admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-09 13:01:29 +00:00
parent 345883c633
commit 79f45be989
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 344 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2021/40xxx/CVE-2021-40610.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/blackQvQ/emlog/issues/1",
"refsource": "MISC",
"name": "https://github.com/blackQvQ/emlog/issues/1"
}
]
}

61
2021/40xxx/CVE-2021-40668.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://eddiez.me/path-traversal-in-slowscript-httpfileserver/",
"refsource": "MISC",
"name": "https://eddiez.me/path-traversal-in-slowscript-httpfileserver/"
},
{
"url": "https://play.google.com/store/apps/details?id=slowscript.httpfileserver",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=slowscript.httpfileserver"
}
]
}

5
2021/43xxx/CVE-2021-43331.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
}

5
2021/43xxx/CVE-2021-43332.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
}

5
2021/44xxx/CVE-2021-44227.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugs.launchpad.net/mailman/+bug/1952384",
"url": "https://bugs.launchpad.net/mailman/+bug/1952384"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
},

2
2022/30xxx/CVE-2022-30292.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call."
"value": "Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call."
}
]
},

82
2022/31xxx/CVE-2022-31019.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "DoS Vulnerability in URLEncodedFormDecoder in Vapor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vapor",
"version": {
"version_data": [
{
"version_value": "< 4.61.1"
}
]
}
}
]
},
"vendor_name": "vapor"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d \"array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world\" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg",
"refsource": "CONFIRM",
"url": "https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg"
},
{
"name": "https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033",
"refsource": "MISC",
"url": "https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033"
}
]
},
"source": {
"advisory": "GHSA-qvxg-wjxc-r4gg",
"discovery": "UNKNOWN"
}
}

82
2022/31xxx/CVE-2022-31026.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Use of Uninitialized Variable in trilogy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "trilogy",
"version": {
"version_data": [
{
"version_value": "< 2.1.1"
}
]
}
}
]
},
"vendor_name": "github"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908: Use of Uninitialized Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm",
"refsource": "CONFIRM",
"url": "https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm"
},
{
"name": "https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962",
"refsource": "MISC",
"url": "https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962"
}
]
},
"source": {
"advisory": "GHSA-5g4r-2qhx-vqfm",
"discovery": "UNKNOWN"
}
}

77
2022/31xxx/CVE-2022-31027.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "oauthenticator",
"version": {
"version_data": [
{
"version_value": "< 15.0.0"
}
]
}
}
]
},
"vendor_name": "jupyterhub"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`.If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by University of California, Berkeley to be able to access the JupyterHub. However, CILogonOAuthenticator does *not* verify which provider is used by the user to login, only the email address provided. So a user can login with a GitHub account that has email set to `<something>@berkeley.edu`, and that will be treated exactly the same as someone logging in using the UC Berkeley official Identity Provider. The patch fixing this issue makes a *breaking change* in how `allowed_idps` is interpreted. It's no longer a list of domains, but configuration representing the `EntityID` of the IdPs that are allowed, picked from the [list maintained by CILogon](https://cilogon.org/idplist/). Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-r7v4-jwx9-wx43",
"refsource": "CONFIRM",
"url": "https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-r7v4-jwx9-wx43"
}
]
},
"source": {
"advisory": "GHSA-r7v4-jwx9-wx43",
"discovery": "UNKNOWN"
}
}