admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-07 22:00:32 +00:00
parent 0ad07431b5
commit 3eb95581dd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 403 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/5xxx/CVE-2016-5851.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-aa6ebc01be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XU2WSYRNB7CLBBFCGSX34XHACTA2SWDZ/"
},
{
"refsource": "MISC",
"name": "https://github.com/python-openxml/python-docx/commit/61b40b161b64173ab8e362aec1fd197948431beb",
"url": "https://github.com/python-openxml/python-docx/commit/61b40b161b64173ab8e362aec1fd197948431beb"
}
]
}

5
2017/16xxx/CVE-2017-16877.json
View File

@ -56,6 +56,11 @@
"name": "https://github.com/zeit/next.js/releases/tag/2.4.1",
"refsource": "CONFIRM",
"url": "https://github.com/zeit/next.js/releases/tag/2.4.1"
},
{
"refsource": "MISC",
"name": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00",
"url": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00"
}
]
}

5
2018/25xxx/CVE-2018-25023.json
View File

@ -61,6 +61,11 @@
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/smallvec/RUSTSEC-2018-0018.md",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/smallvec/RUSTSEC-2018-0018.md"
},
{
"refsource": "MISC",
"name": "https://github.com/servo/rust-smallvec/commit/e64afc8c473d43e375ab42bd33db2d0d4ac4e41b",
"url": "https://github.com/servo/rust-smallvec/commit/e64afc8c473d43e375ab42bd33db2d0d4ac4e41b"
}
]
}

5
2020/35xxx/CVE-2020-35857.json
View File

@ -56,6 +56,11 @@
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html",
"refsource": "MISC",
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
},
{
"refsource": "MISC",
"name": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3",
"url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
}
]
}

15
2021/31xxx/CVE-2021-31542.json
View File

@ -91,6 +91,21 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-e7fd530688",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/"
},
{
"refsource": "MISC",
"name": "https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d",
"url": "https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d"
},
{
"refsource": "MISC",
"name": "https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48",
"url": "https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48"
},
{
"refsource": "MISC",
"name": "https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007",
"url": "https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007"
}
]
}

20
2021/43xxx/CVE-2021-43114.json
View File

@ -61,6 +61,26 @@
"refsource": "DEBIAN",
"name": "DSA-5033",
"url": "https://www.debian.org/security/2021/dsa-5033"
},
{
"refsource": "MISC",
"name": "https://github.com/NICMx/FORT-validator/commit/425e0f4037b4543fe8044ac96ca71d6d02d7d8c5",
"url": "https://github.com/NICMx/FORT-validator/commit/425e0f4037b4543fe8044ac96ca71d6d02d7d8c5"
},
{
"refsource": "MISC",
"name": "https://github.com/NICMx/FORT-validator/commit/673c679b6bf3f4187cd5242c31a795bf8a6c22b3",
"url": "https://github.com/NICMx/FORT-validator/commit/673c679b6bf3f4187cd5242c31a795bf8a6c22b3"
},
{
"refsource": "MISC",
"name": "https://github.com/NICMx/FORT-validator/commit/eb68ebbaab50f3365aa51bbaa17cb862bf4607fa",
"url": "https://github.com/NICMx/FORT-validator/commit/eb68ebbaab50f3365aa51bbaa17cb862bf4607fa"
},
{
"refsource": "MISC",
"name": "https://github.com/NICMx/FORT-validator/commit/274dc14aed1eb9b3350029d1063578a6b9c77b54",
"url": "https://github.com/NICMx/FORT-validator/commit/274dc14aed1eb9b3350029d1063578a6b9c77b54"
}
]
}

56
2023/46xxx/CVE-2023-46693.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.formalms.org/download/342-forma-lms-4-0-5.html",
"url": "https://www.formalms.org/download/342-forma-lms-4-0-5.html"
}
]
}

18
2023/5xxx/CVE-2023-5808.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).\n"
"value": "SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access HNAS configuration backup and diagnostic data, that would normally be barred to those specific administrative roles."
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "000001",
"version_affected": "<",
"version_name": "6.0",
"version_value": "14.8.7825.01"
}
]
@ -79,15 +79,15 @@
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]

94
2023/6xxx/CVE-2023-6578.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6578",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Software AG WebMethods 10.11.x/10.15.x entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei wm.server/connect/. Durch Beeinflussen mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Software AG",
"product": {
"product_data": [
{
"product_name": "WebMethods",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.11.x"
},
{
"version_affected": "=",
"version_value": "10.15.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.247158",
"refsource": "MISC",
"name": "https://vuldb.com/?id.247158"
},
{
"url": "https://vuldb.com/?ctiid.247158",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.247158"
}
]
},
"credits": [
{
"lang": "en",
"value": "mohammedhashayka (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

90
2023/6xxx/CVE-2023-6579.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in osCommerce 4 entdeckt. Davon betroffen ist unbekannter Code der Datei /b2b-supermarket/shopping-cart der Komponente POST Parameter Handler. Dank Manipulation des Arguments estimate[country_id] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "osCommerce",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.247160",
"refsource": "MISC",
"name": "https://vuldb.com/?id.247160"
},
{
"url": "https://vuldb.com/?ctiid.247160",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.247160"
}
]
},
"credits": [
{
"lang": "en",
"value": "skalvin (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

99
2023/6xxx/CVE-2023-6580.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in D-Link DIR-846 FW100A53DBR gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /HNAP1/ der Komponente QoS POST Handler. Mit der Manipulation des Arguments smartqos_express_devices/smartqos_normal_devices mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-846",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "FW100A53DBR"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.247161",
"refsource": "MISC",
"name": "https://vuldb.com/?id.247161"
},
{
"url": "https://vuldb.com/?ctiid.247161",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.247161"
},
{
"url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md",
"refsource": "MISC",
"name": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Fran\u00e7oa Taffarel"
},
{
"lang": "en",
"value": "francoa.taffarel (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

18
2023/6xxx/CVE-2023-6598.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}