admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-17 05:00:39 +00:00
parent e22ce1095b
commit 36d9096360
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 452 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/28xxx/CVE-2021-28651.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"refsource": "FULLDISC",
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}

5
2021/28xxx/CVE-2021-28652.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"refsource": "FULLDISC",
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}

5
2021/28xxx/CVE-2021-28662.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"refsource": "FULLDISC",
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}

5
2021/31xxx/CVE-2021-31806.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"refsource": "FULLDISC",
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}

5
2021/31xxx/CVE-2021-31807.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"refsource": "FULLDISC",
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}

5
2021/31xxx/CVE-2021-31808.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"refsource": "FULLDISC",
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}

5
2021/33xxx/CVE-2021-33620.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"refsource": "FULLDISC",
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
},

91
2023/34xxx/CVE-2023-34209.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ART@zuso.ai",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"cweId": "CWE-497"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EasyUse Digital Technology",
"product": {
"product_data": [
{
"product_name": "MailHunter Ultimate",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://zuso.ai/Advisory/ZA-2023-06",
"refsource": "MISC",
"name": "https://zuso.ai/Advisory/ZA-2023-06"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"ZA-2023-06"
],
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

91
2023/34xxx/CVE-2023-34210.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34210",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ART@zuso.ai",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EasyUse Digital Technology",
"product": {
"product_data": [
{
"product_name": "MailHunter Ultimate",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://zuso.ai/Advisory/ZA-2023-07",
"refsource": "MISC",
"name": "https://zuso.ai/Advisory/ZA-2023-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"ZA-2023-07"
],
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

5
2023/38xxx/CVE-2023-38039.json
View File

@ -97,6 +97,11 @@
"url": "https://security.netapp.com/advisory/ntap-20231013-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20231013-0005/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/17",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/17"
}
]
}

5
2023/42xxx/CVE-2023-42824.json
View File

@ -68,6 +68,11 @@
"url": "https://support.apple.com/kb/HT213972",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT213972"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/16",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/16"
}
]
}

70
2023/45xxx/CVE-2023-45357.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45357",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617",
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

70
2023/45xxx/CVE-2023-45358.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45358",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617",
"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N",
"version": "3.1"
}
}
}

56
2023/45xxx/CVE-2023-45375.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the module \"PireosPay\" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html",
"url": "https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html"
}
]
}

56
2023/45xxx/CVE-2023-45386.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2023/10/12/extratabspro.html",
"url": "https://security.friendsofpresta.org/modules/2023/10/12/extratabspro.html"
}
]
}

5
2023/5xxx/CVE-2023-5217.json
View File

@ -300,6 +300,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/16",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/16"
}
]
}