mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
ee68ca2c3c
commit
f4723ee348
@ -605,7 +605,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -108,7 +108,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -88,7 +88,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -52,26 +52,11 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/python/cpython/pull/12201",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/python/cpython/pull/12201"
|
||||
},
|
||||
{
|
||||
"name": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html"
|
||||
},
|
||||
{
|
||||
"name": "107400",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/107400"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.python.org/issue36216",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugs.python.org/issue36216"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2019-243442e600",
|
||||
@ -172,11 +157,6 @@
|
||||
"name": "FEDORA-2019-1ffd6b6064",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20190517-0001/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20190517-0001/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2019-ec26883852",
|
||||
@ -282,11 +262,6 @@
|
||||
"name": "FEDORA-2019-57462fa10d",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0086",
|
||||
@ -297,6 +272,11 @@
|
||||
"name": "GLSA-202003-26",
|
||||
"url": "https://security.gentoo.org/glsa/202003-26"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
|
||||
@ -308,7 +288,29 @@
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/python/cpython/pull/12201",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/python/cpython/pull/12201"
|
||||
},
|
||||
{
|
||||
"name": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.python.org/issue36216",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugs.python.org/issue36216"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20190517-0001/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20190517-0001/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -52,11 +52,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugs.python.org/issue36276",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugs.python.org/issue36276"
|
||||
},
|
||||
{
|
||||
"refsource": "BID",
|
||||
"name": "107466",
|
||||
@ -77,11 +72,6 @@
|
||||
"name": "FEDORA-2019-ec26883852",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20190619-0005/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20190619-0005/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update",
|
||||
@ -137,11 +127,6 @@
|
||||
"name": "20191021 [slackware-security] python (SSA:2019-293-01)",
|
||||
"url": "https://seclists.org/bugtraq/2019/Oct/29"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html",
|
||||
"url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"
|
||||
},
|
||||
{
|
||||
"refsource": "REDHAT",
|
||||
"name": "RHSA-2019:3335",
|
||||
@ -187,13 +172,30 @@
|
||||
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html",
|
||||
"url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20210204 [CVE-2020-15693, CVE-2020-15694] Nim - stdlib Httpclient - Header Crlf Injection & Server Response Validation",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2021/02/04/2"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.python.org/issue36276",
|
||||
"refsource": "MISC",
|
||||
"url": "https://bugs.python.org/issue36276"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20190619-0005/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20190619-0005/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -60,7 +60,9 @@
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -148,7 +148,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -275,7 +275,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -385,7 +385,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -90,7 +90,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -52,16 +52,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae"
|
||||
},
|
||||
{
|
||||
"url": "https://lkml.org/lkml/2020/3/22/482",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lkml.org/lkml/2020/3/22/482"
|
||||
},
|
||||
{
|
||||
"refsource": "SUSE",
|
||||
"name": "openSUSE-SU-2020:0935",
|
||||
@ -102,13 +92,25 @@
|
||||
"name": "USN-4485-1",
|
||||
"url": "https://usn.ubuntu.com/4485-1/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae"
|
||||
},
|
||||
{
|
||||
"url": "https://lkml.org/lkml/2020/3/22/482",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lkml.org/lkml/2020/3/22/482"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b",
|
||||
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -55,7 +55,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -109,7 +109,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -44,16 +44,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747",
|
||||
"refsource": "CONFIRM"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/yaml/pyyaml/pull/386",
|
||||
"name": "https://github.com/yaml/pyyaml/pull/386",
|
||||
"refsource": "MISC"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-40c35d7b37",
|
||||
@ -90,7 +80,19 @@
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747",
|
||||
"refsource": "CONFIRM"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/yaml/pyyaml/pull/386",
|
||||
"name": "https://github.com/yaml/pyyaml/pull/386",
|
||||
"refsource": "MISC"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -175,7 +175,9 @@
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -158,7 +158,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -80,7 +80,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -395,7 +395,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -55,7 +55,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -83,7 +83,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/article/en-us/sln322935/dsa-2020-245-dell-bsafe-micro-edition-suite-multiple-vulnerabilities?lang=en"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -82,11 +82,6 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20201123-0004/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20201123-0004/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
|
||||
@ -113,7 +108,14 @@
|
||||
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20201123-0004/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20201123-0004/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -65,7 +65,9 @@
|
||||
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -178,7 +178,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -75,7 +75,9 @@
|
||||
"name": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -107,7 +107,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -122,7 +122,9 @@
|
||||
"name": "https://github.com/odoo/odoo/issues/63712"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -78,7 +78,9 @@
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -68,7 +68,9 @@
|
||||
"name": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -103,7 +103,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -78,7 +78,9 @@
|
||||
"url": "https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -67,13 +67,15 @@
|
||||
"name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220506-0004/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,7 +98,9 @@
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -132,7 +132,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -90,7 +90,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -285,7 +285,9 @@
|
||||
"url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -123,7 +123,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -44,6 +44,11 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
|
||||
@ -53,9 +58,6 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -153,7 +153,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -250,7 +250,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -74,11 +74,6 @@
|
||||
"name": "[druid-commits] 20210225 [GitHub] [druid] liangrui1988 commented on pull request #10847: Suppress CVE-2020-9492 for hadoop-mapreduce-client-core",
|
||||
"url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20210304-0001/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
