admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-18 00:00:34 +00:00
parent d216c63833
commit 203213259d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 376 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2023/3xxx/CVE-2023-3907.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.0",
"version_value": "16.4.4"
},
{
"version_affected": "<",
"version_name": "16.5",
"version_value": "16.5.4"
},
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "16.6.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418878",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/418878"
},
{
"url": "https://hackerone.com/reports/2058934",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2058934"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 16.4.4, 16.5.4 or 16.6.2"
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
]
}

85
2023/50xxx/CVE-2023-50976.json Normal file
View File

@ -0,0 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-50976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/redpanda-data/redpanda/pull/14969",
"refsource": "MISC",
"name": "https://github.com/redpanda-data/redpanda/pull/14969"
},
{
"url": "https://github.com/redpanda-data/redpanda/pull/15060",
"refsource": "MISC",
"name": "https://github.com/redpanda-data/redpanda/pull/15060"
},
{
"url": "https://github.com/redpanda-data/redpanda/issues/15048",
"refsource": "MISC",
"name": "https://github.com/redpanda-data/redpanda/issues/15048"
},
{
"url": "https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21",
"refsource": "MISC",
"name": "https://github.com/redpanda-data/redpanda/compare/v23.1.20...v23.1.21"
},
{
"url": "https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18",
"refsource": "MISC",
"name": "https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

18
2023/50xxx/CVE-2023-50977.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

90
2023/6xxx/CVE-2023-6905.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Jahastech NxFilter 4.3.2.5 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei user,adap.jsp?actionFlag=test&id=1 der Komponente Bind Request Handler. Durch Manipulieren mit unbekannten Daten kann eine ldap injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-90 LDAP Injection",
"cweId": "CWE-90"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jahastech",
"product": {
"product_data": [
{
"product_name": "NxFilter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.3.2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.248267",
"refsource": "MISC",
"name": "https://vuldb.com/?id.248267"
},
{
"url": "https://vuldb.com/?ctiid.248267",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.248267"
}
]
},
"credits": [
{
"lang": "en",
"value": "0xgordo (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

95
2023/6xxx/CVE-2023-6906.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Totolink A7100RU 7.4cu.2313_B20191024 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion main der Datei /cgi-bin/cstecgi.cgi?action=login der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments flag mit der Eingabe ie8 mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Totolink",
"product": {
"product_data": [
{
"product_name": "A7100RU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4cu.2313_B20191024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.248268",
"refsource": "MISC",
"name": "https://vuldb.com/?id.248268"
},
{
"url": "https://vuldb.com/?ctiid.248268",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.248268"
},
{
"url": "https://github.com/unpWn4bL3/iot-security/blob/main/1.md",
"refsource": "MISC",
"name": "https://github.com/unpWn4bL3/iot-security/blob/main/1.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "unpWn4bl3 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "CRITICAL"
},
{
"version": "3.0",
"baseScore": 9.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "CRITICAL"
},
{
"version": "2.0",
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C"
}
]
}