admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-01 17:00:37 +00:00
parent bdd3a89f77
commit 32f8c34d56
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
31 changed files with 1688 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/8xxx/CVE-2018-8065.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS",
"refsource": "MISC",
"url": "https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172676/Flexense-HTTP-Server-10.6.24-Buffer-Overflow-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/172676/Flexense-HTTP-Server-10.6.24-Buffer-Overflow-Denial-Of-Service.html"
}
]
}

5
2023/0xxx/CVE-2023-0455.json
View File

@ -79,6 +79,11 @@
"name": "https://github.com/unilogies/bumsys/commit/a5beff7868ab63bf4ec752a1102f8da033c66b28",
"refsource": "MISC",
"url": "https://github.com/unilogies/bumsys/commit/a5beff7868ab63bf4ec752a1102f8da033c66b28"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172674/Bumsys-Business-Management-System-1.0.3-beta-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/172674/Bumsys-Business-Management-System-1.0.3-beta-Shell-Upload.html"
}
]
},

9
2023/0xxx/CVE-2023-0527.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -72,6 +72,11 @@
"url": "https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md",
"refsource": "MISC",
"name": "https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md"
},
{
"url": "http://packetstormsecurity.com/files/172667/Online-Security-Guards-Hiring-System-1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172667/Online-Security-Guards-Hiring-System-1.0-Cross-Site-Scripting.html"
}
]
},

85
2023/32xxx/CVE-2023-32324.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenPrinting",
"product": {
"product_data": [
{
"product_name": "cups",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 2.4.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
"refsource": "MISC",
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7"
}
]
},
"source": {
"advisory": "GHSA-cxc6-w2g7-69p7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

86
2023/32xxx/CVE-2023-32690.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder's unvalidated CTExponent.\n\nA patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder's CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DMTF",
"product": {
"product_data": [
{
"product_name": "libspdm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/DMTF/libspdm/security/advisories/GHSA-56h8-4gv5-jf2c",
"refsource": "MISC",
"name": "https://github.com/DMTF/libspdm/security/advisories/GHSA-56h8-4gv5-jf2c"
},
{
"url": "https://github.com/DMTF/libspdm/issues/2068",
"refsource": "MISC",
"name": "https://github.com/DMTF/libspdm/issues/2068"
},
{
"url": "https://github.com/DMTF/libspdm/pull/2069",
"refsource": "MISC",
"name": "https://github.com/DMTF/libspdm/pull/2069"
}
]
},
"source": {
"advisory": "GHSA-56h8-4gv5-jf2c",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

96
2023/32xxx/CVE-2023-32706.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0.2303 and below",
"version_value": "9.0.2303.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0601",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0601"
}
]
},
"source": {
"advisory": "SVD-2023-0601"
},
"credits": [
{
"lang": "en",
"value": "Vikram Ashtaputre, Splunk"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
]
}

101
2023/32xxx/CVE-2023-32707.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2303.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0602",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0602"
},
{
"url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/"
}
]
},
"source": {
"advisory": "SVD-2023-0602"
},
"credits": [
{
"lang": "en",
"value": "Mr Hack (try_to_hack) Santiago Lopez"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

101
2023/32xxx/CVE-2023-32708.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the \u2018rest\u2019 SPL command that lets them potentially access other REST endpoints in the system arbitrarily."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.",
"cweId": "CWE-113"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2303.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0603",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0603"
},
{
"url": "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/"
}
]
},
"source": {
"advisory": "SVD-2023-0603"
},
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

101
2023/32xxx/CVE-2023-32709.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2303.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0604",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0604"
},
{
"url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/"
}
]
},
"source": {
"advisory": "SVD-2023-0604"
},
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

96
2023/32xxx/CVE-2023-32710.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the \u2018copyresults\u2019 command if they know the search ID (SID) of a search job that has recently run."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2303.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0609",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0609"
}
]
},
"source": {
"advisory": "SVD-2023-0609"
},
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
]
}

89
2023/32xxx/CVE-2023-32711.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0605",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0605"
},
{
"url": "https://research.splunk.com/application/8a43558f-a53c-4ee4-86c1-30b1e8ef3606/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/8a43558f-a53c-4ee4-86c1-30b1e8ef3606/"
}
]
},
"source": {
"advisory": "SVD-2023-0605"
},
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}

84
2023/32xxx/CVE-2023-32712.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32712",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially crafted web URL in their browser to cause log file poisoning. The attack requires the attacker to have secure shell (SSH) access to the instance and use a terminal program that supports a certain feature set to execute the attack successfully."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not neutralize or incorrectly neutralizes output that is written to logs.",
"cweId": "CWE-117"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0606",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0606"
}
]
},
"source": {
"advisory": "SVD-2023-0606"
},
"credits": [
{
"lang": "en",
"value": "ST\u00d6K / Fredrik Alexandersson"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1",
"baseScore": 3.4,
"baseSeverity": "LOW"
}
]
}

74
2023/32xxx/CVE-2023-32713.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk App for Stream",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0607",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0607"
}
]
},
"source": {
"advisory": "SVD-2023-0607"
},
"credits": [
{
"lang": "en",
"value": "Ben Leonard-Lagarde & Lucas Fedyniak-Hopes (Modux)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

79
2023/32xxx/CVE-2023-32714.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.",
"cweId": "CWE-35"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk App for Lookup File Editing",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0",
"version_value": "4.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0608",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0608"
},
{
"url": "https://research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6/"
}
]
},
"source": {
"advisory": "SVD-2023-0608"
},
"credits": [
{
"lang": "en",
"value": "Torjus Bryne Retterst\u00f8l, Binary Security"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
]
}

