mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-08 11:37:04 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
81a1d494d3
commit
a09278ed04
@ -117,6 +117,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|||||||
@ -48,6 +48,11 @@
|
|||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266",
|
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266",
|
||||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266"
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0003/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0003/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|||||||
@ -1,17 +1,61 @@
|
|||||||
{
|
{
|
||||||
"data_type": "CVE",
|
|
||||||
"data_format": "MITRE",
|
|
||||||
"data_version": "4.0",
|
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ID": "CVE-2021-41948",
|
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"STATE": "RESERVED"
|
"ID": "CVE-2021-41948",
|
||||||
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "n/a",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"vendor_name": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"data_format": "MITRE",
|
||||||
|
"data_type": "CVE",
|
||||||
|
"data_version": "4.0",
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "A cross-site scripting (XSS) vulnerability exists in the \"contact us\" plugin for Subrion CMS <= 4.2.1 version via \"List of subjects\"."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://github.com/intelliants/subrion-plugin-contact_us/issues/8"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -157,6 +157,11 @@
|
|||||||
"refsource": "CONFIRM",
|
"refsource": "CONFIRM",
|
||||||
"name": "https://www.tenable.com/security/tns-2022-09",
|
"name": "https://www.tenable.com/security/tns-2022-09",
|
||||||
"url": "https://www.tenable.com/security/tns-2022-09"
|
"url": "https://www.tenable.com/security/tns-2022-09"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -63,6 +63,11 @@
|
|||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html",
|
"name": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html",
|
||||||
"url": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html"
|
"url": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0001/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0001/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|||||||
@ -55,7 +55,7 @@
|
|||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);<\/script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used."
|
"value": "A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -63,16 +63,20 @@
|
|||||||
"cvss": {
|
"cvss": {
|
||||||
"version": "3.1",
|
"version": "3.1",
|
||||||
"baseScore": "3.5",
|
"baseScore": "3.5",
|
||||||
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"references": {
|
"references": {
|
||||||
"reference_data": [
|
"reference_data": [
|
||||||
{
|
{
|
||||||
"url": "https:\/\/github.com\/xiahao90\/CVEproject\/blob\/main\/xiahao.webray.com.cn\/emlog%3C=pro-1.2.2%20Stored%20Cross-Site%20Scripting(XSS).md"
|
"url": "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/emlog%3C=pro-1.2.2%20Stored%20Cross-Site%20Scripting(XSS).md",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/emlog%3C=pro-1.2.2%20Stored%20Cross-Site%20Scripting(XSS).md"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"url": "https:\/\/vuldb.com\/?id.198705"
|
"url": "https://vuldb.com/?id.198705",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://vuldb.com/?id.198705"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,7 +76,7 @@
|
|||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home<\/title><script>alert(\"home\")<\/script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used."
|
"value": "A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert(\"home\")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -84,16 +84,20 @@
|
|||||||
"cvss": {
|
"cvss": {
|
||||||
"version": "3.1",
|
"version": "3.1",
|
||||||
"baseScore": "3.5",
|
"baseScore": "3.5",
|
||||||
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"references": {
|
"references": {
|
||||||
"reference_data": [
|
"reference_data": [
|
||||||
{
|
{
|
||||||
"url": "https:\/\/github.com\/xiahao90\/CVEproject\/blob\/main\/xiahao.webray.com.cn\/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md"
|
"url": "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"url": "https:\/\/vuldb.com\/?id.198706"
|
"url": "https://vuldb.com/?id.198706",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://vuldb.com/?id.198706"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -68,6 +68,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,6 +92,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -68,6 +68,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,6 +92,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,6 +92,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -68,6 +68,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -106,6 +106,11 @@
|
|||||||
"refsource": "MLIST",
|
"refsource": "MLIST",
|
||||||
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
|
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
|
||||||
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
|
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -68,6 +68,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -68,6 +68,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -68,6 +68,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,6 +92,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,6 +76,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,6 +76,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,6 +76,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,6 +76,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,6 +76,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -76,6 +76,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -92,6 +92,11 @@
|
|||||||
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -35,7 +35,7 @@
|
|||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the \"malicious\" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. "
|
"value": "Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the \"malicious\" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|||||||
@ -66,6 +66,11 @@
|
|||||||
"refsource": "FEDORA",
|
"refsource": "FEDORA",
|
||||||
"name": "FEDORA-2022-de4474b89d",
|
"name": "FEDORA-2022-de4474b89d",
|
||||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/"
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0004/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0004/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -86,6 +86,11 @@
|
|||||||
"refsource": "FEDORA",
|
"refsource": "FEDORA",
|
||||||
"name": "FEDORA-2022-c87047f163",
|
"name": "FEDORA-2022-c87047f163",
|
||||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0002/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -53,6 +53,11 @@
|
|||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645",
|
"name": "https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645",
|
||||||
"url": "https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645"
|
"url": "https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "CONFIRM",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20220429-0001/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20220429-0001/"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user