diff --git a/2020/23xxx/CVE-2020-23064.json b/2020/23xxx/CVE-2020-23064.json index 3fd708fd58f..29d3e5884ac 100644 --- a/2020/23xxx/CVE-2020-23064.json +++ b/2020/23xxx/CVE-2020-23064.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the element." + "value": "Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element." } ] }, diff --git a/2022/45xxx/CVE-2022-45143.json b/2022/45xxx/CVE-2022-45143.json index 02afc55eedf..2a3abd0e762 100644 --- a/2022/45xxx/CVE-2022-45143.json +++ b/2022/45xxx/CVE-2022-45143.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - "cweId": "CWE-74" + "value": "CWE-116 Improper Encoding or Escaping of Output", + "cweId": "CWE-116" } ] } diff --git a/2022/45xxx/CVE-2022-45378.json b/2022/45xxx/CVE-2022-45378.json index 41338f94cc9..3c26c9c6960 100644 --- a/2022/45xxx/CVE-2022-45378.json +++ b/2022/45xxx/CVE-2022-45378.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-287 Improper Authentication", - "cweId": "CWE-287" + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" } ] } @@ -40,12 +40,21 @@ "version": { "version_data": [ { - "version_value": "Apache SOAP 2.3", - "version_affected": "=" - }, - { - "version_value": "Apache SOAP", - "version_affected": "?" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "Apache SOAP 2.3" + }, + { + "lessThan": "2.3", + "status": "unknown", + "version": "Apache SOAP", + "versionType": "custom" + } + ] + } } ] } diff --git a/2023/2xxx/CVE-2023-2431.json b/2023/2xxx/CVE-2023-2431.json index aa5564a2d77..7d93e2d0f3d 100644 --- a/2023/2xxx/CVE-2023-2431.json +++ b/2023/2xxx/CVE-2023-2431.json @@ -79,6 +79,11 @@ "url": "https://github.com/kubernetes/kubernetes/issues/118690", "refsource": "MISC", "name": "https://github.com/kubernetes/kubernetes/issues/118690" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/" } ] }, diff --git a/2023/2xxx/CVE-2023-2480.json b/2023/2xxx/CVE-2023-2480.json index dde91f7fd5a..bf3fab7f400 100644 --- a/2023/2xxx/CVE-2023-2480.json +++ b/2023/2xxx/CVE-2023-2480.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications" + "value": "Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications" } ] }, @@ -40,9 +40,22 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "0", - "version_value": "23.5.12598.0" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "23.5.12598.0", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "23.2.12340.11" + } + ], + "defaultStatus": "unaffected" + } } ] } diff --git a/2023/3xxx/CVE-2023-3428.json b/2023/3xxx/CVE-2023-3428.json new file mode 100644 index 00000000000..167d26cdf0c --- /dev/null +++ b/2023/3xxx/CVE-2023-3428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file