admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-19 18:00:35 +00:00
parent a9adf66b06
commit 3e33eea120
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 498 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2021/43xxx/CVE-2021-43819.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43819",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-670: Always-Incorrect Control Flow Implementation",
"cweId": "CWE-670"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "stargate-bukkit",
"product": {
"product_data": [
{
"product_name": "Stargate-Bukkit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.7.9.11, < 0.11.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/stargate-bukkit/Stargate-Bukkit/security/advisories/GHSA-64r2-hfr9-849j",
"refsource": "MISC",
"name": "https://github.com/stargate-bukkit/Stargate-Bukkit/security/advisories/GHSA-64r2-hfr9-849j"
}
]
},
"source": {
"advisory": "GHSA-64r2-hfr9-849j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

10
2023/26xxx/CVE-2023-26845.json
View File

@ -52,15 +52,15 @@
},
"references": {
"reference_data": [
{
"url": "http://opencats.com",
"refsource": "MISC",
"name": "http://opencats.com"
},
{
"refsource": "MISC",
"name": "https://github.com/cassis-sec/CVE",
"url": "https://github.com/cassis-sec/CVE"
},
{
"refsource": "MISC",
"name": "https://opencats.org",
"url": "https://opencats.org"
}
]
}

10
2023/26xxx/CVE-2023-26846.json
View File

@ -52,15 +52,15 @@
},
"references": {
"reference_data": [
{
"url": "http://opencats.com",
"refsource": "MISC",
"name": "http://opencats.com"
},
{
"refsource": "MISC",
"name": "https://github.com/cassis-sec/CVE",
"url": "https://github.com/cassis-sec/CVE"
},
{
"refsource": "MISC",
"name": "https://opencats.org",
"url": "https://opencats.org"
}
]
}

2
2023/28xxx/CVE-2023-28141.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nAn NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded only to the time of uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
"value": "\nAn NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded to the time of installation/uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
]
},

5
2023/29xxx/CVE-2023-29491.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2023/04/12/5",
"url": "https://www.openwall.com/lists/oss-security/2023/04/12/5"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230419 Re: ncurses fixes upstream",
"url": "http://www.openwall.com/lists/oss-security/2023/04/19/10"
}
]
}

164
2023/30xxx/CVE-2023-30610.json
View File

@ -1,17 +1,173 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, `SigningParams` is printed, thereby revealing those credentials to anyone with access to logs. All users of the AWS SDK for Rust who enabled TRACE-level logging, either globally (e.g. `RUST_LOG=trace`), or for the `aws-sigv4` crate specifically are affected. This issue has been addressed in a set of new releases. Users are advised to upgrade. Users unable to upgrade should disable TRACE-level logging for AWS Rust SDK crates.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "awslabs",
"product": {
"product_data": [
{
"product_name": "aws-sdk-rust",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.2.0, < 0.2.1"
},
{
"version_affected": "=",
"version_value": ">= 0.3.0, < 0.3.1"
},
{
"version_affected": "=",
"version_value": ">= 0.4.1, < 0.4.2"
},
{
"version_affected": "=",
"version_value": ">= 0.5.2, < 0.5.3"
},
{
"version_affected": "=",
"version_value": ">= 0.6.0, < 0.6.1"
},
{
"version_affected": "=",
"version_value": ">= 0.7.0, < 0.7.1"
},
{
"version_affected": "=",
"version_value": ">= 0.8.0, < 0.8.1"
},
{
"version_affected": "=",
"version_value": ">= 0.9.0, < 0.9.1"
},
{
"version_affected": "=",
"version_value": ">= 0.10.1, < 0.10.2"
},
{
"version_affected": "=",
"version_value": ">= 0.11.0, < 0.11.1"
},
{
"version_affected": "=",
"version_value": ">= 0.12.0, < 0.12.1"
},
{
"version_affected": "=",
"version_value": ">= 0.13.0, < 0.13.1"
},
{
"version_affected": "=",
"version_value": ">= 0.14.0, < 0.14.1"
},
{
"version_affected": "=",
"version_value": ">= 0.15.0, < 0.15.1"
},
{
"version_affected": "=",
"version_value": ">= 0.46.0, < 0.46.1"
},
{
"version_affected": "=",
"version_value": ">= 0.47.0, < 0.47.1"
},
{
"version_affected": "=",
"version_value": ">= 0.48.0, < 0.48.1"
},
{
"version_affected": "=",
"version_value": ">= 0.49.0, < 0.49.1"
},
{
"version_affected": "=",
"version_value": ">= 0.50.0, < 0.51.1"
},
{
"version_affected": "=",
"version_value": ">= 0.52.0, < 0.52.1, "
},
{
"version_affected": "=",
"version_value": ">= 0.53.1, < 0.53.2"
},
{
"version_affected": "=",
"version_value": ">= 0.54.1, < 0.54.2"
},
{
"version_affected": "=",
"version_value": ">= 0.55.0, < 0.55.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-mjv9-vp6w-3rc9",
"refsource": "MISC",
"name": "https://github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-mjv9-vp6w-3rc9"
}
]
},
"source": {
"advisory": "GHSA-mjv9-vp6w-3rc9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

