admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-25 08:00:33 +00:00
parent 7aab655fae
commit 30034c2ee7
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 545 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2022/34xxx/CVE-2022-34267.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/",
"refsource": "MISC",
"name": "https://www.rws.com/localization/products/trados-enterprise/worldserver/"
},
{
"refsource": "MISC",
"name": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver",
"url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver"
}
]
}

61
2022/34xxx/CVE-2022-34268.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/",
"refsource": "MISC",
"name": "https://www.rws.com/localization/products/trados-enterprise/worldserver/"
},
{
"refsource": "MISC",
"name": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver",
"url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver"
}
]
}

56
2023/28xxx/CVE-2023-28872.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-28872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\\Temp\\NcpSupport* location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0006/",
"refsource": "MISC",
"name": "https://herolab.usd.de/en/security-advisories/usd-2022-0006/"
}
]
}

56
2023/31xxx/CVE-2023-31224.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is broken access control during authentication in Jamf Pro Server before 10.46.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html",
"url": "https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html"
}
]
}

66
2023/36xxx/CVE-2023-36485.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-36485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987",
"refsource": "MISC",
"name": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987"
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988",
"refsource": "MISC",
"name": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988"
},
{
"refsource": "MISC",
"name": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786",
"url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786"
}
]
}

66
2023/36xxx/CVE-2023-36486.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36486",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-36486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987",
"refsource": "MISC",
"name": "https://github.com/ILIAS-eLearning/ILIAS/pull/5987"
},
{
"url": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988",
"refsource": "MISC",
"name": "https://github.com/ILIAS-eLearning/ILIAS/pull/5988"
},
{
"refsource": "MISC",
"name": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786",
"url": "https://docu.ilias.de/ilias.php?baseClass=ilrepositorygui&cmdNode=xd:kx:54&cmdClass=ilBlogPostingGUI&cmd=previewFullscreen&ref_id=3439&prvm=fsc&bmn=2023-12&blpg=786"
}
]
}

61
2023/38xxx/CVE-2023-38826.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-38826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.follettlearning.com/",
"refsource": "MISC",
"name": "https://www.follettlearning.com/"
},
{
"refsource": "MISC",
"name": "https://github.com/Oracle-Security/CVEs/tree/main/Follett%20Learning%20Solutions/Destiny/CVE-2023-38826",
"url": "https://github.com/Oracle-Security/CVEs/tree/main/Follett%20Learning%20Solutions/Destiny/CVE-2023-38826"
}
]
}

61
2023/48xxx/CVE-2023-48652.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-48652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes",
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes"
},
{
"refsource": "CONFIRM",
"name": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates",
"url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates"
}
]
}

61
2023/49xxx/CVE-2023-49226.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-49226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-49226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4",
"refsource": "MISC",
"name": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"refsource": "MISC",
"name": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf",
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}

56
2023/49xxx/CVE-2023-49954.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-49954",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-49954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cve-2023-49954.github.io/",
"url": "https://cve-2023-49954.github.io/"
}
]
}