admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-17 22:00:33 +00:00
parent d83795ca77
commit 0a5281a1d4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 216 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/20xxx/CVE-2023-20217.json
View File

@ -57,6 +57,11 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-va-priv-esc-PUdgrx8E",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-va-priv-esc-PUdgrx8E"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/19",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Aug/19"
}
]
},

5
2023/20xxx/CVE-2023-20224.json
View File

@ -65,6 +65,11 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/20",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Aug/20"
}
]
},

5
2023/22xxx/CVE-2023-22809.json
View File

@ -106,6 +106,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html"
},
{
"refsource": "FULLDISC",
"name": "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit",
"url": "http://seclists.org/fulldisclosure/2023/Aug/21"
}
]
}

5
2023/26xxx/CVE-2023-26756.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html",
"url": "https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html"
},
{
"refsource": "MISC",
"name": "https://www.esecforte.com/login-page-brute-force-attack/",
"url": "https://www.esecforte.com/login-page-brute-force-attack/"
}
]
}

113
2023/28xxx/CVE-2023-28690.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <=\u00a04.5 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Marco Steinbrecher",
"product": {
"product_data": [
{
"product_name": "WP BrowserUpdate",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-browser-update/wordpress-wp-browserupdate-plugin-4-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-browser-update/wordpress-wp-browserupdate-plugin-4-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;4.6 or a higher version."
}
],
"value": "Update to\u00a04.6 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "qilin_99 (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

91
2023/40xxx/CVE-2023-40171.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Netflix",
"product": {
"product_data": [
{
"product_name": "dispatch",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 20230817"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Netflix/dispatch/security/advisories/GHSA-fv3x-67q3-6pg7",
"refsource": "MISC",
"name": "https://github.com/Netflix/dispatch/security/advisories/GHSA-fv3x-67q3-6pg7"
},
{
"url": "https://github.com/Netflix/dispatch/pull/3695",
"refsource": "MISC",
"name": "https://github.com/Netflix/dispatch/pull/3695"
},
{
"url": "https://github.com/Netflix/dispatch/commit/b1942a4319f0de820d86b84a58ebc85398b97c70",
"refsource": "MISC",
"name": "https://github.com/Netflix/dispatch/commit/b1942a4319f0de820d86b84a58ebc85398b97c70"
},
{
"url": "https://github.com/Netflix/dispatch/releases/tag/latest",
"refsource": "MISC",
"name": "https://github.com/Netflix/dispatch/releases/tag/latest"
}
]
},
"source": {
"advisory": "GHSA-fv3x-67q3-6pg7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}