admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-18 22:00:41 +00:00
parent 05fa3cfdb9
commit 07a3690162
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 542 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2023/1xxx/CVE-2023-1195.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1195",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "prior to kernel 6.1 rc3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/153695d36ead0ccc4d0256953c751cabf673e621",
"url": "https://github.com/torvalds/linux/commit/153695d36ead0ccc4d0256953c751cabf673e621"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request."
}
]
}

59
2023/23xxx/CVE-2023-23556.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "a6dcafe6ded8e61658b40f5699878cd19a481f80"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-23556",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-23556"
},
{
"url": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80",
"refsource": "MISC",
"name": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80"
}
]
}

59
2023/23xxx/CVE-2023-23557.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "a00d237346894c6067a594983be6634f4168c9ad"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-23557",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-23557"
},
{
"url": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad",
"refsource": "MISC",
"name": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad"
}
]
}

59
2023/23xxx/CVE-2023-23759.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617: Reachable Assertion"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "fizz",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v0.0.0.0",
"version_value": "v2023.01.30.00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-23759",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-23759"
},
{
"url": "https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265",
"refsource": "MISC",
"name": "https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265"
}
]
}

59
2023/24xxx/CVE-2023-24832.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5cae9f72975cf0e5a62b27fdd8b01f103e198708"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-24832",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-24832"
},
{
"url": "https://github.com/facebook/hermes/commit/5cae9f72975cf0e5a62b27fdd8b01f103e198708",
"refsource": "MISC",
"name": "https://github.com/facebook/hermes/commit/5cae9f72975cf0e5a62b27fdd8b01f103e198708"
}
]
}

59
2023/24xxx/CVE-2023-24833.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM\u2019s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "a6dcafe6ded8e61658b40f5699878cd19a481f80"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-24833",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-24833"
},
{
"url": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80",
"refsource": "MISC",
"name": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80"
}
]
}

59
2023/25xxx/CVE-2023-25933.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "e6ed9c1a4b02dc219de1648f44cd808a56171b81"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-25933",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-25933"
},
{
"url": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"refsource": "MISC",
"name": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81"
}
]
}

59
2023/28xxx/CVE-2023-28081.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28081",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "e6ed9c1a4b02dc219de1648f44cd808a56171b81"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-28081",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-28081"
},
{
"url": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"refsource": "MISC",
"name": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81"
}
]
}

59
2023/28xxx/CVE-2023-28753.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "netconsd",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0",
"version_value": "0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-28753",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-28753"
},
{
"url": "https://github.com/facebook/netconsd/commit/9fc54edf54f7caea1189c2b979337ed37af2c60e",
"refsource": "MISC",
"name": "https://github.com/facebook/netconsd/commit/9fc54edf54f7caea1189c2b979337ed37af2c60e"
}
]
}

59
2023/30xxx/CVE-2023-30470.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30470",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "Hermes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "da8990f737ebb9d9810633502f65ed462b819c09"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.facebook.com/security/advisories/cve-2023-30470",
"refsource": "MISC",
"name": "https://www.facebook.com/security/advisories/cve-2023-30470"
},
{
"url": "https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09",
"refsource": "MISC",
"name": "https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09"
}
]
}