"-Synchronized-Data."

This commit is contained in:
CVE Team 2022-01-17 20:01:14 +00:00
parent 31930f2250
commit de843c32b4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 16 additions and 5 deletions

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll)."
"value": "** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is \"a minor issue or not even an issue at all\" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate."
}
]
},

View File

@ -48,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing.\nA request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign."
"value": "When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign."
}
]
},
@ -75,8 +75,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/b7v5dkpyqb51nw0lvz4cybhgrfhk1g7j"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/b7v5dkpyqb51nw0lvz4cybhgrfhk1g7j",
"name": "https://lists.apache.org/thread/b7v5dkpyqb51nw0lvz4cybhgrfhk1g7j"
}
]
},
@ -89,4 +90,4 @@
"value": "1.x users should upgrade to 1.6.1.\nUnsupported versions of the 0.x line that include this issue are: 0.13.0, 0.14.0.\nand these should upgrade to 1.6.1 as well.\n1.0.0 and 1.1.0 are also Unsupported but affected and should upgrade to 1.6.1.\n"
}
]
}
}

View File

@ -76,6 +76,11 @@
"refsource": "FULLDISC",
"name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
"url": "http://seclists.org/fulldisclosure/2022/Jan/34"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html",
"url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
}
]
},

View File

@ -225,6 +225,11 @@
"refsource": "MISC",
"name": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21907",
"url": "https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21907"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165566/HTTP-Protocol-Stack-Denial-Of-Service-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/165566/HTTP-Protocol-Stack-Denial-Of-Service-Remote-Code-Execution.html"
}
]
},