admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-01-14 21:01:10 +00:00
parent 5c0dd45d7d
commit e391f6d2ca
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 237 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
2021/23xxx/CVE-2021-23566.json
View File

@ -48,24 +48,29 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193",
"name": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550"
},
{
"refsource": "CONFIRM",
"url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"
"refsource": "MISC",
"url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444",
"name": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"
"refsource": "MISC",
"url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575",
"name": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/ai/nanoid/pull/328"
"refsource": "MISC",
"url": "https://github.com/ai/nanoid/pull/328",
"name": "https://github.com/ai/nanoid/pull/328"
}
]
},
@ -73,7 +78,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.\r\n\r\n"
"value": "The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated."
}
]
},

27
2021/23xxx/CVE-2021-23567.json
View File

@ -48,24 +48,29 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-COLORS-2331906"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-COLORS-2331906",
"name": "https://snyk.io/vuln/SNYK-JS-COLORS-2331906"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6%23diff-92bbac9a308cd5fcf9db165841f2d90ce981baddcb2b1e26cfff170929af3bd1R18"
"refsource": "MISC",
"url": "https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6%23diff-92bbac9a308cd5fcf9db165841f2d90ce981baddcb2b1e26cfff170929af3bd1R18",
"name": "https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6%23diff-92bbac9a308cd5fcf9db165841f2d90ce981baddcb2b1e26cfff170929af3bd1R18"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/Marak/colors.js/issues/285"
"refsource": "MISC",
"url": "https://github.com/Marak/colors.js/issues/285",
"name": "https://github.com/Marak/colors.js/issues/285"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/Marak/colors.js/issues/285%23issuecomment-1008212640"
"refsource": "MISC",
"url": "https://github.com/Marak/colors.js/issues/285%23issuecomment-1008212640",
"name": "https://github.com/Marak/colors.js/issues/285%23issuecomment-1008212640"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what/"
"refsource": "MISC",
"url": "https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what/",
"name": "https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what/"
}
]
},
@ -73,7 +78,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. \r\n\r\nUnfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue.\r\n\r\n Vulnerable Code\r\n\r\n js\r\nfor (let i = 666; i < Infinity; i++;) {\r\n\r\n\r\n Alternative Remediation Suggested\r\n* Pin dependancy to 1.4.0\n"
"value": "The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0"
}
]
},

56
2021/46xxx/CVE-2021-46168.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-46168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nimble-code/Spin/issues/56",
"refsource": "MISC",
"name": "https://github.com/nimble-code/Spin/issues/56"
}
]
}

56
2021/46xxx/CVE-2021-46169.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-46169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nimble-code/Modex/issues/10",
"refsource": "MISC",
"name": "https://github.com/nimble-code/Modex/issues/10"
}
]
}

56
2021/46xxx/CVE-2021-46170.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-46170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jerryscript-project/jerryscript/issues/4917",
"refsource": "MISC",
"name": "https://github.com/jerryscript-project/jerryscript/issues/4917"
}
]
}

56
2021/46xxx/CVE-2021-46171.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-46171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nimble-code/Modex/issues/8",
"refsource": "MISC",
"name": "https://github.com/nimble-code/Modex/issues/8"
}
]
}

5
2022/20xxx/CVE-2022-20660.json
View File

@ -71,6 +71,11 @@
"name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
},
{
"refsource": "FULLDISC",
"name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
"url": "http://seclists.org/fulldisclosure/2022/Jan/34"
}
]
},