admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-21 21:00:35 +00:00
parent 2dcc43e124
commit 0e45d65a25
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 498 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
2023/48xxx/CVE-2023-48228.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "authentik is an open-source identity provider. When initialising a oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to versions 2023.10.4 and 2023.8.5, authentik checks if the contents of `code_verifier` is matching only when it is provided. When it is left out completely, authentik simply accepts the token request with out it; even when the flow was started with a `code_challenge`. authentik 2023.8.5 and 2023.10.4 fix this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "goauthentik",
"product": {
"product_data": [
{
"product_name": "authentik",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2023.10.4"
},
{
"version_affected": "=",
"version_value": "< 2023.8.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-fm34-v8xq-f2c3",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-fm34-v8xq-f2c3"
},
{
"url": "https://github.com/goauthentik/authentik/pull/7666",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/pull/7666"
},
{
"url": "https://github.com/goauthentik/authentik/pull/7668",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/pull/7668"
},
{
"url": "https://github.com/goauthentik/authentik/pull/7669",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/pull/7669"
},
{
"url": "https://github.com/goauthentik/authentik/commit/3af77ab3821fe9c7df8055ba5eade3d1ecea03a6",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/commit/3af77ab3821fe9c7df8055ba5eade3d1ecea03a6"
},
{
"url": "https://github.com/goauthentik/authentik/commit/6b9afed21f7c39f171a4a445654cfe415bba37d5",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/commit/6b9afed21f7c39f171a4a445654cfe415bba37d5"
},
{
"url": "https://github.com/goauthentik/authentik/commit/b88e39411c12e3f9e04125a7887f12354f760a14",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/commit/b88e39411c12e3f9e04125a7887f12354f760a14"
},
{
"url": "https://github.com/goauthentik/authentik/blob/dd4e9030b4e667d3720be2feda24c08972602274/authentik/providers/oauth2/views/token.py#L225",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/blob/dd4e9030b4e667d3720be2feda24c08972602274/authentik/providers/oauth2/views/token.py#L225"
},
{
"url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.4",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.4"
},
{
"url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.5",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.5"
}
]
},
"source": {
"advisory": "GHSA-fm34-v8xq-f2c3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

86
2023/48xxx/CVE-2023-48230.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. Most Cap'n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. Maintainers suspect only the Cloudflare Workers Runtime is affected.\n\nIf KJ HTTP is used with WebSocket compression enabled, a malicious peer may be able to cause a buffer underrun on a heap-allocated buffer. KJ HTTP is an optional library bundled with Cap'n Proto, but is not directly used by Cap'n Proto. WebSocket compression is disabled by default. It must be enabled via a setting passed to the KJ HTTP library via `HttpClientSettings` or `HttpServerSettings`. The bytes written out-of-bounds are always a specific constant 4-byte string `{ 0x00, 0x00, 0xFF, 0xFF }`. Because this string is not controlled by the attacker, maintainers believe it is unlikely that remote code execution is possible. However, it cannot be ruled out. This functionality first appeared in Cap'n Proto 1.0. Previous versions are not affected.\n\nThis issue is fixed in Cap'n Proto 1.0.1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-124: Buffer Underwrite ('Buffer Underflow')",
"cweId": "CWE-124"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "capnproto",
"product": {
"product_data": [
{
"product_name": "capnproto",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.0, < 1.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3",
"refsource": "MISC",
"name": "https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3"
},
{
"url": "https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59",
"refsource": "MISC",
"name": "https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59"
},
{
"url": "https://github.com/capnproto/capnproto/commit/e7f22da9c01286a2b0e1e5fbdf3ec9ab3aa128ff",
"refsource": "MISC",
"name": "https://github.com/capnproto/capnproto/commit/e7f22da9c01286a2b0e1e5fbdf3ec9ab3aa128ff"
}
]
},
"source": {
"advisory": "GHSA-r89h-f468-62w3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

91
2023/48xxx/CVE-2023-48299.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pytorch",
"product": {
"product_data": [
{
"product_name": "serve",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.1.0, < 0.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp",
"refsource": "MISC",
"name": "https://github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp"
},
{
"url": "https://github.com/pytorch/serve/pull/2634",
"refsource": "MISC",
"name": "https://github.com/pytorch/serve/pull/2634"
},
{
"url": "https://github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb",
"refsource": "MISC",
"name": "https://github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb"
},
{
"url": "https://github.com/pytorch/serve/releases/tag/v0.9.0",
"refsource": "MISC",
"name": "https://github.com/pytorch/serve/releases/tag/v0.9.0"
}
]
},
"source": {
"advisory": "GHSA-m2mj-pr4f-h9jp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

18
2023/49xxx/CVE-2023-49102.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-49102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

176
2023/6xxx/CVE-2023-6238.json
View File

@ -1,17 +1,185 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6238",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-6238"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250834",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2250834"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/6xxx/CVE-2023-6247.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}