From feb81507c3f79b703c90f531ece3ea06e49188c7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 11 Feb 2022 13:01:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/44xxx/CVE-2021-44521.json | 7 ++-- 2021/46xxx/CVE-2021-46355.json | 61 ++++++++++++++++++++++++++++++---- 2022/0xxx/CVE-2022-0565.json | 18 ++++++++++ 2022/24xxx/CVE-2022-24112.json | 7 ++-- 2022/24xxx/CVE-2022-24263.json | 10 ++++++ 2022/24xxx/CVE-2022-24289.json | 7 ++-- 2022/24xxx/CVE-2022-24963.json | 18 ++++++++++ 7 files changed, 113 insertions(+), 15 deletions(-) create mode 100644 2022/0xxx/CVE-2022-0565.json create mode 100644 2022/24xxx/CVE-2022-24963.json diff --git a/2021/44xxx/CVE-2021-44521.json b/2021/44xxx/CVE-2021-44521.json index a9cd17a0a5f..7813f6cca20 100644 --- a/2021/44xxx/CVE-2021-44521.json +++ b/2021/44xxx/CVE-2021-44521.json @@ -62,7 +62,7 @@ "description_data": [ { "lang": "eng", - "value": "When running Apache Cassandra with the following configuration:\n\nenable_user_defined_functions: true\nenable_scripted_user_defined_functions: true\nenable_user_defined_functions_threads: false \n\nit is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE." + "value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE." } ] }, @@ -89,8 +89,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356" + "refsource": "MISC", + "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356", + "name": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356" } ] }, diff --git a/2021/46xxx/CVE-2021-46355.json b/2021/46xxx/CVE-2021-46355.json index a9b065d55ae..e68698baa58 100644 --- a/2021/46xxx/CVE-2021-46355.json +++ b/2021/46xxx/CVE-2021-46355.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46355", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46355", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ocs.com", + "refsource": "MISC", + "name": "http://ocs.com" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e", + "url": "https://medium.com/@windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e" } ] } diff --git a/2022/0xxx/CVE-2022-0565.json b/2022/0xxx/CVE-2022-0565.json new file mode 100644 index 00000000000..acb933c03dc --- /dev/null +++ b/2022/0xxx/CVE-2022-0565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24112.json b/2022/24xxx/CVE-2022-24112.json index b88ff1e6299..50cd150d7a9 100644 --- a/2022/24xxx/CVE-2022-24112.json +++ b/2022/24xxx/CVE-2022-24112.json @@ -53,7 +53,7 @@ "description_data": [ { "lang": "eng", - "value": "An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API.\nA default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution.\nWhen the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel.\n\nThere is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed." + "value": "An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed." } ] }, @@ -80,8 +80,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94" + "refsource": "MISC", + "url": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94", + "name": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94" } ] }, diff --git a/2022/24xxx/CVE-2022-24263.json b/2022/24xxx/CVE-2022-24263.json index 0a7fdceb25e..13cb0e088e7 100644 --- a/2022/24xxx/CVE-2022-24263.json +++ b/2022/24xxx/CVE-2022-24263.json @@ -66,6 +66,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/165882/Hospital-Management-System-4.0-SQL-Injection.html", "url": "http://packetstormsecurity.com/files/165882/Hospital-Management-System-4.0-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263", + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24263" + }, + { + "refsource": "MISC", + "name": "https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html", + "url": "https://www.nu11secur1ty.com/2022/02/cve-2022-24263.html" } ] } diff --git a/2022/24xxx/CVE-2022-24289.json b/2022/24xxx/CVE-2022-24289.json index e8a6a2d4362..533778c8f7e 100644 --- a/2022/24xxx/CVE-2022-24289.json +++ b/2022/24xxx/CVE-2022-24289.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Hessian serialization is a network protocol that supports object-based transmission.\nApache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications.\n\nIn Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.\n" + "value": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution." } ] }, @@ -70,8 +70,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc" + "refsource": "MISC", + "url": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc", + "name": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc" } ] }, diff --git a/2022/24xxx/CVE-2022-24963.json b/2022/24xxx/CVE-2022-24963.json new file mode 100644 index 00000000000..a6533b6e8e7 --- /dev/null +++ b/2022/24xxx/CVE-2022-24963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-24963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file