admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-19 10:01:06 +00:00
parent f352a5baff
commit b39467aebf
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 61 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2021/36xxx/CVE-2021-36372.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked. "
"value": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E"
}
]
},

7
2021/39xxx/CVE-2021-39231.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. "
"value": "In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E"
}
]
},

7
2021/39xxx/CVE-2021-39232.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. "
"value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E"
}
]
},

7
2021/39xxx/CVE-2021-39233.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. "
"value": "In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E"
}
]
},

7
2021/39xxx/CVE-2021-39234.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. "
"value": "In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E"
}
]
},

7
2021/39xxx/CVE-2021-39235.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. "
"value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"
}
]
},

7
2021/39xxx/CVE-2021-39236.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. "
"value": "In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user."
}
]
},
@ -68,8 +68,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3E"
}
]
},

5
2021/41xxx/CVE-2021-41532.json
View File

@ -70,8 +70,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E"
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E"
}
]
},

7
2021/42xxx/CVE-2021-42338.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "4MOSAn GCB Doctors login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files."
"value": "4MOSAn GCB Doctor\u2019s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files."
}
]
},
@ -76,8 +76,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html"
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html"
}
]
},

18
2022/21xxx/CVE-2022-21742.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}