mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-08 03:27:03 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
4389b87513
commit
6ce81281a2
@ -411,6 +411,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html",
|
||||
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17",
|
||||
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -78,6 +78,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
|
||||
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -73,6 +73,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2021-2e4c3d5a9d",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
|
||||
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -73,6 +73,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2021-2e4c3d5a9d",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
|
||||
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -62,8 +62,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639",
|
||||
"name": "https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-45846",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2021-45846",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a \"type\" attribute."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/slic3r/Slic3r/issues/5117",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/slic3r/Slic3r/issues/5117"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-45847",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2021-45847",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/slic3r/Slic3r/issues/5118",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/slic3r/Slic3r/issues/5118"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/slic3r/Slic3r/issues/5119",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/slic3r/Slic3r/issues/5119"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/slic3r/Slic3r/issues/5120",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/slic3r/Slic3r/issues/5120"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER" : "security@xenproject.org",
|
||||
"ID" : "CVE-2022-23033"
|
||||
"ASSIGNER": "security@xen.org",
|
||||
"ID": "CVE-2022-23033",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
@ -58,7 +59,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value" : "arm: guest_physmap_remove_page not removing the p2m mappings\n\nThe functions to remove one or more entries from a guest p2m pagetable\non Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry\nwith mfn set to INVALID_MFN) do not actually clear the pagetable entry\nif the entry doesn't have the valid bit set. It is possible to have a\nvalid pagetable entry without the valid bit set when a guest operating\nsystem uses set/way cache maintenance instructions. For instance, a\nguest issuing a set/way cache maintenance instruction, then calling the\nXENMEM_decrease_reservation hypercall to give back memory pages to Xen,\nmight be able to retain access to those pages even after Xen started\nreusing them for other purposes."
|
||||
"value": "arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -89,7 +90,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url" : "https://xenbits.xenproject.org/xsa/advisory-393.txt"
|
||||
"url": "https://xenbits.xenproject.org/xsa/advisory-393.txt",
|
||||
"refsource": "MISC",
|
||||
"name": "https://xenbits.xenproject.org/xsa/advisory-393.txt"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER" : "security@xenproject.org",
|
||||
"ID" : "CVE-2022-23034"
|
||||
"ASSIGNER": "security@xen.org",
|
||||
"ID": "CVE-2022-23034",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
@ -58,7 +59,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value" : "A PV guest could DoS Xen while unmapping a grant\n\nTo address XSA-380, reference counting was introduced for grant\nmappings for the case where a PV guest would have the IOMMU enabled. PV\nguests can request two forms of mappings. When both are in use for any\nindividual mapping, unmapping of such a mapping can be requested in two\nsteps. The reference count for such a mapping would then mistakenly be\ndecremented twice. Underflow of the counters gets detected, resulting\nin the triggering of a hypervisor bug check."
|
||||
"value": "A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -89,7 +90,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url" : "https://xenbits.xenproject.org/xsa/advisory-394.txt"
|
||||
"url": "https://xenbits.xenproject.org/xsa/advisory-394.txt",
|
||||
"refsource": "MISC",
|
||||
"name": "https://xenbits.xenproject.org/xsa/advisory-394.txt"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER" : "security@xenproject.org",
|
||||
"ID" : "CVE-2022-23035"
|
||||
"ASSIGNER": "security@xen.org",
|
||||
"ID": "CVE-2022-23035",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
@ -58,7 +59,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value" : "Insufficient cleanup of passed-through device IRQs\n\nThe management of IRQs associated with physical devices exposed to x86\nHVM guests involves an iterative operation in particular when cleaning\nup after the guest's use of the device. In the case where an interrupt\nis not quiescent yet at the time this cleanup gets invoked, the cleanup\nattempt may be scheduled to be retried. When multiple interrupts are\ninvolved, this scheduling of a retry may get erroneously skipped. At\nthe same time pointers may get cleared (resulting in a de-reference of\nNULL) and freed (resulting in a use-after-free), while other code would\ncontinue to assume them to be valid."
|
||||
"value": "Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -89,7 +90,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url" : "https://xenbits.xenproject.org/xsa/advisory-395.txt"
|
||||
"url": "https://xenbits.xenproject.org/xsa/advisory-395.txt",
|
||||
"refsource": "MISC",
|
||||
"name": "https://xenbits.xenproject.org/xsa/advisory-395.txt"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -62,8 +62,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s",
|
||||
"name": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -62,8 +62,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y",
|
||||
"name": "https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -62,8 +62,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s",
|
||||
"name": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user