admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-27 22:00:32 +00:00
parent ba8fadcabd
commit 160c2aeae6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 247 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2023/32xxx/CVE-2023-32062.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "oroinc",
"product": {
"product_data": [
{
"product_name": "crm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.2.0, <= 4.2.6"
},
{
"version_affected": "=",
"version_value": ">= 5.0.0, <= 5.0.6"
},
{
"version_affected": "=",
"version_value": ">= 5.1.0, < 5.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g",
"refsource": "MISC",
"name": "https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g"
},
{
"url": "https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b",
"refsource": "MISC",
"name": "https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b"
},
{
"url": "https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531",
"refsource": "MISC",
"name": "https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531"
}
]
},
"source": {
"advisory": "GHSA-x2xm-p6vq-482g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

56
2023/42xxx/CVE-2023-42363.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42363",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-42363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.busybox.net/show_bug.cgi?id=15865",
"url": "https://bugs.busybox.net/show_bug.cgi?id=15865"
}
]
}

8
2023/5xxx/CVE-2023-5773.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-6136. Reason: This record is a reservation duplicate of CVE-20nn-nnnn. Notes: All CVE users should reference CVE-2023-6136 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
}

107
2023/5xxx/CVE-2023-5885.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-35 Path Traversal",
"cweId": "CWE-35"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Franklin Electric Fueling Systems",
"product": {
"product_data": [
{
"product_name": "Colibri",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02"
},
{
"url": "https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/",
"refsource": "MISC",
"name": "https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/"
},
{
"url": "https://www.franklinfueling.com/en/contact-us/",
"refsource": "MISC",
"name": "https://www.franklinfueling.com/en/contact-us/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Franklin Electric Fueling Systems determined that the vulnerability only affects the Colibri product which has not been sold since 2020 and does not affect the current EVO product lines. They created a firmware update for Colibri to address the issue. Users can download the update at from the Franklin Electric website. Franklin Electric is working with distributors to make sure all known users are aware that the update is available for installation.<br>For further information, please contact Franklin Electric Fueling Systems.<br>"
}
],
"value": "Franklin Electric Fueling Systems determined that the vulnerability only affects the Colibri product which has not been sold since 2020 and does not affect the current EVO product lines. They created a firmware update for Colibri to address the issue. Users can download the update at from the Franklin Electric website. Franklin Electric is working with distributors to make sure all known users are aware that the update is available for installation.\nFor further information, please contact Franklin Electric Fueling Systems.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Momen Eldawakhly Samurai Digital Security Ltd. reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}