admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-06 17:00:35 +00:00
parent 2f776924d3
commit 341f8b7b5f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 518 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/15xxx/CVE-2019-15993.json
View File

@ -71,6 +71,11 @@
"name": "20200129 Cisco Small Business Switches Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html",
"url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
}
]
},

5
2019/9xxx/CVE-2019-9193.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html"
}
]
}

5
2020/11xxx/CVE-2020-11798.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin-20-0005-01.pdf",
"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin-20-0005-01.pdf"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171751/Mitel-MiCollab-AWV-8.1.2.4-9.1.3-Directory-Traversal-LFI.html",
"url": "http://packetstormsecurity.com/files/171751/Mitel-MiCollab-AWV-8.1.2.4-9.1.3-Directory-Traversal-LFI.html"
}
]
}

5
2020/5xxx/CVE-2020-5330.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en",
"name": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html",
"url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
}
]
}

5
2021/21xxx/CVE-2021-21276.json
View File

@ -83,6 +83,11 @@
"name": "https://github.com/cydrobolt/polr/releases/tag/2.3.0",
"refsource": "MISC",
"url": "https://github.com/cydrobolt/polr/releases/tag/2.3.0"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171743/POLR-URL-2.3.0-Shortener-Admin-Takeover.html",
"url": "http://packetstormsecurity.com/files/171743/POLR-URL-2.3.0-Shortener-Admin-Takeover.html"
}
]
},

5
2022/25xxx/CVE-2022-25765.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-c0d55cd527",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.html"
}
]
},

5
2022/28xxx/CVE-2022-28368.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d",
"url": "https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171738/Dompdf-1.2.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171738/Dompdf-1.2.1-Remote-Code-Execution.html"
}
]
}

5
2022/28xxx/CVE-2022-28598.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/patrickdeanramos/CVE-2022-28598/blob/main/ERPNext%20-%2012.29.0.pdf",
"url": "https://github.com/patrickdeanramos/CVE-2022-28598/blob/main/ERPNext%20-%2012.29.0.pdf"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171730/ERPNext-12.29-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/171730/ERPNext-12.29-Cross-Site-Scripting.html"
}
]
}

5
2022/29xxx/CVE-2022-29885.json
View File

@ -108,6 +108,11 @@
"refsource": "DEBIAN",
"name": "DSA-5265",
"url": "https://www.debian.org/security/2022/dsa-5265"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/171728/Apache-Tomcat-10.1-Denial-Of-Service.html"
}
]
},

5
2022/40xxx/CVE-2022-40032.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated",
"url": "https://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.html"
}
]
}

5
2022/40xxx/CVE-2022-40347.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated",
"url": "https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.html"
}
]
}

5
2022/44xxx/CVE-2022-44268.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html",
"url": "http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html"
}
]
}

5
2022/44xxx/CVE-2022-44877.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/170820/Control-Web-Panel-Unauthenticated-Remote-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171725/Control-Web-Panel-7-CWP7-0.9.8.1147-Remote-Code-Execution.html"
}
]
}

5
2022/46xxx/CVE-2022-46604.json
View File

@ -66,6 +66,11 @@
"url": "https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt",
"refsource": "MISC",
"name": "https://github.com/trippo/ResponsiveFilemanager/blob/v9.9.6/changelog.txt"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/171720/Responsive-FileManager-9.9.5-Remote-Shell-Upload.html"
}
]
}

5
2023/0xxx/CVE-2023-0315.json
View File

@ -84,6 +84,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171729/Froxlor-2.0.3-Stable-Remote-Code-Execution.html"
}
]
},

5
2023/0xxx/CVE-2023-0493.json
View File

@ -79,6 +79,11 @@
"name": "https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/02070d65836cd24627929b3403efbae8de56039a"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html",
"url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html"
}
]
},

79
2023/0xxx/CVE-2023-0580.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information",
"cweId": "CWE-922"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABB",
"product": {
"product_data": [
{
"product_name": "My Control System (on-premise)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.0;0",
"version_value": "5.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