81
2023/30xxx/CVE-2023-30611.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse-reactions",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.2, < 0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-4cgc-c7vh-94g6",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-4cgc-c7vh-94g6"
},
{
"url": "https://github.com/discourse/discourse-reactions/commit/01aca15b2774c088f3673118e92e9469f37d2fb6",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse-reactions/commit/01aca15b2774c088f3673118e92e9469f37d2fb6"
}
]
},
"source": {
"advisory": "GHSA-4cgc-c7vh-94g6",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

100
2023/30xxx/CVE-2023-30612.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cloud-hypervisor",
"product": {
"product_data": [
{
"product_name": "cloud-hypervisor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 30.0, < 30.1"
},
{
"version_affected": "=",
"version_value": ">= 31.0, < 31.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-g6mw-f26h-4jgp",
"refsource": "MISC",
"name": "https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-g6mw-f26h-4jgp"
},
{
"url": "https://github.com/cloud-hypervisor/cloud-hypervisor/pull/5350",
"refsource": "MISC",
"name": "https://github.com/cloud-hypervisor/cloud-hypervisor/pull/5350"
},
{
"url": "https://github.com/cloud-hypervisor/cloud-hypervisor/pull/5373",
"refsource": "MISC",
"name": "https://github.com/cloud-hypervisor/cloud-hypervisor/pull/5373"
},
{
"url": "https://oss-fuzz.com/testcase-detail/5260873569796096",
"refsource": "MISC",
"name": "https://oss-fuzz.com/testcase-detail/5260873569796096"
},
{
"url": "https://oss-fuzz.com/testcase-detail/5426283514560512",
"refsource": "MISC",
"name": "https://oss-fuzz.com/testcase-detail/5426283514560512"
}
]
},
"source": {
"advisory": "GHSA-g6mw-f26h-4jgp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

81
2023/30xxx/CVE-2023-30614.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pay-rails",
"product": {
"product_data": [
{
"product_name": "pay",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 6.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pay-rails/pay/security/advisories/GHSA-cqf3-vpx7-rxhw",
"refsource": "MISC",
"name": "https://github.com/pay-rails/pay/security/advisories/GHSA-cqf3-vpx7-rxhw"
},
{
"url": "https://github.com/pay-rails/pay/commit/5d6283a24062bd272a524ec48415f536a67ad57f",
"refsource": "MISC",
"name": "https://github.com/pay-rails/pay/commit/5d6283a24062bd272a524ec48415f536a67ad57f"
}
]
},
"source": {
"advisory": "GHSA-cqf3-vpx7-rxhw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}