admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-03-16 17:00:35 +00:00
parent 149fc2eab4
commit b805eb2a6d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 514 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/47xxx/CVE-2022-47412.json
View File

@ -40,8 +40,9 @@
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
"version_affected": "<=",
"version_name": "0",
"version_value": "12.1.0.1760"
}
]
}
@ -58,6 +59,11 @@
"url": "https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/",
"refsource": "MISC",
"name": "https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/"
},
{
"url": "https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#733",
"refsource": "MISC",
"name": "https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#733"
}
]
},

17
2022/47xxx/CVE-2022-47419.json
View File

@ -40,8 +40,16 @@
"version": {
"version_data": [
{
"version_value": "4.3.3",
"version_affected": "="
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "4.3.3"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -58,6 +66,11 @@
"url": "https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/",
"refsource": "MISC",
"name": "https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/"
},
{
"url": "https://www.mayan-edms.com/news/2023/02/version-4.3.6/",
"refsource": "MISC",
"name": "https://www.mayan-edms.com/news/2023/02/version-4.3.6/"
}
]
},

18
2023/1xxx/CVE-2023-1435.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2023/23xxx/CVE-2023-23514.json
View File

@ -65,6 +65,11 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213633",
"name": "https://support.apple.com/en-us/HT213633"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171359/XNU-NFSSVC-Root-Check-Bypass-Use-After-Free.html",
"url": "http://packetstormsecurity.com/files/171359/XNU-NFSSVC-Root-Check-Bypass-Use-After-Free.html"
}
]
},

56
2023/27xxx/CVE-2023-27041.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/forsean/bug_report/blob/main/vendors/hemedy99/School%20Registration%20and%20Fee%20System/SQLi-1.md",
"refsource": "MISC",
"name": "https://github.com/forsean/bug_report/blob/main/vendors/hemedy99/School%20Registration%20and%20Fee%20System/SQLi-1.md"
}
]
}

81
2023/28xxx/CVE-2023-28105.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dablelv",
"product": {
"product_data": [
{
"product_name": "go-huge-util",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.0.34"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dablelv/go-huge-util/security/advisories/GHSA-5g39-ppwg-6xx8",
"refsource": "MISC",
"name": "https://github.com/dablelv/go-huge-util/security/advisories/GHSA-5g39-ppwg-6xx8"
},
{
"url": "https://github.com/dablelv/go-huge-util/commit/0e308b0fac8973e6fa251b0ab095cdc5c1c0956b",
"refsource": "MISC",
"name": "https://github.com/dablelv/go-huge-util/commit/0e308b0fac8973e6fa251b0ab095cdc5c1c0956b"
}
]
},
"source": {
"advisory": "GHSA-5g39-ppwg-6xx8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
]
}

91
2023/28xxx/CVE-2023-28106.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pimcore",
"product": {
"product_data": [
{
"product_name": "pimcore",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 10.5.19"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8"
},
{
"url": "https://github.com/pimcore/pimcore/pull/14669.patch",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/pull/14669.patch"
},
{
"url": "https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2"
},
{
"url": "https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a"
}
]
},
"source": {
"advisory": "GHSA-x5j3-mq9g-8jc8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

86
2023/28xxx/CVE-2023-28108.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pimcore",
"product": {
"product_data": [
{
"product_name": "pimcore",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 10.5.19"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9"
},
{
"url": "https://github.com/pimcore/pimcore/pull/14633",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/pull/14633"
},
{
"url": "https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch"
}
]
},
"source": {
"advisory": "GHSA-xc9p-r5qj-8xm9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}

81
2023/28xxx/CVE-2023-28109.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-with-docker.com`. The domain would echo in response header, which successfully bypassed the CORS policy and retrieved basic user information. This issue has been fixed in commit ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "play-with-docker",
"product": {
"product_data": [
{
"product_name": "play-with-docker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 0.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/play-with-docker/play-with-docker/security/advisories/GHSA-vq59-5x26-h639",
"refsource": "MISC",
"name": "https://github.com/play-with-docker/play-with-docker/security/advisories/GHSA-vq59-5x26-h639"
},
{
"url": "https://github.com/play-with-docker/play-with-docker/commit/ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a",
"refsource": "MISC",
"name": "https://github.com/play-with-docker/play-with-docker/commit/ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a"
}
]
},
"source": {
"advisory": "GHSA-vq59-5x26-h639",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

81
2023/28xxx/CVE-2023-28110.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jumpserver",
"product": {
"product_data": [
{
"product_name": "jumpserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.28.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29",
"refsource": "MISC",
"name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29"
},
{
"url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8",
"refsource": "MISC",
"name": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8"
}
]
},
"source": {
"advisory": "GHSA-6x5p-jm59-jh29",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/28xxx/CVE-2023-28500.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}