admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-06 18:00:43 +00:00
parent ee8b1dca2f
commit 00210b59f9
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 439 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/37xxx/CVE-2022-37703.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
}
]
}

35
2022/37xxx/CVE-2022-37704.json
View File

@ -62,6 +62,36 @@
"name": "https://github.com/MaherAzzouzi/CVE-2022-37704",
"url": "https://github.com/MaherAzzouzi/CVE-2022-37704"
},
{
"refsource": "MISC",
"name": "https://github.com/zmanda/amanda/issues/192",
"url": "https://github.com/zmanda/amanda/issues/192"
},
{
"refsource": "MISC",
"name": "https://marc.info/?l=amanda-hackers",
"url": "https://marc.info/?l=amanda-hackers"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3330-1] amanda security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-3d0619d767",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-1293196f34",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-e295804b3d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/"
},
{
"refsource": "MISC",
"name": "https://github.com/zmanda/amanda/pull/197",
@ -76,6 +106,11 @@
"refsource": "MISC",
"name": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
}
]
}

30
2022/37xxx/CVE-2022-37705.json
View File

@ -62,6 +62,31 @@
"name": "https://github.com/MaherAzzouzi/CVE-2022-37705",
"url": "https://github.com/MaherAzzouzi/CVE-2022-37705"
},
{
"refsource": "MISC",
"name": "https://github.com/zmanda/amanda/issues/192",
"url": "https://github.com/zmanda/amanda/issues/192"
},
{
"refsource": "MISC",
"name": "https://marc.info/?l=amanda-hackers",
"url": "https://marc.info/?l=amanda-hackers"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-3d0619d767",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-1293196f34",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-e295804b3d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/"
},
{
"refsource": "MISC",
"name": "https://github.com/zmanda/amanda/pull/194",
@ -81,6 +106,11 @@
"refsource": "MISC",
"name": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3",
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
}
]
}

81
2022/46xxx/CVE-2022-46165.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. As a result the webUI may be subject to a stored cross site scripting attack. This issue has been addressed in version 1.23.5. Users are advised to upgrade. Users unable to upgrade should avoid sharing folders with untrusted users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "syncthing",
"product": {
"product_data": [
{
"product_name": "syncthing",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.23.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h",
"refsource": "MISC",
"name": "https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h"
},
{
"url": "https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238",
"refsource": "MISC",
"name": "https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238"
}
]
},
"source": {
"advisory": "GHSA-9rp6-23gf-4c3h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

66
2023/27xxx/CVE-2023-27126.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://tp-link.com",
"refsource": "MISC",
"name": "http://tp-link.com"
},
{
"url": "http://tapo.com",
"refsource": "MISC",
"name": "http://tapo.com"
},
{
"refsource": "MISC",
"name": "https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14",
"url": "https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14"
}
]
}

58
2023/31xxx/CVE-2023-31508.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-31508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31508",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mustgundogdu/Research/blob/main/PrestaShop/ReflectedXSS_1.7.7.4.md",
"refsource": "MISC",
"name": "https://github.com/mustgundogdu/Research/blob/main/PrestaShop/ReflectedXSS_1.7.7.4.md"
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2020-15178. Reason: This record is a duplicate of CVE-2020-15178. Notes: All CVE users should reference CVE-2020-15178 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
}

2
2023/32xxx/CVE-2023-32758.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package."
"value": "giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package."
}
]
},

56
2023/33xxx/CVE-2023-33613.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33613",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/axtls/mailman/message/37843071/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/axtls/mailman/message/37843071/"
}
]
}

76
2023/33xxx/CVE-2023-33747.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CloudPanel v2.2.2 allows attackers to execute a path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cwe.mitre.org/data/definitions/264.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"url": "https://cwe.mitre.org/data/definitions/35.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/35.html"
},
{
"url": "https://cwe.mitre.org/data/definitions/269.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"refsource": "MISC",
"name": "https://www.cloudpanel.io/docs/v2/changelog/",
"url": "https://www.cloudpanel.io/docs/v2/changelog/"
},
{
"refsource": "MISC",
"name": "https://github.com/EagleTube/CloudPanel",
"url": "https://github.com/EagleTube/CloudPanel"
}
]
}

90
2023/34xxx/CVE-2023-34104.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34104",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NaturalIntelligence",
"product": {
"product_data": [
{
"product_name": "fast-xml-parser",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw",
"refsource": "MISC",
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw"
},
{
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c",
"refsource": "MISC",
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c"
}
]
},
"source": {
"advisory": "GHSA-6w63-h3fj-q4vw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2023/34xxx/CVE-2023-34468.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}