admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-19 15:00:33 +00:00
parent add0068ade
commit 0b75e53ae0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 420 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2022/40xxx/CVE-2022-40896.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40896",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pypi.org/project/Pygments/",
"refsource": "MISC",
"name": "https://pypi.org/project/Pygments/"
},
{
"url": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61",
"refsource": "MISC",
"name": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61"
},
{
"refsource": "MISC",
"name": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/",
"url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/"
}
]
}

18
2022/4xxx/CVE-2022-4953.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2023/27xxx/CVE-2023-27379.json
View File

@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1756",
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1756"
}
]
},

5
2023/28xxx/CVE-2023-28744.json
View File

@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1739",
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1739"
}
]
},

5
2023/28xxx/CVE-2023-28754.json
View File

@ -59,6 +59,11 @@
"url": "https://lists.apache.org/thread/p8onhqox5kkwow9lc6gs03z28wtyp1cg",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/p8onhqox5kkwow9lc6gs03z28wtyp1cg"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/19/3"
}
]
},

5
2023/2xxx/CVE-2023-2975.json
View File

@ -78,6 +78,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/15/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/15/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/19/5"
}
]
},

84
2023/30xxx/CVE-2023-30799.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30799",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MikroTik",
"product": {
"product_data": [
{
"product_name": "RouterOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "6.49.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vulncheck.com/advisories/mikrotik-foisted",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"url": "https://github.com/MarginResearch/FOISted",
"refsource": "MISC",
"name": "https://github.com/MarginResearch/FOISted"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2023/32xxx/CVE-2023-32664.json
View File

@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1795",
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1795"
}
]
},

5
2023/33xxx/CVE-2023-33866.json
View File

@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1757",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1757"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1757",
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1757"
}
]
},

5
2023/33xxx/CVE-2023-33876.json
View File

@ -58,6 +58,11 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1796",
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1796"
}
]
},

98
2023/34xxx/CVE-2023-34034.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Using \"**\" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "potential for a security bypass"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Spring Security 6.1.0",
"version_value": "6.1.1"
},
{
"version_affected": "<=",
"version_name": "Spring Security 6.0.0 ",
"version_value": "6.0.4"
},
{
"version_affected": "<=",
"version_name": "Spring Security 5.8.0",
"version_value": "5.8.4"
},
{
"version_affected": "<=",
"version_name": "Spring Security 5.7.0 ",
"version_value": "5.7.9 "
},
{
"version_affected": "<=",
"version_name": "Spring Security 5.6.0",
"version_value": "5.6.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://spring.io/security/cve-2023-34034",
"refsource": "MISC",
"name": "https://spring.io/security/cve-2023-34034"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

10
2023/3xxx/CVE-2023-3446.json
View File

@ -93,6 +93,16 @@
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/19/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/19/5"
}
]
},

91
2023/3xxx/CVE-2023-3638.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GeoVision ",
"product": {
"product_data": [
{
"product_name": "GV-ADR2701",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.00_2017_12_15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n<br>"
}
],
"value": "GeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/3xxx/CVE-2023-3774.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/3xxx/CVE-2023-3775.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}