r/issues/5120"
}
]
}

215
2022/23xxx/CVE-2022-23033.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-23033"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-393"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-23033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-393"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen version 4.12 and newer are vulnerable. Only Arm systems are\nvulnerable.\n\nx86 systems are not vulnerable."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen version 4.12 and newer are vulnerable. Only Arm systems are\nvulnerable.\n\nx86 systems are not vulnerable."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Dmytro Firsov of EPAM."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arm: guest_physmap_remove_page not removing the p2m mappings\n\nThe functions to remove one or more entries from a guest p2m pagetable\non Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry\nwith mfn set to INVALID_MFN) do not actually clear the pagetable entry\nif the entry doesn't have the valid bit set. It is possible to have a\nvalid pagetable entry without the valid bit set when a guest operating\nsystem uses set/way cache maintenance instructions. For instance, a\nguest issuing a set/way cache maintenance instruction, then calling the\nXENMEM_decrease_reservation hypercall to give back memory pages to Xen,\nmight be able to retain access to those pages even after Xen started\nreusing them for other purposes."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A malicious guest may be able to access Xen and other domains' memory.\nThis could cause information leaks, host or domain Denial of Service\n(DoS), and privilege escalations."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-393.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is no known mitigation."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Dmytro Firsov of EPAM."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious guest may be able to access Xen and other domains' memory.\nThis could cause information leaks, host or domain Denial of Service\n(DoS), and privilege escalations."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-393.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-393.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is no known mitigation."
}
]
}
}
}
}

215
2022/23xxx/CVE-2022-23034.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-23034"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-394"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-23034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-394"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions from at least 3.2 onwards are vulnerable in principle,\nif they have the XSA-380 fixes applied.\n\nOnly x86 systems are vulnerable. Arm systems are not vulnerable.\n\nOnly x86 PV guests with access to PCI devices can leverage the\nvulnerability. x86 HVM and PVH guests, as well as PV guests without\naccess to PCI devices, cannot leverage the vulnerability.\n\nAdditionally from Xen 4.13 onwards x86 PV guests can leverage this\nvulnerability only when being granted access to pages owned by another\ndomain."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions from at least 3.2 onwards are vulnerable in principle,\nif they have the XSA-380 fixes applied.\n\nOnly x86 systems are vulnerable. Arm systems are not vulnerable.\n\nOnly x86 PV guests with access to PCI devices can leverage the\nvulnerability. x86 HVM and PVH guests, as well as PV guests without\naccess to PCI devices, cannot leverage the vulnerability.\n\nAdditionally from Xen 4.13 onwards x86 PV guests can leverage this\nvulnerability only when being granted access to pages owned by another\ndomain."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Julien Grall of Amazon."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A PV guest could DoS Xen while unmapping a grant\n\nTo address XSA-380, reference counting was introduced for grant\nmappings for the case where a PV guest would have the IOMMU enabled. PV\nguests can request two forms of mappings. When both are in use for any\nindividual mapping, unmapping of such a mapping can be requested in two\nsteps. The reference count for such a mapping would then mistakenly be\ndecremented twice. Underflow of the counters gets detected, resulting\nin the triggering of a hypervisor bug check."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Malicious guest kernels may be able to mount a Denial of Service (DoS)\nattack affecting the entire system."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-394.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not running PV guests will avoid the vulnerability.\n\nFor Xen 4.12 and older not passing through PCI devices to PV guests will\navoid the vulnerability.\n\nFor Xen 4.13 and newer not enabling PCI device pass-through for PV\nguests will avoid the vulnerability. This can be achieved via omitting\nany \"passthrough=...\" and \"pci=...\" settings from xl guest configuration\nfiles, or by setting \"passthrough=disabled\" there.\n\n- From Xen 4.13 onwards, XSM SILO can be available as a security policy\ndesigned to permit guests to only be able to communicate with Dom0.\nDom0 does not normally offer its pages for guests to map, which means\nthe use of SILO mode normally mitigates the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Julien Grall of Amazon."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious guest kernels may be able to mount a Denial of Service (DoS)\nattack affecting the entire system."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-394.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-394.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not running PV guests will avoid the vulnerability.\n\nFor Xen 4.12 and older not passing through PCI devices to PV guests will\navoid the vulnerability.\n\nFor Xen 4.13 and newer not enabling PCI device pass-through for PV\nguests will avoid the vulnerability. This can be achieved via omitting\nany \"passthrough=...\" and \"pci=...\" settings from xl guest configuration\nfiles, or by setting \"passthrough=disabled\" there.\n\n- From Xen 4.13 onwards, XSM SILO can be available as a security policy\ndesigned to permit guests to only be able to communicate with Dom0.\nDom0 does not normally offer its pages for guests to map, which means\nthe use of SILO mode normally mitigates the vulnerability."
}
]
}
}
}
}

215
2022/23xxx/CVE-2022-23035.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-23035"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-395"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-23035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-395"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen versions 4.6 and later are vulnerable. Xen versions 4.5 and earlier\nare not vulnerable.\n\nOnly x86 HVM guests with one or more passed-through physical devices\nusing (together) multiple physical interupts can leverage the\nvulnerability. x86 PV guests cannot leverage the vulnerability. x86\nHVM guests without passed-through devices or with a passed-through\ndevice using just a single physical interrupt also cannot leverage the\nvulnerability. Device pass-through is unsupported for x86 PVH guests\nand all Arm guests."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen versions 4.6 and later are vulnerable. Xen versions 4.5 and earlier\nare not vulnerable.\n\nOnly x86 HVM guests with one or more passed-through physical devices\nusing (together) multiple physical interupts can leverage the\nvulnerability. x86 PV guests cannot leverage the vulnerability. x86\nHVM guests without passed-through devices or with a passed-through\ndevice using just a single physical interrupt also cannot leverage the\nvulnerability. Device pass-through is unsupported for x86 PVH guests\nand all Arm guests."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Julien Grall of Amazon."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient cleanup of passed-through device IRQs\n\nThe management of IRQs associated with physical devices exposed to x86\nHVM guests involves an iterative operation in particular when cleaning\nup after the guest's use of the device. In the case where an interrupt\nis not quiescent yet at the time this cleanup gets invoked, the cleanup\nattempt may be scheduled to be retried. When multiple interrupts are\ninvolved, this scheduling of a retry may get erroneously skipped. At\nthe same time pointers may get cleared (resulting in a de-reference of\nNULL) and freed (resulting in a use-after-free), while other code would\ncontinue to assume them to be valid."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would typically be a Denial\nof Service (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-395.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is no mitigation (other than not passing through to x86 HVM guests\nPCI devices with, overall, more than a single physical interrupt)."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Julien Grall of Amazon."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The precise impact is system specific, but would typically be a Denial\nof Service (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-395.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-395.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is no mitigation (other than not passing through to x86 HVM guests\nPCI devices with, overall, more than a single physical interrupt)."
}
]
}
}
}
}

7
2022/23xxx/CVE-2022-23223.json
View File

@ -62,12 +62,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s",
"name": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

7
2022/23xxx/CVE-2022-23944.json
View File

@ -62,12 +62,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y",
"name": "https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

9
2022/23xxx/CVE-2022-23945.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1."
"value": "Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1."
}
]
},
@ -62,12 +62,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s",
"name": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}