mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
31930f2250
commit
de843c32b4
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll)."
|
||||
"value": "** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is \"a minor issue or not even an issue at all\" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -48,7 +48,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing.\nA request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign."
|
||||
"value": "When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread/b7v5dkpyqb51nw0lvz4cybhgrfhk1g7j"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread/b7v5dkpyqb51nw0lvz4cybhgrfhk1g7j",
|
||||
"name": "https://lists.apache.org/thread/b7v5dkpyqb51nw0lvz4cybhgrfhk1g7j"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -89,4 +90,4 @@
|
||||
"value": "1.x users should upgrade to 1.6.1.\nUnsupported versions of the 0.x line that include this issue are: 0.13.0, 0.14.0.\nand these should upgrade to 1.6.1 as well.\n1.0.0 and 1.1.0 are also Unsupported but affected and should upgrade to 1.6.1.\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -76,6 +76,11 @@
|
||||
"refsource": "FULLDISC",
|
||||
"name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
|
||||
"url": "http://seclists.org/fulldisclosure/2022/Jan/34"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html",
|
||||
"url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -225,6 +225,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21907",
|
||||
"url": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21907"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/165566/HTTP-Protocol-Stack-Denial-Of-Service-Remote-Code-Execution.html",
|
||||
"url": "http://packetstormsecurity.com/files/165566/HTTP-Protocol-Stack-Denial-Of-Service-Remote-Code-Execution.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
Loading…
x
Reference in New Issue
Block a user