admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-28 16:00:35 +00:00
parent 013cfc80c3
commit 20cfa7dc26
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 504 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/10xxx/CVE-2016-10108.json
View File

@ -61,6 +61,11 @@
"name": "95200", "name": "95200",
"refsource": "BID", "refsource": "BID",
"url": "http://www.securityfocus.com/bid/95200" "url": "http://www.securityfocus.com/bid/95200"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
} }
] ]
} }

5
2018/17xxx/CVE-2018-17153.json
View File

@ -66,6 +66,11 @@
"name": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952", "name": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952",
"refsource": "MISC", "refsource": "MISC",
"url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952" "url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html"
} }
] ]
} }

85
2023/37xxx/CVE-2023-37904.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-37904", "ID": "CVE-2023-37904",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta7"
},
{
"version_affected": "=",
"version_value": "< 3.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg"
},
{
"url": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b"
}
]
},
"source": {
"advisory": "GHSA-6wj5-4ph2-c7qg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

85
2023/37xxx/CVE-2023-37906.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-37906", "ID": "CVE-2023-37906",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta7"
},
{
"version_affected": "=",
"version_value": "< 3.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c"
},
{
"url": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a"
}
]
},
"source": {
"advisory": "GHSA-pjv6-47x6-mx7c",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

94
2023/38xxx/CVE-2023-38498.json
View File

@ -1,17 +1,103 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-38498", "ID": "CVE-2023-38498",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta7"
},
{
"version_affected": "=",
"version_value": "< 3.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j"
},
{
"url": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182"
}
]
},
"source": {
"advisory": "GHSA-wv29-rm3f-4g2j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

85
2023/38xxx/CVE-2023-38684.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-38684", "ID": "CVE-2023-38684",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta7"
},
{
"version_affected": "=",
"version_value": "< 3.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf"
},
{
"url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70"
}
]
},
"source": {
"advisory": "GHSA-ff7g-xv79-hgmf",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

85
2023/38xxx/CVE-2023-38685.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-38685", "ID": "CVE-2023-38685",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta1, < 3.1.0.beta7"
},
{
"version_affected": "=",
"version_value": "< 3.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5"
},
{
"url": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b"
}
]
},
"source": {
"advisory": "GHSA-wx6x-q4gp-mgv5",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

84
2023/3xxx/CVE-2023-3488.json
View File

@ -1,17 +1,93 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-3488", "ID": "CVE-2023-3488",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "product-security@silabs.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908 Use of Uninitialized Resource",
"cweId": "CWE-908"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "silabs.com",
"product": {
"product_data": [
{
"product_name": "Gecko Bootloader",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases",
"refsource": "MISC",
"name": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1",
"refsource": "MISC",
"name": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }