admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-05 08:00:36 +00:00
parent 250254ad3d
commit 7156dcacde
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 355 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2021/40xxx/CVE-2021-40331.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\nThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Ranger Hive Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"RANGER-3474",
"RANGER-3357"
],
"discovery": "UNKNOWN"
}
}

242
2022/34xxx/CVE-2022-34169.json
View File

@ -1,14 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-34169",
"STATE": "PUBLIC",
"TITLE": "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer truncation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
@ -24,63 +47,27 @@
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Felix Wilhelm, Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer truncation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
@ -88,98 +75,107 @@
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"refsource": "DEBIAN",
"name": "DSA-5188",
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"refsource": "DEBIAN",
"name": "DSA-5192",
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220729-0009/",
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-19b6f21746",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-ae563934f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e573851f56",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d26586b419",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-80afe2304a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-b76ab52e73",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html",
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
"name": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"refsource": "DEBIAN",
"name": "DSA-5256",
"url": "https://www.debian.org/security/2022/dsa-5256"
"url": "https://www.debian.org/security/2022/dsa-5188",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5188"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
"url": "https://www.debian.org/security/2022/dsa-5192",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5192"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"url": "https://www.debian.org/security/2022/dsa-5256",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5256"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "UNKNOWN"
}
},
"credits": [
{
"lang": "en",
"value": "Reported by Felix Wilhelm, Google Project Zero"
}
]
}

84
2022/45xxx/CVE-2022-45048.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.\u00a0This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "g1831767442@163.com"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2023/2xxx/CVE-2023-2535.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@knime.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information exposure in the Web Frontend of KNIME Business Hub until 1.X allows an unauthenticated attacker to extract information about the system. By making a request to a non-existent URL the system will sensitive information to the caller such as internal IP addresses, hostnames, Istio\nmetadata, internal file paths and more.\n\nThe problem is fixed in KNIME Business Hub 1.xxx. There is no workaround for previous versions.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KNIME",
"product": {
"product_data": [
{
"product_name": "KNIME Business Hub",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.knime.com/security/advisories#CVE-2023-2535",
"refsource": "MISC",
"name": "https://www.knime.com/security/advisories#CVE-2023-2535"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"HUB-2382"
],
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

18
2023/2xxx/CVE-2023-2538.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}