admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-25 18:00:37 +00:00
parent 0c20d3514b
commit 27a58326af
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 430 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2023/23xxx/CVE-2023-23837.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-04-25T11:19:00.000Z",
"ID": "CVE-2023-23837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database Performance Analyzer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<=",
"version_name": "2023.2",
"version_value": "2023.2"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "No exception handling vulnerability which revealed sensitive or excessive information to users."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837",
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837"
}
]
},
"solution": [
{
"lang": "eng",
"value": "SolarWinds recommends upgrading to the latest version of DPA as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2023/23xxx/CVE-2023-23838.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-04-25T11:19:00.000Z",
"ID": "CVE-2023-23838",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Database Performance Analyzer",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<=",
"version_name": "2023.2",
"version_value": "2023.2"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838",
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838"
}
]
},
"solution": [
{
"lang": "eng",
"value": "SolarWinds recommends upgrading to the latest version of DPA as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

5
2023/27xxx/CVE-2023-27350.json
View File

@ -62,6 +62,11 @@
"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219",
"refsource": "MISC",
"name": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html"
}
]
},

94
2023/29xxx/CVE-2023-29200.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "contao",
"product": {
"product_data": [
{
"product_name": "contao",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 4.9.40"
},
{
"version_affected": "=",
"version_value": ">= 4.10.0, < 4.13.21"
},
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3",
"refsource": "MISC",
"name": "https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3"
},
{
"url": "https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df",
"refsource": "MISC",
"name": "https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df"
},
{
"url": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager",
"refsource": "MISC",
"name": "https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager"
}
]
},
"source": {
"advisory": "GHSA-fp7q-xhhw-6rj3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

5
2023/29xxx/CVE-2023-29552.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html",
"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks",
"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks"
}
]
},

56
2023/30xxx/CVE-2023-30177.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-30177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e"
}
]
}

90
2023/30xxx/CVE-2023-30545.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PrestaShop",
"product": {
"product_data": [
{
"product_name": "PrestaShop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.7.8.9"
},
{
"version_affected": "=",
"version_value": ">= 8.0.0, < 8.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8r4m-5p6p-52rp"
},
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/PrestaShop/commit/cddac4198a47c602878a787280d813f60c6c0630"
},
{
"url": "https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/PrestaShop/commit/d900806e1841a31f26ff0a1843a6888fc1bb7f81"
}
]
},
"source": {
"advisory": "GHSA-8r4m-5p6p-52rp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

18
2023/31xxx/CVE-2023-31222.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}