admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-16 16:00:36 +00:00
parent 58b1ebeb51
commit d1f809fe17
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 225 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/24xxx/CVE-2020-24307.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file."
"value": "** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\\Users:(M) is present."
}
]
},

56
2021/40xxx/CVE-2021-40555.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/flatCore/flatCore-CMS/issues/56",
"refsource": "MISC",
"name": "https://github.com/flatCore/flatCore-CMS/issues/56"
}
]
}

7
2022/27xxx/CVE-2022-27890.json
View File

@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-15.md"
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-15.md",
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-15.md"
}
]
},
@ -83,4 +84,4 @@
"advisory": "PLTRSEC-2022-15",
"discovery": "EXTERNAL"
}
}
}

9
2022/27xxx/CVE-2022-27891.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.\n\n"
"value": "Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0."
}
]
},
@ -75,8 +75,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-10.md"
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-10.md",
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-10.md"
}
]
},
@ -84,4 +85,4 @@
"advisory": "PLTRSEC-2022-10",
"discovery": "EXTERNAL"
}
}
}

9
2022/27xxx/CVE-2022-27892.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.\n\n\n"
"value": "Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service."
}
]
},
@ -75,8 +75,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-11.md"
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-11.md",
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-11.md"
}
]
},
@ -84,4 +85,4 @@
"advisory": "PLTRSEC-2022-11",
"discovery": "EXTERNAL"
}
}
}

9
2022/27xxx/CVE-2022-27897.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.\n\n\n"
"value": "Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server."
}
]
},
@ -75,8 +75,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-12.md"
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-12.md",
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-12.md"
}
]
},
@ -84,4 +85,4 @@
"advisory": "PLTRSEC-2022-12",
"discovery": "EXTERNAL"
}
}
}

9
2022/48xxx/CVE-2022-48306.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service.\nThis issue affects:\nPalantir Palantir Gotham Chat IRC helper\nversions prior to 30221005.210011.9242."
"value": "Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242."
}
]
},
@ -75,8 +75,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md"
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md",
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md"
}
]
},
@ -84,4 +85,4 @@
"advisory": "PLTRSEC-2023-02",
"discovery": "EXTERNAL"
}
}
}

7
2022/48xxx/CVE-2022-48307.json
View File

@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-13.md"
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-13.md",
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-13.md"
}
]
},
@ -83,4 +84,4 @@
"advisory": "PLTRSEC-2022-13",
"discovery": "EXTERNAL"
}
}
}

7
2022/48xxx/CVE-2022-48308.json
View File

@ -74,8 +74,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-14.md"
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-14.md",
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-14.md"
}
]
},
@ -83,4 +84,4 @@
"advisory": "PLTRSEC-2022-14",
"discovery": "EXTERNAL"
}
}
}

61
2023/23xxx/CVE-2023-23558.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-23558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MisterTea/EternalTerminal",
"refsource": "MISC",
"name": "https://github.com/MisterTea/EternalTerminal"
},
{
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1207126",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207126"
}
]
}

91
2023/23xxx/CVE-2023-23926.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23926",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities can be used to read local files, send HTTP requests, and perform denial-of-service attacks on the application. Abusing the XXE vulnerability enabled assessors to read local files remotely. Although with the level of privileges assessors had this was limited to one-line files. With the ability to write to the database, any file could have been read. Additionally, assessors noted, with local testing, the server could be crashed by passing in improperly formatted XML. The minimum version containing a patch for this vulnerability is 5.5.0. Those who cannot upgrade the library can control the allowlist of the procedures that can be used in your system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "neo4j",
"product": {
"product_data": [
{
"product_name": "apoc",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 5.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/neo4j/apoc/security/advisories/GHSA-6wxg-wh7f-rqpr",
"refsource": "MISC",
"name": "https://github.com/neo4j/apoc/security/advisories/GHSA-6wxg-wh7f-rqpr"
},
{
"url": "https://github.com/neo4j/apoc/pull/310",
"refsource": "MISC",
"name": "https://github.com/neo4j/apoc/pull/310"
},
{
"url": "https://github.com/neo4j/apoc/releases/tag/5.5.0",
"refsource": "MISC",
"name": "https://github.com/neo4j/apoc/releases/tag/5.5.0"
},
{
"url": "https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/#config_dbms.security.procedures.allowlist",
"refsource": "MISC",
"name": "https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/#config_dbms.security.procedures.allowlist"
}
]
},
"source": {
"advisory": "GHSA-6wxg-wh7f-rqpr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
]
}