|
||||
@ -120,7 +115,14 @@
|
||||
"url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20210304-0001/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -69,11 +69,6 @@
|
||||
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43",
|
||||
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220303-0002/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
|
||||
@ -85,7 +80,14 @@
|
||||
"url": "https://www.debian.org/security/2022/dsa-5096"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20220303-0002/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -50,7 +50,9 @@
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -75,7 +75,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -85,7 +85,9 @@
|
||||
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
||||
},
|
||||
{
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,18 +1,94 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@wdc.com",
|
||||
"ID": "CVE-2022-22999",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Cross-site Scripting Vulnerability in USB Backups App"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "My Cloud",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "Linux",
|
||||
"version_affected": "<",
|
||||
"version_name": "My Cloud OS 5",
|
||||
"version_value": "5.23.114"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Western Digital"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross-site Scripting (XSS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114",
|
||||
"name": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,94 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@wdc.com",
|
||||
"ID": "CVE-2022-23000",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Weak Default SSL use in Port Forwarding Service"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "My Cloud",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "Linux",
|
||||
"version_affected": "<",
|
||||
"version_name": "My Cloud OS 5",
|
||||
"version_value": "5.23.114"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Western Digital"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an \"SSL\" context instead of \"TLS\" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114",
|
||||
"name": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -4,84 +4,14 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-2077",
|
||||
"TITLE": "Microsoft O365 Conditional Access Policy access control",
|
||||
"REQUESTER": "cna@vuldb.com",
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"generator": "vuldb.com",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Microsoft",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "O365",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284 Improper Access Controls"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** DISPUTED ** A vulnerability was found in Microsoft O365 and classified as critical. This issue affects the Conditional Access Policy which leads to improper access controls. By default the policy is not verified for every request. The attack may be initiated remotely. Exploit details have been disclosed to the public. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
"credit": "Lukas Reiter/Alexander Hagenah",
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "5.0",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation",
|
||||
"refsource": "MISC",
|
||||
"name": "https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation"
|
||||
},
|
||||
{
|
||||
"url": "https://www.mandiant.com/resources/russian-targeting-gov-business",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.mandiant.com/resources/russian-targeting-gov-business"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/sixgroup-security/Advisories/tree/main/20211209_Conditional-Access-Bypass-via-Session-Hijacking-in-Microsoft-O365",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sixgroup-security/Advisories/tree/main/20211209_Conditional-Access-Bypass-via-Session-Hijacking-in-Microsoft-O365"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.192029",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.192029"
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,76 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34966",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2022-34966",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.opensource-socialnetwork.org/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.opensource-socialnetwork.org/"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
|
||||
},
|
||||
{
|
||||
"url": "https://www.openteknik.com/contact?channel=ossn",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.openteknik.com/contact?channel=ossn"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6",
|
||||
"url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,70 +1,74 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35869",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35869",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": "@_s_n_t of @pentestltd",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
|
||||
}
|
||||
},
|
||||
"credit": "@_s_n_t of @pentestltd",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/"
|
||||
},
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||||
"version": "3.0"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/"
|
||||
},
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||||
"version": "3.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,70 +1,74 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35870",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35870",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": "@_s_n_t of @pentestltd",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-502: Deserialization of Untrusted Data"
|
||||
}
|
||||
},
|
||||
"credit": "@_s_n_t of @pentestltd",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/"
|
||||
},
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-502: Deserialization of Untrusted Data"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,70 +1,74 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35871",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35871",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": "Daan Keuper & Thijs Alkemade from Computest",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-306: Missing Authentication for Critical Function"
|
||||
}
|
||||
},
|
||||
"credit": "Daan Keuper & Thijs Alkemade from Computest",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/"
|
||||
},
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-306: Missing Authentication for Critical Function"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,70 +1,74 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35872",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35872",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": "Piotr Bazydlo (@chudypb)",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-502: Deserialization of Untrusted Data"
|
||||
}
|
||||
},
|
||||
"credit": "Piotr Bazydlo (@chudypb)",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/"
|
||||
},
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-502: Deserialization of Untrusted Data"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,70 +1,74 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35873",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2022-35873",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ignition",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.1.15 (b2022030114)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Inductive Automation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": "20urdjk",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-356: Product UI does not Warn User of Unsafe Actions"
|
||||
}
|
||||
},
|
||||
"credit": "20urdjk",
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
|
||||
},
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-356: Product UI does not Warn User of Unsafe Actions"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
|
||||
},
|
||||
{
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user