admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-11 19:00:35 +00:00
parent 9138462a62
commit 0a3fae60e6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
33 changed files with 1112 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/19xxx/CVE-2020-19319.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hhhhu8045759/dir_619l-buffer-overflow",
"refsource": "MISC",
"name": "https://github.com/hhhhu8045759/dir_619l-buffer-overflow"
}
]
}

61
2020/19xxx/CVE-2020-19320.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/hhhhu8045759/dlink-619l-buffer_overflow",
"refsource": "MISC",
"name": "https://github.com/hhhhu8045759/dlink-619l-buffer_overflow"
}
]
}

61
2020/19xxx/CVE-2020-19323.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/hhhhu8045759/619L_upnpd_heapoverflow",
"refsource": "MISC",
"name": "https://github.com/hhhhu8045759/619L_upnpd_heapoverflow"
}
]
}

56
2020/19xxx/CVE-2020-19559.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9",
"refsource": "MISC",
"name": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9"
}
]
}

5
2022/31xxx/CVE-2022-31704.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
},

5
2022/31xxx/CVE-2022-31706.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
},

5
2022/31xxx/CVE-2022-31711.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
},

61
2023/31xxx/CVE-2023-31067.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\Clients\\www."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html",
"url": "http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/51679",
"url": "https://www.exploit-db.com/exploits/51679"
}
]
}

61
2023/31xxx/CVE-2023-31068.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\UserDesktop\\themes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html",
"url": "http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/51680",
"url": "https://www.exploit-db.com/exploits/51680"
}
]
}

61
2023/31xxx/CVE-2023-31069.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174271/TSPlus-16.0.0.0-Insecure-Credential-Storage.html",
"url": "http://packetstormsecurity.com/files/174271/TSPlus-16.0.0.0-Insecure-Credential-Storage.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/51681",
"url": "https://www.exploit-db.com/exploits/51681"
}
]
}

5
2023/31xxx/CVE-2023-31248.json
View File

@ -93,6 +93,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
]
},

61
2023/31xxx/CVE-2023-31468.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The \"%PROGRAMFILES(X86)%\\INOSOFT GmbH\" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/51682",
"url": "https://www.exploit-db.com/exploits/51682"
}
]
}

5
2023/32xxx/CVE-2023-32629.json
View File

@ -95,6 +95,11 @@
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629",
"refsource": "MISC",
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
]
},

5
2023/32xxx/CVE-2023-32707.json
View File

@ -86,6 +86,11 @@
"url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/"
},
{
"url": "http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html"
}
]
},

5
2023/35xxx/CVE-2023-35001.json
View File

@ -98,6 +98,11 @@
"url": "https://security.netapp.com/advisory/ntap-20230824-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230824-0007/"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
]
},

2
2023/35xxx/CVE-2023-35785.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below and Support Center Plus 14300 and below are vulnerable to the authentication bypass vulnerability via a few authenticators."
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
}
]
},

5
2023/35xxx/CVE-2023-35788.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-5480",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
]
}

56
2023/38xxx/CVE-2023-38743.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-38743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html",
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html"
}
]
}

56
2023/38xxx/CVE-2023-38829.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38829",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-38829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E",
"url": "https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E"
}
]
}

56
2023/39xxx/CVE-2023-39063.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/AndreGNogueira/CVE-2023-39063",
"url": "https://github.com/AndreGNogueira/CVE-2023-39063"
}
]
}

56
2023/39xxx/CVE-2023-39068.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3",
"refsource": "MISC",
"name": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3"
}
]
}

56
2023/39xxx/CVE-2023-39070.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/"
}
]
}

81
2023/39xxx/CVE-2023-39780.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md",
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md"
},
{
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.md",
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.md"
},
{
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.md",
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.md"
},
{
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.md",
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.md"
},
{
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.md",
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.md"
},
{
"refsource": "MISC",
"name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.md",
"url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.md"
}
]
}

5
2023/3xxx/CVE-2023-3090.json
View File

@ -84,6 +84,11 @@
"url": "https://www.debian.org/security/2023/dsa-5480",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
]
},

5
2023/3xxx/CVE-2023-3389.json
View File

@ -99,6 +99,11 @@
"url": "https://www.debian.org/security/2023/dsa-5480",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
]
},

5
2023/3xxx/CVE-2023-3390.json
View File

@ -84,6 +84,11 @@
"url": "https://security.netapp.com/advisory/ntap-20230818-0004/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230818-0004/"
},
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
}
]
},

86
2023/40xxx/CVE-2023-40032.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "libvips",
"product": {
"product_data": [
{
"product_name": "libvips",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 8.14.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584",
"refsource": "MISC",
"name": "https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584"
},
{
"url": "https://github.com/libvips/libvips/pull/3604",
"refsource": "MISC",
"name": "https://github.com/libvips/libvips/pull/3604"
},
{
"url": "https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b",
"refsource": "MISC",
"name": "https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b"
}
]
},
"source": {
"advisory": "GHSA-33qp-9pq7-9584",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

15
2023/41xxx/CVE-2023-41064.json
View File

@ -95,6 +95,21 @@
"url": "http://seclists.org/fulldisclosure/2023/Sep/4",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Sep/4"
},
{
"url": "https://support.apple.com/kb/HT213915",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT213915"
},
{
"url": "https://support.apple.com/kb/HT213914",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT213914"
},
{
"url": "https://support.apple.com/kb/HT213913",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT213913"
}
]
}

61
2023/41xxx/CVE-2023-41103.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-41103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.interactsoftware.com/",
"refsource": "MISC",
"name": "https://www.interactsoftware.com/"
},
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-41103",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-41103"
}
]
}

125
2023/41xxx/CVE-2023-41256.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dover Fueling Solutions",
"product": {
"product_data": [
{
"product_name": "MAGLINK LX Web Console Configuration",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.5.1"
},
{
"version_affected": "=",
"version_value": "2.5.2"
},
{
"version_affected": "=",
"version_value": "2.5.3"
},
{
"version_affected": "=",
"version_value": "2.6.1"
},
{
"version_affected": "=",
"version_value": "2.11"
},
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.2"
},
{
"version_affected": "=",
"version_value": "3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.</span>\n\n<br>"
}
],
"value": "\nIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

5
2023/4xxx/CVE-2023-4597.json
View File

@ -68,6 +68,11 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail="
},
{
"url": "http://packetstormsecurity.com/files/174604/WordPress-Slimstat-Analytics-5.0.9-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174604/WordPress-Slimstat-Analytics-5.0.9-Cross-Site-Scripting-SQL-Injection.html"
}
]
},

5
2023/4xxx/CVE-2023-4807.json
View File

@ -93,6 +93,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/08/3"
},
{
"url": "http://packetstormsecurity.com/files/174593/OpenSSL-Security-Advisory-20230908.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174593/OpenSSL-Security-Advisory-20230908.html"
}
]
},

18
2023/4xxx/CVE-2023-4896.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4896",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}