admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-09 18:00:41 +00:00
parent 0a2f37e044
commit 4016ea1cf1
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 395 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2019/16xxx/CVE-2019-16283.json Normal file
View File

@ -0,0 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-16283",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP Softpaq installer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.100.1189"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hp.com/us-en/document/c06541912",
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/c06541912"
}
]
},
"generator": {
"engine": "cveClient/1.0.13"
}
}

66
2023/29xxx/CVE-2023-29712.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29712",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-29712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vadesecure.com/en/",
"refsource": "MISC",
"name": "https://www.vadesecure.com/en/"
},
{
"url": "https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf",
"refsource": "MISC",
"name": "https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf"
},
{
"refsource": "MISC",
"name": "https://labs.yarix.com/2023/05/vade-secure-gateway-multiple-xss-cve-2023-29712-cve-2023-29713-cve-2023-29714/",
"url": "https://labs.yarix.com/2023/05/vade-secure-gateway-multiple-xss-cve-2023-29712-cve-2023-29713-cve-2023-29714/"
}
]
}

66
2023/30xxx/CVE-2023-30262.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-30262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mimsoftware.com/",
"refsource": "MISC",
"name": "https://www.mimsoftware.com/"
},
{
"url": "https://www.kansashealthsystem.com/",
"refsource": "MISC",
"name": "https://www.kansashealthsystem.com/"
},
{
"refsource": "MISC",
"name": "https://www.mimsoftware.com/cve-2023-30262",
"url": "https://www.mimsoftware.com/cve-2023-30262"
}
]
}

61
2023/33xxx/CVE-2023-33557.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bcvgh/fuel-cms-sqlinjection/blob/main/README.md",
"refsource": "MISC",
"name": "https://github.com/bcvgh/fuel-cms-sqlinjection/blob/main/README.md"
},
{
"refsource": "MISC",
"name": "https://github.com/daylightstudio/FUEL-CMS/issues/604",
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/604"
}
]
}

81
2023/34xxx/CVE-2023-34100.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using 'UIP_IPTCPH_LEN + 2 + c' and 'UIP_IPTCPH_LEN + 3 + c', but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the \"develop\" branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "contiki-ng",
"product": {
"product_data": [
{
"product_name": "contiki-ng",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 4.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph",
"refsource": "MISC",
"name": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-3v7c-jq9x-cmph"
},
{
"url": "https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e",
"refsource": "MISC",
"name": "https://github.com/contiki-ng/contiki-ng/pull/2434/commits/cde4e98398a2f5b994972c8459342af3ba93b98e"
}
]
},
"source": {
"advisory": "GHSA-3v7c-jq9x-cmph",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

81
2023/34xxx/CVE-2023-34245.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `['http', 'https', 'mailto', 'tel']`. URLs using a scheme that isn't in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "udecode",
"product": {
"product_data": [
{
"product_name": "plate",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 20.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/udecode/plate/security/advisories/GHSA-4882-hxpr-hrvm",
"refsource": "MISC",
"name": "https://github.com/udecode/plate/security/advisories/GHSA-4882-hxpr-hrvm"
},
{
"url": "https://github.com/udecode/plate/commit/93dd5712854660874900ae12e4d8e6ff28089eb7",
"refsource": "MISC",
"name": "https://github.com/udecode/plate/commit/93dd5712854660874900ae12e4d8e6ff28089eb7"
}
]
},
"source": {
"advisory": "GHSA-4882-hxpr-hrvm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}