admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-21 20:00:34 +00:00
parent 8082f5a47e
commit f27fe05676
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
87 changed files with 749 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/8xxx/CVE-2018-8032.json
View File

@ -122,6 +122,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html" "name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2019/0xxx/CVE-2019-0227.json
View File

@ -103,6 +103,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html" "name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2019/1xxx/CVE-2019-1547.json
View File

@ -242,6 +242,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365" "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2020/15xxx/CVE-2020-15366.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/ajv-validator/ajv/releases/tag/v6.12.3", "name": "https://github.com/ajv-validator/ajv/releases/tag/v6.12.3",
"url": "https://github.com/ajv-validator/ajv/releases/tag/v6.12.3" "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.12.3"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
} }

5
2020/1xxx/CVE-2020-1971.json
View File

@ -194,6 +194,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2020/28xxx/CVE-2020-28458.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC", "refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806", "url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806",
"name": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806" "name": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2021/23xxx/CVE-2021-23445.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20230815 [SECURITY] [DLA 3529-1] datatables.js security update", "name": "[debian-lts-announce] 20230815 [SECURITY] [DLA 3529-1] datatables.js security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html" "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2021/23xxx/CVE-2021-23839.json
View File

@ -111,6 +111,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/23xxx/CVE-2021-23840.json
View File

@ -164,6 +164,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/23xxx/CVE-2021-23841.json
View File

@ -174,6 +174,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

7
2021/28xxx/CVE-2021-28167.json
View File

@ -57,7 +57,12 @@
"name": "https://github.com/eclipse/openj9/issues/12016", "name": "https://github.com/eclipse/openj9/issues/12016",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://github.com/eclipse/openj9/issues/12016" "url": "https://github.com/eclipse/openj9/issues/12016"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }
} }

5
2021/28xxx/CVE-2021-28363.json
View File

@ -91,6 +91,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202305-02", "name": "GLSA-202305-02",
"url": "https://security.gentoo.org/glsa/202305-02" "url": "https://security.gentoo.org/glsa/202305-02"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
} }

5
2021/31xxx/CVE-2021-31684.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20230331 [SECURITY] [DLA 3373-1] json-smart security update", "name": "[debian-lts-announce] 20230331 [SECURITY] [DLA 3373-1] json-smart security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html" "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35550.json
View File

@ -130,6 +130,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35556.json
View File

@ -139,6 +139,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35559.json
View File

@ -139,6 +139,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35560.json
View File

@ -69,6 +69,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211022-0004/", "name": "https://security.netapp.com/advisory/ntap-20211022-0004/",
"url": "https://security.netapp.com/advisory/ntap-20211022-0004/" "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35564.json
View File

@ -139,6 +139,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35565.json
View File

@ -130,6 +130,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35578.json
View File

@ -120,6 +120,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35586.json
View File

@ -124,6 +124,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35588.json
View File

@ -106,6 +106,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35603.json
View File

@ -124,6 +124,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202209-05", "name": "GLSA-202209-05",
"url": "https://security.gentoo.org/glsa/202209-05" "url": "https://security.gentoo.org/glsa/202209-05"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/3xxx/CVE-2021-3449.json
View File

@ -206,6 +206,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html" "name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/3xxx/CVE-2021-3572.json
View File

@ -58,6 +58,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html" "name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2021/3xxx/CVE-2021-3711.json
View File

@ -146,6 +146,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202210-02", "name": "GLSA-202210-02",
"url": "https://security.gentoo.org/glsa/202210-02" "url": "https://security.gentoo.org/glsa/202210-02"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/3xxx/CVE-2021-3712.json
View File

@ -169,6 +169,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202210-02", "name": "GLSA-202210-02",
"url": "https://security.gentoo.org/glsa/202210-02" "url": "https://security.gentoo.org/glsa/202210-02"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

7
2021/41xxx/CVE-2021-41035.json
View File

@ -75,7 +75,12 @@
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395", "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395" "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }
} }

5
2021/43xxx/CVE-2021-43138.json
View File

@ -96,6 +96,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2023-18fd476362", "name": "FEDORA-2023-18fd476362",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/44xxx/CVE-2021-44906.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/substack/minimist/issues/164", "name": "https://github.com/substack/minimist/issues/164",
"url": "https://github.com/substack/minimist/issues/164" "url": "https://github.com/substack/minimist/issues/164"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2021/4xxx/CVE-2021-4160.json
View File

