admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-11 13:01:26 +00:00
parent 8e6ac1f723
commit feb81507c3
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 113 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2021/44xxx/CVE-2021-44521.json
View File

@ -62,7 +62,7 @@
"description_data": [
{
"lang": "eng",
"value": "When running Apache Cassandra with the following configuration:\n\nenable_user_defined_functions: true\nenable_scripted_user_defined_functions: true\nenable_user_defined_functions_threads: false \n\nit is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
"value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
}
]
},
@ -89,8 +89,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
"name": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
}
]
},

61
2021/46xxx/CVE-2021-46355.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-46355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://ocs.com",
"refsource": "MISC",
"name": "http://ocs.com"
},
{
"refsource": "MISC",
"name": "https://medium.com/@windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e",
"url": "https://medium.com/@windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e"
}
]
}

18
2022/0xxx/CVE-2022-0565.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0565",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2022/24xxx/CVE-2022-24112.json
View File

@ -53,7 +53,7 @@
"description_data": [
{
"lang": "eng",
"value": "An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API.\nA default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution.\nWhen the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel.\n\nThere is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed."
"value": "An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed."
}
]
},
@ -80,8 +80,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94",
"name": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94"
}
]
},

10
2022/24xxx/CVE-2022-24263.json
View File

@ -66,6 +66,16 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165882/Hospital-Management-System-4.0-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/165882/Hospital-Management-System-4.0-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263",
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263"
},
{
"refsource": "MISC",
"name": "https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html",
"url": "https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html"
}
]
}

7
2022/24xxx/CVE-2022-24289.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Hessian serialization is a network protocol that supports object-based transmission.\nApache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications.\n\nIn Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.\n"
"value": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution."
}
]
},
@ -70,8 +70,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc",
"name": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc"
}
]
},

18
2022/24xxx/CVE-2022-24963.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-24963",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}