admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-24 15:00:34 +00:00
parent b855aa4e0d
commit 046799031c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 468 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
2022/43xxx/CVE-2022-43923.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Maximo Application Suite",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.8.0, 8.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6957654",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/6957654"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241584",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241584"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

77
2022/4xxx/CVE-2022-4203.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4203",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "openssl-security@openssl.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read buffer overrun "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenSSL",
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.openssl.org/news/secadv/20230207.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Corey Bonnell from Digicert"
},
{
"lang": "en",
"value": "Viktor Dukhovni"
}
]
}

24
2022/4xxx/CVE-2022-4450.json
View File

@ -39,12 +39,14 @@
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.8"
},
{
"version_value": "1.1.1",
"version_affected": "="
"version_affected": "<",
"version_name": "1.1.1",
"version_value": "1.1.1t"
}
]
}
@ -61,6 +63,16 @@
"url": "https://www.openssl.org/news/secadv/20230207.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"
}
]
},
@ -79,6 +91,10 @@
"lang": "en",
"value": "Dawei Wang"
},
{
"lang": "en",
"value": "Marc Sch\u00f6nefeld"
},
{
"lang": "en",
"value": "Kurt Roeckx"

30
2023/0xxx/CVE-2023-0215.json
View File

@ -39,16 +39,19 @@
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.8"
},
{
"version_value": "1.1.1",
"version_affected": "="
"version_affected": "<",
"version_name": "1.1.1",
"version_value": "1.1.1t"
},
{
"version_value": "1.0.2",
"version_affected": "="
"version_affected": "<",
"version_name": "1.0.2",
"version_value": "1.0.2zg"
}
]
}
@ -65,6 +68,21 @@
"url": "https://www.openssl.org/news/secadv/20230207.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"
}
]
},

10
2023/0xxx/CVE-2023-0216.json
View File

@ -39,8 +39,9 @@
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.8"
}
]
}
@ -57,6 +58,11 @@
"url": "https://www.openssl.org/news/secadv/20230207.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6"
}
]
},

10
2023/0xxx/CVE-2023-0217.json
View File

@ -39,8 +39,9 @@
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.8"
}
]
}
@ -57,6 +58,11 @@
"url": "https://www.openssl.org/news/secadv/20230207.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"
}
]
},

30
2023/0xxx/CVE-2023-0286.json
View File

@ -39,16 +39,19 @@
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.8"
},
{
"version_value": "1.1.1",
"version_affected": "="
"version_affected": "<",
"version_name": "1.1.1",
"version_value": "1.1.1t"
},
{
"version_value": "1.0.2",
"version_affected": "="
"version_affected": "<",
"version_name": "1.0.2",
"version_value": "1.0.2zg"
}
]
}
@ -65,6 +68,21 @@
"url": "https://www.openssl.org/news/secadv/20230207.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
}
]
},

10
2023/0xxx/CVE-2023-0401.json
View File

@ -39,8 +39,9 @@
"version": {
"version_data": [
{
"version_value": "3.0.0",
"version_affected": "="
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.8"
}
]
}
@ -57,6 +58,11 @@
"url": "https://www.openssl.org/news/secadv/20230207.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674"
}
]
},

99
2023/0xxx/CVE-2023-0585.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "smub",
"product": {
"product_data": [
{
"product_name": "All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve SEO Rankings & Increase Traffic",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.2.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L624",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L624"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L625",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L625"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L665",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L665"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L666",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Main/Updates.php?v=2829340#L666"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
},
{
"lang": "en",
"value": "Ivan Kuzymchak"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
}
]
}

80
2023/0xxx/CVE-2023-0586.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "smub",
"product": {
"product_data": [
{
"product_name": "All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve SEO Rankings & Increase Traffic",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.2.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail="
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c13f00e-3048-44cf-8979-2b0b0c508f3a",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c13f00e-3048-44cf-8979-2b0b0c508f3a"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Admin/PostSettings.php?v=2829340#L202",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.2.9/app/Common/Admin/PostSettings.php?v=2829340#L202"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ivan Kuzymchak"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2023/1xxx/CVE-2023-1014.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/1xxx/CVE-2023-1015.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/1xxx/CVE-2023-1016.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}