@ -117,6 +117,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202210-02", "name": "GLSA-202210-02",
"url": "https://security.gentoo.org/glsa/202210-02" "url": "https://security.gentoo.org/glsa/202210-02"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2022/0xxx/CVE-2022-0778.json
View File

@ -212,6 +212,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202210-02", "name": "GLSA-202210-02",
"url": "https://security.gentoo.org/glsa/202210-02" "url": "https://security.gentoo.org/glsa/202210-02"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2022/1xxx/CVE-2022-1471.json
View File

@ -94,6 +94,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/11/19/1", "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/11/19/1" "name": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2022/21xxx/CVE-2022-21299.json
View File

@ -102,6 +102,11 @@
"url": "https://security.gentoo.org/glsa/202209-05", "url": "https://security.gentoo.org/glsa/202209-05",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202209-05" "name": "https://security.gentoo.org/glsa/202209-05"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2022/21xxx/CVE-2022-21434.json
View File

@ -112,6 +112,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2022/21xxx/CVE-2022-21443.json
View File

@ -112,6 +112,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2022/21xxx/CVE-2022-21496.json
View File

@ -112,6 +112,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

15
2022/23xxx/CVE-2022-23539.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you\u2019ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions." "value": "Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you\u2019ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions."
} }
] ]
}, },
@ -40,8 +40,8 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "<= 8.5.1", "version_affected": "=",
"version_affected": "=" "version_value": "<= 8.5.1"
} }
] ]
} }
@ -54,15 +54,20 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33",
"refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33"
},
{ {
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
}, },
{ {
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33", "url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33" "name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
}, },

15
2022/23xxx/CVE-2022-23540.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don\u2019t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options." "value": "In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don\u2019t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.\n"
} }
] ]
}, },
@ -40,8 +40,8 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "<= 8.5.1", "version_affected": "=",
"version_affected": "=" "version_value": "<= 8.5.1"
} }
] ]
} }
@ -54,15 +54,20 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6",
"refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6"
},
{ {
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
}, },
{ {
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", "url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6" "name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
}, },

21
2022/23xxx/CVE-2022-23541.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0." "value": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0."
} }
] ]
}, },
@ -49,8 +49,8 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "<= 8.5.1", "version_affected": "=",
"version_affected": "=" "version_value": "<= 8.5.1"
} }
] ]
} }
@ -63,20 +63,25 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{ {
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959", "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959" "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959"
}, },
{
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{ {
"url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", "url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0" "name": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
}, },

5
2022/2xxx/CVE-2022-2097.json
View File

@ -129,6 +129,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0008/", "name": "https://security.netapp.com/advisory/ntap-20230420-0008/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0008/" "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2022/34xxx/CVE-2022-34169.json
View File

@ -168,6 +168,11 @@
"url": "https://security.gentoo.org/glsa/202401-25", "url": "https://security.gentoo.org/glsa/202401-25",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-25" "name": "https://security.gentoo.org/glsa/202401-25"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2022/34xxx/CVE-2022-34357.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20240405-0001/", "url": "https://security.netapp.com/advisory/ntap-20240405-0001/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240405-0001/" "name": "https://security.netapp.com/advisory/ntap-20240405-0001/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2022/3xxx/CVE-2022-3080.json
View File

@ -129,6 +129,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202210-25", "name": "GLSA-202210-25",
"url": "https://security.gentoo.org/glsa/202210-25" "url": "https://security.gentoo.org/glsa/202210-25"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0002/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0002/"
} }
] ]
}, },

5
2022/40xxx/CVE-2022-40897.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2023-60e2b22be0", "name": "FEDORA-2023-60e2b22be0",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2022/41xxx/CVE-2022-41854.json
View File

@ -98,6 +98,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240315-0009/", "name": "https://security.netapp.com/advisory/ntap-20240315-0009/",
"url": "https://security.netapp.com/advisory/ntap-20240315-0009/" "url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2022/48xxx/CVE-2022-48285.json
View File

@ -71,6 +71,11 @@
"url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0", "url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0" "name": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0005/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0005/"
} }
] ]
} }

