admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-12 11:00:39 +00:00
parent 1ecb5df966
commit 8d91fa4c6a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 147 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2022/25xxx/CVE-2022-25598.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-25598",
"STATE": "PUBLIC",
"TITLE": "Apache DolphinScheduler user registration is vulnerable to ReDoS attacks"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
@ -24,59 +48,30 @@
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Zheng Wang of HIT"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher."
"url": "https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93",
"name": "https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Zheng Wang of HIT"
}
]
}

8
2022/25xxx/CVE-2022-25763.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')",
"cweId": "CWE-444"
}
]
}
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "8.0.0 to 9.1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "8.0.0 to 9.1.2"
}
]
}

88
2022/26xxx/CVE-2022-26650.json
View File

@ -1,37 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-26650",
"STATE": "PUBLIC",
"TITLE": "Apache ShenYu (incubating) Regular expression denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ShenYu (incubating) ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.4.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-26650",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -40,46 +15,67 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
"value": "CWE-1333 Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache ShenYu (incubating) ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread/8rp33m3nm4bwtx3qx76mqynth3t3d673",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/8rp33m3nm4bwtx3qx76mqynth3t3d673"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220517 CVE-2022-26650: Apache ShenYu (incubating) Regular expression denial of service",
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/3"
"url": "http://www.openwall.com/lists/oss-security/2022/05/17/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/05/17/3"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"lang": "en",
"value": "Upgrade to Apache ShenYu (incubating) 2.4.3 or apply patch https://github.com/apache/incubator-shenyu/pull/2975."
}
]

104
2022/2xxx/CVE-2022-2636.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2636",
"STATE": "PUBLIC",
"TITLE": "Improper Input Validation in hestiacp/hestiacp"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hestiacp",
"product": {
"product_data": [
{
@ -17,73 +41,55 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.6.6"
}
]
}
}
]
},
"vendor_name": "hestiacp"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81",
"url": "https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81",
"refsource": "MISC",
"url": "https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81"
"name": "https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81"
},
{
"name": "https://huntr.dev/bounties/357c0390-631c-4684-b6e1-a6d8b2453d66",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/357c0390-631c-4684-b6e1-a6d8b2453d66"
"url": "https://huntr.dev/bounties/357c0390-631c-4684-b6e1-a6d8b2453d66",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/357c0390-631c-4684-b6e1-a6d8b2453d66"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "357c0390-631c-4684-b6e1-a6d8b2453d66",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

11
2022/45xxx/CVE-2022-45935.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions."
"value": "Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. \n\nVulnerable components includes the SMTP stack and IMAP APPEND command.\n\nThis issue affects Apache James server version 3.7.2 and prior versions."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
"value": "CWE-668 Exposure of Resource to Wrong Sphere",
"cweId": "CWE-668"
}
]
}
@ -40,8 +40,9 @@
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
"version_affected": "<=",
"version_name": "0",
"version_value": "3.7.2"
}
]
}