admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-27 13:00:39 +00:00
parent 8aefdcdd37
commit 98d46bbbe3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 61 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/23xxx/CVE-2020-23064.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element."
"value": "Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element."
}
]
},

4
2022/45xxx/CVE-2022-45143.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
"value": "CWE-116 Improper Encoding or Escaping of Output",
"cweId": "CWE-116"
}
]
}

27
2022/45xxx/CVE-2022-45378.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
@ -40,12 +40,21 @@
"version": {
"version_data": [
{
"version_value": "Apache SOAP 2.3",
"version_affected": "="
},
{
"version_value": "Apache SOAP",
"version_affected": "?"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "Apache SOAP 2.3"
},
{
"lessThan": "2.3",
"status": "unknown",
"version": "Apache SOAP",
"versionType": "custom"
}
]
}
}
]
}

5
2023/2xxx/CVE-2023-2431.json
View File

@ -79,6 +79,11 @@
"url": "https://github.com/kubernetes/kubernetes/issues/118690",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/issues/118690"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/"
}
]
},

21
2023/2xxx/CVE-2023-2480.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications"
"value": "Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications"
}
]
},
@ -40,9 +40,22 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.5.12598.0"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "23.5.12598.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "23.2.12340.11"
}
],
"defaultStatus": "unaffected"
}
}
]
}

18
2023/3xxx/CVE-2023-3428.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}