mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-08 19:46:39 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
7ab9fa309a
commit
5373aef26a
@ -11,7 +11,7 @@
|
|||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.\n\n"
|
"value": "TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -21,8 +21,8 @@
|
|||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "CWE-20 Improper Input Validation",
|
"value": "CWE-940 Improper Verification of Source of a Communication Channel",
|
||||||
"cweId": "CWE-20"
|
"cweId": "CWE-940"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
|
"value": "CWE-1395 Dependency on Vulnerable Third-Party Component",
|
||||||
"cweId": "CWE-74"
|
"cweId": "CWE-1395"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -41,7 +41,7 @@
|
|||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_name": " ",
|
"version_name": "0",
|
||||||
"version_value": "v6.0.0-202012tw"
|
"version_value": "v6.0.0-202012tw"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
@ -21,8 +21,8 @@
|
|||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "CWE-284: Improper Access Control",
|
"value": "CWE-306 Missing Authentication for Critical Function",
|
||||||
"cweId": "CWE-284"
|
"cweId": "CWE-306"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -41,11 +41,11 @@
|
|||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "1.x"
|
"version_value": "1.*"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "2.x"
|
"version_value": "2.*"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,8 +21,17 @@
|
|||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
|
"value": "CWE-306 Missing Authentication for Critical Function",
|
||||||
"cweId": "CWE-200"
|
"cweId": "CWE-306"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
|
||||||
|
"cweId": "CWE-497"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -44,15 +53,8 @@
|
|||||||
"version_value": "6.8"
|
"version_value": "6.8"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.0"
|
"version_name": "7.0",
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_affected": "=",
|
|
||||||
"version_value": "7.1"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_affected": "=",
|
|
||||||
"version_value": "7.2"
|
"version_value": "7.2"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
@ -11,7 +11,7 @@
|
|||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "\nThe password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.\n\n"
|
"value": "The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -21,8 +21,8 @@
|
|||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "CWE-284: Improper Access Control",
|
"value": "CWE-306 Missing Authentication for Critical Function",
|
||||||
"cweId": "CWE-284"
|
"cweId": "CWE-306"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user