admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-24 09:00:34 +00:00
parent 6a98d36626
commit 35dcfb3e75
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 275 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/10xxx/CVE-2019-10224.json
View File

@ -53,6 +53,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

9
2019/14xxx/CVE-2019-14824.json
View File

@ -59,6 +59,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0464",
"refsource": "MISC",
@ -70,9 +75,9 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

5
2019/3xxx/CVE-2019-3883.json
View File

@ -73,6 +73,11 @@
"url": "https://pagure.io/389-ds-base/pull-request/50331",
"name": "https://pagure.io/389-ds-base/pull-request/50331",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

5
2021/3xxx/CVE-2021-3514.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://github.com/389ds/389-ds-base/issues/4711",
"url": "https://github.com/389ds/389-ds-base/issues/4711"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

5
2021/3xxx/CVE-2021-3652.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://github.com/389ds/389-ds-base/issues/4817",
"url": "https://github.com/389ds/389-ds-base/issues/4817"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

5
2021/4xxx/CVE-2021-4091.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2030307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030307"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

7
2022/0xxx/CVE-2022-0918.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing."
"value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.\n\n"
}
]
},
@ -67,6 +67,11 @@
"url": "https://github.com/389ds/389-ds-base/issues/5242",
"refsource": "MISC",
"name": "https://github.com/389ds/389-ds-base/issues/5242"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

9
2022/0xxx/CVE-2022-0996.json
View File

@ -63,15 +63,20 @@
"refsource": "MISC",
"name": "https://github.com/ByteHackr/389-ds-base"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}

5
2022/2xxx/CVE-2022-2850.json
View File

@ -62,6 +62,11 @@
"url": "https://access.redhat.com/security/cve/CVE-2022-2850",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}

116
2023/22xxx/CVE-2023-22577.json
View File

@ -1,17 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22577",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "csirt@divd.nl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CERN",
"product": {
"product_data": [
{
"product_name": "White Rabbit Switch",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "< v6.0.1",
"lessThanOrEqual": "v6.0.1",
"versionType": "vx.y.z"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://csirt.divd.nl/CVE-2023-22577/",
"refsource": "MISC",
"name": "https://csirt.divd.nl/CVE-2023-22577/"
},
{
"url": "https://csirt.divd.nl/DIVD-2022-00068/",
"refsource": "MISC",
"name": "https://csirt.divd.nl/DIVD-2022-00068/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Upgrade to version 6.0.2",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Upgrade to version 6.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"value": "Victor Pasman (DIVD)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "CRITICAL",
"baseScore": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
]
}

117
2023/22xxx/CVE-2023-22581.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22581",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "csirt@divd.nl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "White Rabbit Switch contains a vulnerability which makes it possible for an attacker\u00a0to perform system commands under the context of the web application (the default\u00a0installation makes the webserver run as the root user)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CERN",
"product": {
"product_data": [
{
"product_name": "White Rabbit Switch",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "< v6.0.1",
"lessThanOrEqual": "v6.0.1",
"versionType": "v.x.y.z"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://csirt.divd.nl/CVE-2023-22581/",
"refsource": "MISC",
"name": "https://csirt.divd.nl/CVE-2023-22581/"
},
{
"url": "https://csirt.divd.nl/DIVD-2022-00068/",
"refsource": "MISC",
"name": "https://csirt.divd.nl/DIVD-2022-00068/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL",
"advisory": "DIVD-2023-00068"
},
"work_around": [
{
"lang": "en",
"value": "Upgrade to version 6.0.2",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Upgrade to version 6.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tom Wolters (Chapter8)"
},
{
"lang": "en",
"value": "Victor Pasman (DIVD)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "CRITICAL",
"baseScore": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
]
}