5
2023/0xxx/CVE-2023-0215.json
View File

@ -98,6 +98,11 @@
"url": "https://security.gentoo.org/glsa/202402-08", "url": "https://security.gentoo.org/glsa/202402-08",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202402-08" "name": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/0xxx/CVE-2023-0464.json
View File

@ -113,6 +113,11 @@
"url": "https://security.gentoo.org/glsa/202402-08", "url": "https://security.gentoo.org/glsa/202402-08",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202402-08" "name": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

7
2023/1xxx/CVE-2023-1370.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software." "value": "[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.\n\nWhen reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively.\n\nIt was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.\n\n"
} }
] ]
}, },
@ -59,6 +59,11 @@
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" "name": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/21xxx/CVE-2023-21930.json
View File

@ -110,6 +110,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/21xxx/CVE-2023-21937.json
View File

@ -110,6 +110,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/21xxx/CVE-2023-21938.json
View File

@ -110,6 +110,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/21xxx/CVE-2023-21939.json
View File

@ -110,6 +110,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/21xxx/CVE-2023-21954.json
View File

@ -106,6 +106,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/21xxx/CVE-2023-21967.json
View File

@ -110,6 +110,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/21xxx/CVE-2023-21968.json
View File

@ -110,6 +110,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/22xxx/CVE-2023-22049.json
View File

@ -113,6 +113,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/26xxx/CVE-2023-26115.json
View File

@ -86,6 +86,11 @@
"url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4", "url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4" "name": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/26xxx/CVE-2023-26136.json
View File

@ -89,6 +89,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/2xxx/CVE-2023-2597.json
View File

@ -64,6 +64,11 @@
"name": "https://github.com/eclipse-openj9/openj9/pull/17259", "name": "https://github.com/eclipse-openj9/openj9/pull/17259",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://github.com/eclipse-openj9/openj9/pull/17259" "url": "https://github.com/eclipse-openj9/openj9/pull/17259"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2023/30xxx/CVE-2023-30588.json
View File

@ -68,6 +68,11 @@
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"refsource": "MISC", "refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases" "name": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2023/30xxx/CVE-2023-30589.json
View File

@ -103,6 +103,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2023/30xxx/CVE-2023-30996.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20240405-0004/", "url": "https://security.netapp.com/advisory/ntap-20240405-0004/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240405-0004/" "name": "https://security.netapp.com/advisory/ntap-20240405-0004/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/31xxx/CVE-2023-31484.json
View File

@ -101,6 +101,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2023-46924e402a", "name": "FEDORA-2023-46924e402a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
} }

5
2023/32xxx/CVE-2023-32344.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20240405-0002/", "url": "https://security.netapp.com/advisory/ntap-20240405-0002/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240405-0002/" "name": "https://security.netapp.com/advisory/ntap-20240405-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/34xxx/CVE-2023-34462.json
View File

@ -73,6 +73,11 @@
"url": "https://www.debian.org/security/2023/dsa-5558", "url": "https://www.debian.org/security/2023/dsa-5558",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5558" "name": "https://www.debian.org/security/2023/dsa-5558"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
}, },

5
2023/35xxx/CVE-2023-35009.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20230831-0014/", "url": "https://security.netapp.com/advisory/ntap-20230831-0014/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230831-0014/" "name": "https://security.netapp.com/advisory/ntap-20230831-0014/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0005/"
} }
] ]
}, },

5
2023/35xxx/CVE-2023-35011.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20230921-0005/", "url": "https://security.netapp.com/advisory/ntap-20230921-0005/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230921-0005/" "name": "https://security.netapp.com/advisory/ntap-20230921-0005/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0005/"
} }
] ]
}, },

5
2023/36xxx/CVE-2023-36478.json
View File

@ -115,6 +115,11 @@
"url": "https://security.netapp.com/advisory/ntap-20231116-0011/", "url": "https://security.netapp.com/advisory/ntap-20231116-0011/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20231116-0011/" "name": "https://security.netapp.com/advisory/ntap-20231116-0011/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

81
2023/37xxx/CVE-2023-37898.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-37898", "ID": "CVE-2023-37898",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with <pre> and </pre>, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening <pre> tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "laurent22",
"product": {
"product_data": [
{
"product_name": "joplin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.12.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8",
"refsource": "MISC",
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"refsource": "MISC",
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
]
},
"source": {
"advisory": "GHSA-hjmq-3qh4-g2r8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
} }
] ]
} }

