admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-13 22:00:42 +00:00
parent 020fcbffaf
commit cf88c410fe
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 515 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2022/38xxx/CVE-2022-38014.json
View File

@ -1,50 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-38014",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Subsystem for Linux (WSL2)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Azure EFLOW",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability."
"value": "Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability"
}
]
},
@ -60,21 +27,60 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Windows Subsystem for Linux (WSL2)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.0.0.0",
"version_value": "5.15.62.1"
}
]
}
},
{
"product_name": "Azure EFLOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.0.0",
"version_value": "1.4.2.12122 LTS"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38014",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38014",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38014"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38014"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "7.0",
"temporalScore": "6.1",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

2
2022/41xxx/CVE-2022-41066.json
View File

@ -40,7 +40,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_name": "1.0",
"version_value": "49345"
}
]

87
2022/41xxx/CVE-2022-41085.json
View File

@ -1,50 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41085",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure CycleCloud 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Azure CycleCloud 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Azure CycleCloud Elevation of Privilege Vulnerability."
"value": "Azure CycleCloud Elevation of Privilege Vulnerability"
}
]
},
@ -60,21 +27,53 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Azure CycleCloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0",
"version_value": "8.3.0"
},
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "7.9.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41085",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41085",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41085"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41085"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "7.5",
"temporalScore": "6.5",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

134
2022/41xxx/CVE-2022-41119.json
View File

@ -1,80 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41119",
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio 2022 version 17.2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.3",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.0",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Visual Studio Remote Code Execution Vulnerability."
"value": "Visual Studio Remote Code Execution Vulnerability"
}
]
},
@ -90,21 +27,70 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.2.0",
"version_value": "17.2.10"
},
{
"version_affected": "<",
"version_name": "15.9.0",
"version_value": "15.9.51"
},
{
"version_affected": "<",
"version_name": "17.0.0",
"version_value": "17.3.7"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.11.0",
"version_value": "16.11.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41119",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41119"
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"baseScore": "7.8",
"temporalScore": "6.8",
"version": "3.1"
}
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
}

60
2023/24xxx/CVE-2023-24469.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@opentext.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.3.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential Cross-Site Scripting (CVE-2023-24469) in ArcSight Logger versions prior to 7.3.0"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://portal.microfocus.com/s/article/KM000018224?language=en_US",
"url": "https://portal.microfocus.com/s/article/KM000018224?language=en_US"
},
{
"refsource": "MISC",
"name": "https://www.microfocus.com/support/downloads/,",
"url": "https://www.microfocus.com/support/downloads/,"
},
{
"refsource": "MISC",
"name": "https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/",
"url": "https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0"
}
]
}

80
2023/31xxx/CVE-2023-31142.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.4"
},
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2"
}
]
},
"source": {
"advisory": "GHSA-286w-97m2-78x2",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

80
2023/32xxx/CVE-2023-32061.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.4"
},
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g"
}
]
},
"source": {
"advisory": "GHSA-prx4-49m8-874g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

80
2023/32xxx/CVE-2023-32301.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output",
"cweId": "CWE-116"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.4"
},
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4"
}
]
},
"source": {
"advisory": "GHSA-p2jx-m2j5-hqh4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

80
2023/34xxx/CVE-2023-34250.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34250",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.4"
},
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg"
}
]
},
"source": {
"advisory": "GHSA-q8m5-wmjr-3ppg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
]
}