admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-28 03:00:42 +00:00
parent 0ae535b46f
commit b20e5cf445
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 266 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2020/36xxx/CVE-2020-36562.json
View File

@ -1,18 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/shiyanhui/dht",
"product": {
"product_data": [
{
"product_name": "github.com/shiyanhui/dht",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/shiyanhui/dht/issues/57",
"refsource": "MISC",
"name": "https://github.com/shiyanhui/dht/issues/57"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0040",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2020-0040"
}
]
},
"credits": [
{
"lang": "en",
"value": "@hMihaiDavid"
}
]
}

58
2020/36xxx/CVE-2020-36563.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 328: Use of Weak Hash"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/RobotsAndPencils/go-saml",
"product": {
"product_data": [
{
"product_name": "github.com/RobotsAndPencils/go-saml",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/RobotsAndPencils/go-saml/pull/38",
"refsource": "MISC",
"name": "https://github.com/RobotsAndPencils/go-saml/pull/38"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0047",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2020-0047"
}
]
}

5
2021/33xxx/CVE-2021-33640.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar",
"name": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-88772d0a2d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
}
]
},

5
2021/33xxx/CVE-2021-33643.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-44a20bba43",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-88772d0a2d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
}
]
},

5
2021/33xxx/CVE-2021-33644.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-44a20bba43",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-88772d0a2d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
}
]
},

5
2021/33xxx/CVE-2021-33645.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-44a20bba43",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-88772d0a2d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
}
]
},

5
2021/33xxx/CVE-2021-33646.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-44a20bba43",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-88772d0a2d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
}
]
},

18
2021/4xxx/CVE-2021-4235.json
View File

@ -47,6 +47,24 @@
}
]
}
},
{
"vendor_name": "github.com/go-yaml/yaml",
"product": {
"product_data": [
{
"product_name": "github.com/go-yaml/yaml",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}

58
2022/3xxx/CVE-2022-3346.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3346",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/peterzen/goresolver",
"product": {
"product_data": [
{
"product_name": "github.com/peterzen/goresolver",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/peterzen/goresolver/issues/5",
"refsource": "MISC",
"name": "https://github.com/peterzen/goresolver/issues/5"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-0979",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2022-0979"
}
]
}

58
2022/3xxx/CVE-2022-3347.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3347",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 295: Improper Certificate Validation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/peterzen/goresolver",
"product": {
"product_data": [
{
"product_name": "github.com/peterzen/goresolver",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257",
"refsource": "MISC",
"name": "https://github.com/peterzen/goresolver/issues/5#issuecomment-1150214257"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-1026",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2022-1026"
}
]
}