5
2023/38xxx/CVE-2023-38359.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20240405-0003/", "url": "https://security.netapp.com/advisory/ntap-20240405-0003/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240405-0003/" "name": "https://security.netapp.com/advisory/ntap-20240405-0003/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

76
2023/38xxx/CVE-2023-38506.json
View File

@ -1,17 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-38506", "ID": "CVE-2023-38506",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "laurent22",
"product": {
"product_data": [
{
"product_name": "joplin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.12.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399",
"refsource": "MISC",
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399"
}
]
},
"source": {
"advisory": "GHSA-m59c-9rrj-c399",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
} }
] ]
} }

5
2023/39xxx/CVE-2023-39410.json
View File

@ -64,6 +64,11 @@
"url": "https://www.openwall.com/lists/oss-security/2023/09/29/6", "url": "https://www.openwall.com/lists/oss-security/2023/09/29/6",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2023/09/29/6" "name": "https://www.openwall.com/lists/oss-security/2023/09/29/6"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

86
2023/39xxx/CVE-2023-39517.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-39517", "ID": "CVE-2023-39517",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "laurent22",
"product": {
"product_data": [
{
"product_name": "joplin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.12.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m",
"refsource": "MISC",
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m"
},
{
"url": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f",
"refsource": "MISC",
"name": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"refsource": "MISC",
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
]
},
"source": {
"advisory": "GHSA-2h88-m32f-qh5m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
} }
] ]
} }

5
2023/3xxx/CVE-2023-3817.json
View File

@ -138,6 +138,11 @@
"url": "https://security.gentoo.org/glsa/202402-08", "url": "https://security.gentoo.org/glsa/202402-08",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202402-08" "name": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

5
2023/43xxx/CVE-2023-43051.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20240322-0008/", "url": "https://security.netapp.com/advisory/ntap-20240322-0008/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240322-0008/" "name": "https://security.netapp.com/advisory/ntap-20240322-0008/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
}, },

10
2023/44xxx/CVE-2023-44487.json
View File

@ -741,6 +741,16 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240426-0007/", "name": "https://security.netapp.com/advisory/ntap-20240426-0007/",
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/" "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
} }

5
2023/44xxx/CVE-2023-44981.json
View File

@ -89,6 +89,11 @@
"url": "https://www.debian.org/security/2023/dsa-5544", "url": "https://www.debian.org/security/2023/dsa-5544",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5544" "name": "https://www.debian.org/security/2023/dsa-5544"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
}, },

81
2023/45xxx/CVE-2023-45673.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-45673", "ID": "CVE-2023-45673",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "laurent22",
"product": {
"product_data": [
{
"product_name": "joplin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.13.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59",
"refsource": "MISC",
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
"refsource": "MISC",
"name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
}
]
},
"source": {
"advisory": "GHSA-g8qx-5vcm-3x59",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
} }
] ]
} }

5
2023/45xxx/CVE-2023-45745.json
View File

@ -62,6 +62,11 @@
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html" "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0003/"
} }
] ]
}, },

5
2023/45xxx/CVE-2023-45857.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/axios/axios/issues/6006", "name": "https://github.com/axios/axios/issues/6006",
"url": "https://github.com/axios/axios/issues/6006" "url": "https://github.com/axios/axios/issues/6006"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
} }
] ]
} }

5
2023/47xxx/CVE-2023-47855.json
View File

@ -62,6 +62,11 @@
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html" "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0003/"
} }
] ]
}, },

5
2023/5xxx/CVE-2023-5072.json
View File

@ -69,6 +69,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/4", "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/12/13/4" "name": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
}, },

5
2024/25xxx/CVE-2024-25047.json
View File

@ -63,6 +63,11 @@
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956",
"refsource": "MISC", "refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956" "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
} }
] ]
}, },

5
2024/4xxx/CVE-2024-4577.json
View File

@ -165,6 +165,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0008/"
} }
] ]
}, },

5
2024/4xxx/CVE-2024-4603.json
View File

@ -98,6 +98,11 @@
"url": "http://www.openwall.com/lists/oss-security/2024/05/16/2", "url": "http://www.openwall.com/lists/oss-security/2024/05/16/2",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/05/16/2" "name": "http://www.openwall.com/lists/oss-security/2024/05/16/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240621-0001/"
} }
] ]
}, },