171
2023/0xxx/CVE-2023-0744.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0744",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in answerdev/answer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "answerdev/answer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.0.4"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0744",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in answerdev/answer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "answerdev/answer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.0.4"
}
]
}
}
]
},
"vendor_name": "answerdev"
}
}
]
},
"vendor_name": "answerdev"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434"
},
{
"name": "https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d",
"refsource": "MISC",
"url": "https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d"
}
]
},
"source": {
"advisory": "35a0e12f-1d54-4fc0-8779-6a4949b7c434",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434"
},
{
"name": "https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d",
"refsource": "MISC",
"url": "https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542d"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.html",
"url": "http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.html"
}
]
},
"source": {
"advisory": "35a0e12f-1d54-4fc0-8779-6a4949b7c434",
"discovery": "EXTERNAL"
}
}

171
2023/0xxx/CVE-2023-0777.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0777",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Primary Weakness in modoboa/modoboa"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "modoboa/modoboa",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.0.4"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0777",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Primary Weakness in modoboa/modoboa"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "modoboa/modoboa",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "modoboa"
}
}
]
},
"vendor_name": "modoboa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7"
},
{
"name": "https://github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806",
"refsource": "MISC",
"url": "https://github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806"
}
]
},
"source": {
"advisory": "a17e7a9f-0fee-4130-a522-5a0466fc17c7",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7"
},
{
"name": "https://github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806",
"refsource": "MISC",
"url": "https://github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171744/modoboa-2.0.4-Admin-Takeover.html",
"url": "http://packetstormsecurity.com/files/171744/modoboa-2.0.4-Admin-Takeover.html"
}
]
},
"source": {
"advisory": "a17e7a9f-0fee-4130-a522-5a0466fc17c7",
"discovery": "EXTERNAL"
}
}

18
2023/1xxx/CVE-2023-1914.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2023/22xxx/CVE-2023-22629.json
View File

@ -66,6 +66,11 @@
"url": "https://f20.be/cves/titan-ftp-vulnerabilities",
"refsource": "MISC",
"name": "https://f20.be/cves/titan-ftp-vulnerabilities"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html",
"url": "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html"
}
]
}

5
2023/23xxx/CVE-2023-23286.json
View File

@ -61,6 +61,11 @@
"url": "https://f20.be/cves/provide-server-v-14-4",
"refsource": "MISC",
"name": "https://f20.be/cves/provide-server-v-14-4"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html"
}
]
}

81
2023/29xxx/CVE-2023-29008.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users\u2019 accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sveltejs",
"product": {
"product_data": [
{
"product_name": "kit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.15.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-gv7g-x59x-wf8f",
"refsource": "MISC",
"name": "https://github.com/sveltejs/kit/security/advisories/GHSA-gv7g-x59x-wf8f"
},
{
"url": "https://github.com/sveltejs/kit/commit/ba436c6685e751d968a960fbda65f24cf7a82e9f",
"refsource": "MISC",
"name": "https://github.com/sveltejs/kit/commit/ba436c6685e751d968a960fbda65f24cf7a82e9f"
}
]
},
"source": {
"advisory": "GHSA-gv7g-x59x-wf8f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

86
2023/29xxx/CVE-2023-29010.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Budibase",
"product": {
"product_data": [
{
"product_name": "budibase",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Budibase/budibase/security/advisories/GHSA-9xg2-9mcv-985p",
"refsource": "MISC",
"name": "https://github.com/Budibase/budibase/security/advisories/GHSA-9xg2-9mcv-985p"
},
{
"url": "https://github.com/Budibase/budibase/commits/develop?after=93d6939466aec192043d8ac842e754f65fdf2e8a+594&branch=develop&qualified_name=refs%2Fheads%2Fdevelop",
"refsource": "MISC",
"name": "https://github.com/Budibase/budibase/commits/develop?after=93d6939466aec192043d8ac842e754f65fdf2e8a+594&branch=develop&qualified_name=refs%2Fheads%2Fdevelop"
},
{
"url": "https://github.com/Budibase/budibase/releases/tag/v2.4.3",
"refsource": "MISC",
"name": "https://github.com/Budibase/budibase/releases/tag/v2.4.3"
}
]
},
"source": {
"advisory": "GHSA-9xg2-9mcv-985p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}