admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-28 20:00:33 +00:00
parent 56509c6235
commit 2541445f7b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 235 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
2023/30xxx/CVE-2023-30588.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Node.js",
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.20.1",
"version_value": "16.20.1"
},
{
"version_affected": "<",
"version_name": "18.16.1",
"version_value": "18.16.1"
},
{
"version_affected": "<",
"version_name": "20.3.1",
"version_value": "20.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
}
]
}

64
2023/30xxx/CVE-2023-30590.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: \"Generates private and public Diffie-Hellman key values\".\n\nThe documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Node.js",
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.20.1",
"version_value": "16.20.1"
},
{
"version_affected": "<",
"version_name": "18.16.1",
"version_value": "18.16.1"
},
{
"version_affected": "<",
"version_name": "20.3.1",
"version_value": "20.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases"
}
]
}

68
2023/35xxx/CVE-2023-35078.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nIvanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available."
"value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
"value": "n/a"
}
]
}
@ -36,13 +35,34 @@
"product": {
"product_data": [
{
"product_name": "Endpoint Manager Mobile (EPMM)",
"product_name": "Endpoint Manager Mobile",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "11.10"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "11.10",
"status": "unaffected",
"lessThanOrEqual": "11.10",
"versionType": "semver"
},
{
"version": "11.9",
"status": "unaffected",
"lessThanOrEqual": "11.9",
"versionType": "semver"
},
{
"version": "11.8",
"status": "unaffected",
"lessThanOrEqual": "11.8",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -55,49 +75,35 @@
},
"references": {
"reference_data": [
{
"url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability",
"refsource": "MISC",
"name": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
},
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability",
"refsource": "MISC",
"name": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
},
{
"url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078",
"refsource": "MISC",
"name": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
},
{
"url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078",
"url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability",
"refsource": "MISC",
"name": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
"name": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
}
]
},
"generator": {
"engine": "SecretariatVulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
"baseSeverity": "CRITICAL"
}
]
}

66
2023/45xxx/CVE-2023-45539.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html",
"refsource": "MISC",
"name": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html"
},
{
"refsource": "MISC",
"name": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=2eab6d354322932cfec2ed54de261e4347eca9a6",
"url": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=2eab6d354322932cfec2ed54de261e4347eca9a6"
},
{
"refsource": "MISC",
"name": "https://www.mail-archive.com/haproxy@formilux.org/msg43861.html",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg43861.html"
}
]
}

18
2023/6xxx/CVE-2023-6373.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}