admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-21 00:00:35 +00:00
parent 467e625e1f
commit 205eccda8c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 250 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/39xxx/CVE-2023-39999.json
View File

@ -358,6 +358,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html"
}
]
},

86
2023/48xxx/CVE-2023-48310.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Version 2.1.1 contains a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NC3-LU",
"product": {
"product_data": [
{
"product_name": "TestingPlatform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6",
"refsource": "MISC",
"name": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6"
},
{
"url": "https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7",
"refsource": "MISC",
"name": "https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7"
},
{
"url": "https://github.com/NC3-LU/TestingPlatform/releases/tag/v2.1.1",
"refsource": "MISC",
"name": "https://github.com/NC3-LU/TestingPlatform/releases/tag/v2.1.1"
}
]
},
"source": {
"advisory": "GHSA-9fhc-f3mr-w6h6",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

5
2023/5xxx/CVE-2023-5561.json
View File

@ -138,6 +138,11 @@
"url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/",
"refsource": "MISC",
"name": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html"
}
]
},

83
2023/6xxx/CVE-2023-6142.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dev Blog",
"product": {
"product_data": [
{
"product_name": "Dev Blog",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fluidattacks.com/advisories/bunny/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/bunny/"
},
{
"url": "https://github.com/Armanidrisi/devblog/",
"refsource": "MISC",
"name": "https://github.com/Armanidrisi/devblog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}

83
2023/6xxx/CVE-2023-6144.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dev blog v1.0 allows to exploit an account takeover through the \"user\" cookie. With this, an attacker can access any user's session just by knowing their username.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dev Blog",
"product": {
"product_data": [
{
"product_name": "Dev Blog",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fluidattacks.com/advisories/almighty/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/almighty/"
},
{
"url": "https://github.com/Armanidrisi/devblog/",
"refsource": "MISC",
"name": "https://github.com/Armanidrisi/devblog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}