admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-09 17:00:40 +00:00
parent e78d8c03dc
commit 843eecb8cd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 288 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
2022/38xxx/CVE-2022-38023.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.17763.3650"
"version_value": "10.0.17763.4252"
}
]
}
@ -53,7 +53,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.20348.1249"
"version_value": "10.0.20348.1668"
}
]
}
@ -65,7 +65,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.14393.5501"
"version_value": "10.0.14393.5850"
}
]
}
@ -77,7 +77,7 @@
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.0.6003.21768"
"version_value": "6.0.6003.22015"
}
]
}
@ -89,12 +89,12 @@
{
"version_affected": "<",
"version_name": "6.1.0",
"version_value": "6.1.7601.26221"
"version_value": "6.1.7601.26466"
},
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.1.7601.26221"
"version_value": "6.1.7601.26466"
}
]
}
@ -106,7 +106,7 @@
{
"version_affected": "<",
"version_name": "6.2.0",
"version_value": "6.2.9200.23968"
"version_value": "6.2.9200.24216"
}
]
}
@ -118,7 +118,7 @@
{
"version_affected": "<",
"version_name": "6.3.0",
"version_value": "6.3.9600.20671"
"version_value": "6.3.9600.20919"
}
]
}

4
2022/41xxx/CVE-2022-41104.json
View File

@ -95,8 +95,8 @@
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}

2
2022/41xxx/CVE-2022-41113.json
View File

@ -65,7 +65,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.19043.2486"
"version_value": "10.0.19043.2251"
}
]
}

72
2022/41xxx/CVE-2022-41120.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41120",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Sysmon",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Sysmon Elevation of Privilege Vulnerability."
"value": "Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability"
}
]
},
@ -50,21 +27,48 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Windows Sysmon",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0",
"version_value": "14.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41120",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41120",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41120"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41120"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "7.8",
"temporalScore": "6.8",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

90
2023/25xxx/CVE-2023-25829.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25829",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@esri.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Esri",
"product": {
"product_data": [
{
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "10.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/",
"refsource": "MISC",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/"
},
{
"url": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095",
"refsource": "MISC",
"name": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"BUG-000155001"
],
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

119
2023/25xxx/CVE-2023-25830.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25830",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@esri.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Esri",
"product": {
"product_data": [
{
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.9.1",
"version_value": "<=10.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/",
"refsource": "MISC",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/"
},
{
"url": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095",
"refsource": "MISC",
"name": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"BUG-000154662"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation: Leverage a WAF to filter JavaScript from URL query parameters<br>"
}
],
"value": "Mitigation: Leverage a WAF to filter JavaScript from URL query parameters\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095\">https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8...</a><br>"
}
],
"value": " https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8... https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 \n"
}
],
"credits": [
{
"lang": "en",
"value": "Theologos Kokkinellis"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

5
2023/25xxx/CVE-2023-25834.json
View File

@ -41,8 +41,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10.9.1",
"version_value": "<="
"version_name": "10.7.1",
"version_value": "10.9.1"
}
]
}
@ -71,7 +71,6 @@
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administr",
"defect": [
"CVE-2023-25834"
],

18
2023/2xxx/CVE-2023-2607.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2607",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/2xxx/CVE-2023-2608.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}