68
2023/32xxx/CVE-2023-32715.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32715",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user\u2019s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk App for Lookup File Editing",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.0",
"version_value": "4.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0610",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0610"
}
]
},
"source": {
"advisory": "SVD-2023-0610"
},
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
]
}

101
2023/32xxx/CVE-2023-32716.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.",
"cweId": "CWE-754"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2303.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0611",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0611"
},
{
"url": "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/"
}
]
},
"source": {
"advisory": "SVD-2023-0611"
},
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

101
2023/32xxx/CVE-2023-32717.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32717",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.14"
},
{
"version_affected": "<",
"version_name": "8.2",
"version_value": "8.2.11"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.5"
}
]
}
},
{
"product_name": "Splunk Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2303.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0612",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0612"
},
{
"url": "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/"
}
]
},
"source": {
"advisory": "SVD-2023-0612"
},
"credits": [
{
"lang": "en",
"value": "Scott Calvert, Splunk"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

5
2023/33xxx/CVE-2023-33440.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md",
"refsource": "MISC",
"name": "https://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.html"
}
]
}

96
2023/33xxx/CVE-2023-33960.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to version 12.5.6, even if the entire instance is marked as `Login required` and prevents all truly anonymous access, the `/robots.txt` route remains publicly available.\n\nVersion 12.5.6 has a fix for this issue. Alternatively, users can download a patchfile to apply the patch to any OpenProject version greater than 10.0 As a workaround, one may mark any public project as non-public and give anyone in need of access to the project a membership."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "opf",
"product": {
"product_data": [
{
"product_name": "openproject",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 12.5.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/opf/openproject/security/advisories/GHSA-xjfc-fqm3-95q8",
"refsource": "MISC",
"name": "https://github.com/opf/openproject/security/advisories/GHSA-xjfc-fqm3-95q8"
},
{
"url": "https://github.com/opf/openproject/pull/12708",
"refsource": "MISC",
"name": "https://github.com/opf/openproject/pull/12708"
},
{
"url": "https://community.openproject.org/wp/48324",
"refsource": "MISC",
"name": "https://community.openproject.org/wp/48324"
},
{
"url": "https://github.com/opf/openproject/releases/tag/v12.5.6",
"refsource": "MISC",
"name": "https://github.com/opf/openproject/releases/tag/v12.5.6"
},
{
"url": "https://patch-diff.githubusercontent.com/raw/opf/openproject/pull/12708.patch",
"refsource": "MISC",
"name": "https://patch-diff.githubusercontent.com/raw/opf/openproject/pull/12708.patch"
}
]
},
"source": {
"advisory": "GHSA-xjfc-fqm3-95q8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

81
2023/34xxx/CVE-2023-34091.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the `deletionTimestamp` field defined can bypass validate, generate, or mutate-existing policies, even in cases where the `validationFailureAction` field is set to `Enforce`. This situation occurs as resources pending deletion were being consciously exempted by Kyverno, as a way to reduce processing load as policies are typically not applied to objects which are being deleted. However, this could potentially result in allowing a malicious user to leverage the Kubernetes finalizers feature by setting a finalizer which causes the Kubernetes API server to set the `deletionTimestamp` and then not completing the delete operation as a way to explicitly to bypass a Kyverno policy. Note that this is not applicable to Kubernetes Pods but, as an example, a Kubernetes Service resource can be manipulated using an indefinite finalizer to bypass policies. This is resolved in Kyverno 1.10.0. There is no known workaround."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kyverno",
"product": {
"product_data": [
{
"product_name": "kyverno",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-hq4m-4948-64cc",
"refsource": "MISC",
"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-hq4m-4948-64cc"
},
{
"url": "https://github.com/kyverno/kyverno/releases/tag/v1.10.0",
"refsource": "MISC",
"name": "https://github.com/kyverno/kyverno/releases/tag/v1.10.0"
}
]
},
"source": {
"advisory": "GHSA-hq4m-4948-64cc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

115
2023/34xxx/CVE-2023-34092.json
View File

@ -1,17 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`['.env', '.env.*', '*.{crt,pem}']`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-50: Path Equivalence: '//multiple/leading/slash'",
"cweId": "CWE-50"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vitejs",
"product": {
"product_data": [
{
"product_name": "vite",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.9.16"
},
{
"version_affected": "=",
"version_value": ">= 3.0.2, < 3.2.7"
},
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.0.5"
},
{
"version_affected": "=",
"version_value": ">= 4.1.0, < 4.1.5"
},
{
"version_affected": "=",
"version_value": ">= 4.2.0, < 4.2.3"
},
{
"version_affected": "=",
"version_value": ">= 4.3.0, < 4.3.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67",
"refsource": "MISC",
"name": "https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67"
},
{
"url": "https://github.com/vitejs/vite/pull/13348",
"refsource": "MISC",
"name": "https://github.com/vitejs/vite/pull/13348"
},
{
"url": "https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32",
"refsource": "MISC",
"name": "https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32"
}
]
},
"source": {
"advisory": "GHSA-353f-5xf4-qw67",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

18
2023/34xxx/CVE-2023-34329.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34330.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34331.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34332.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34332",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34333.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34334.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34334",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34335.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34335",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34336.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34336",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34337.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34337",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/34xxx/CVE-2023-34338.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34338",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}