admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-06 06:00:35 +00:00
parent e629b0dcc4
commit 05da0ae003
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 225 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/19xxx/CVE-2019-19726.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231003 CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so",
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/2"
},
{
"refsource": "FULLDISC",
"name": "20231005 CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so",
"url": "http://seclists.org/fulldisclosure/2023/Oct/11"
}
]
}

5
2020/6xxx/CVE-2020-6215.json
View File

@ -109,6 +109,11 @@
"url": "https://launchpad.support.sap.com/#/notes/2872782",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2872782"
},
{
"refsource": "FULLDISC",
"name": "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)",
"url": "http://seclists.org/fulldisclosure/2023/Oct/13"
}
]
}

113
2023/40xxx/CVE-2023-40556.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <=\u00a05.2 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Greg Ross",
"product": {
"product_data": [
{
"product_name": "Schedule Posts Calendar",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/schedule-posts-calendar/wordpress-schedule-posts-calendar-plugin-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/schedule-posts-calendar/wordpress-schedule-posts-calendar-plugin-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;5.3 or a higher version."
}
],
"value": "Update to\u00a05.3 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Xuan Chien (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

5
2023/42xxx/CVE-2023-42824.json
View File

@ -63,6 +63,11 @@
"url": "https://support.apple.com/kb/HT213961",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT213961"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/12",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/12"
}
]
}

5
2023/4xxx/CVE-2023-4911.json
View File

@ -327,6 +327,11 @@
"url": "https://www.qualys.com/cve-2023-4911/",
"refsource": "MISC",
"name": "https://www.qualys.com/cve-2023-4911/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/11",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/11"
}
]
},

5
2023/5xxx/CVE-2023-5217.json
View File

@ -290,6 +290,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/12",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/12"
}
]
}

95
2023/5xxx/CVE-2023-5312.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5312",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in DedeCMS 5.7.111. Affected is an unknown function of the file baidunews.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240948."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in DedeCMS 5.7.111 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei baidunews.php. Durch Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DedeCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.111"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.240948",
"refsource": "MISC",
"name": "https://vuldb.com/?id.240948"
},
{
"url": "https://vuldb.com/?ctiid.240948",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.240948"
},
{
"url": "https://github.com/zzq66/cve/blob/main/rce_poc.md",
"refsource": "MISC",
"name": "https://github.com/zzq66/cve/blob/main/rce_poc.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "zzq66 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}