admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-28 18:00:32 +00:00
parent b69360fcfd
commit 41b5cfafe5
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 256 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/27xxx/CVE-2020-27366.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27366",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://pastebin.com/sr0JR1ys",
"url": "https://pastebin.com/sr0JR1ys"
}
]
}

5
2023/25xxx/CVE-2023-25394.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/",
"url": "https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/"
},
{
"refsource": "CERT-VN",
"name": "VU#757109",
"url": "https://www.kb.cert.org/vuls/id/757109"
}
]
}

66
2023/39xxx/CVE-2023-39062.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md",
"refsource": "MISC",
"name": "https://github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md"
},
{
"refsource": "MISC",
"name": "https://github.com/afine-com/CVE-2023-39062",
"url": "https://github.com/afine-com/CVE-2023-39062"
},
{
"refsource": "MISC",
"name": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-39062",
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-39062"
}
]
}

81
2023/40xxx/CVE-2023-40590.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\\\Program Files\\\\Git\\\\cmd\\\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gitpython-developers",
"product": {
"product_data": [
{
"product_name": "GitPython",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 3.1.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4",
"refsource": "MISC",
"name": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4"
},
{
"url": "https://docs.python.org/3/library/subprocess.html#popen-constructor",
"refsource": "MISC",
"name": "https://docs.python.org/3/library/subprocess.html#popen-constructor"
}
]
},
"source": {
"advisory": "GHSA-wfm5-v35h-vwf4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/41xxx/CVE-2023-41340.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41340",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/41xxx/CVE-2023-41341.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/41xxx/CVE-2023-41342.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41342",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2023/4xxx/CVE-2023-4547.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.238058",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.238058"
},
{
"url": "http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.html"
}
]
},

5
2023/4xxx/CVE-2023-4548.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.238059",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.238059"
},
{
"url": "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html"
}
]
},