admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-20 16:00:36 +00:00
parent 5939d4a71a
commit 6cc7303e7c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 485 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/44xxx/CVE-2021-44151.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165191/Reprise-License-Manager-14.2-Session-Hijacking.html",
"url": "http://packetstormsecurity.com/files/165191/Reprise-License-Manager-14.2-Session-Hijacking.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.reprisesoftware.com/RELEASE_NOTES",
"url": "https://www.reprisesoftware.com/RELEASE_NOTES"
}
]
}

5
2021/44xxx/CVE-2021-44155.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165182/Reprise-License-Manager-14.2-User-Enumeration.html",
"url": "http://packetstormsecurity.com/files/165182/Reprise-License-Manager-14.2-User-Enumeration.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.reprisesoftware.com/RELEASE_NOTES",
"url": "https://www.reprisesoftware.com/RELEASE_NOTES"
}
]
}

5
2022/28xxx/CVE-2022-28365.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2022/Apr/1",
"url": "https://seclists.org/fulldisclosure/2022/Apr/1"
},
{
"refsource": "CONFIRM",
"name": "https://www.reprisesoftware.com/RELEASE_NOTES",
"url": "https://www.reprisesoftware.com/RELEASE_NOTES"
}
]
}

6
2022/2xxx/CVE-2022-2560.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481."
"value": "This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481."
}
]
},
@ -54,7 +54,9 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1032/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1032/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1032/"
}
]
},

10
2022/2xxx/CVE-2022-2825.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
]
},

10
2022/2xxx/CVE-2022-2848.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
]
},

82
2022/36xxx/CVE-2022-36788.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130: Improper Handling of Length Parameter Inconsistency ",
"cweId": "CWE-130"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Slic3r",
"product": {
"product_data": [
{
"product_name": "libslic3r",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "Master Commit b1a5500"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
]
}

61
2023/25xxx/CVE-2023-25601.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache DolphinScheduler",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

10
2023/27xxx/CVE-2023-27350.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987."
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
},
{
"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219",
"refsource": "MISC",
"name": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
}
]
},

10
2023/27xxx/CVE-2023-27351.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226."
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226."
}
]
},
@ -54,10 +54,14 @@
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219",
"refsource": "MISC",
"name": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
},
{
"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
}
]
},