From 41b5cfafe5d5051b5e15b7f08e7f0cb36121779e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Aug 2023 18:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27366.json | 56 ++++++++++++++++++++--- 2023/25xxx/CVE-2023-25394.json | 5 +++ 2023/39xxx/CVE-2023-39062.json | 66 ++++++++++++++++++++++++--- 2023/40xxx/CVE-2023-40590.json | 81 ++++++++++++++++++++++++++++++++-- 2023/41xxx/CVE-2023-41340.json | 18 ++++++++ 2023/41xxx/CVE-2023-41341.json | 18 ++++++++ 2023/41xxx/CVE-2023-41342.json | 18 ++++++++ 2023/4xxx/CVE-2023-4547.json | 5 +++ 2023/4xxx/CVE-2023-4548.json | 5 +++ 9 files changed, 256 insertions(+), 16 deletions(-) create mode 100644 2023/41xxx/CVE-2023-41340.json create mode 100644 2023/41xxx/CVE-2023-41341.json create mode 100644 2023/41xxx/CVE-2023-41342.json diff --git a/2020/27xxx/CVE-2020-27366.json b/2020/27xxx/CVE-2020-27366.json index 04f221de2cb..28333f11804 100644 --- a/2020/27xxx/CVE-2020-27366.json +++ b/2020/27xxx/CVE-2020-27366.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27366", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27366", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pastebin.com/sr0JR1ys", + "url": "https://pastebin.com/sr0JR1ys" } ] } diff --git a/2023/25xxx/CVE-2023-25394.json b/2023/25xxx/CVE-2023-25394.json index e60d58cdcdf..80add9c9140 100644 --- a/2023/25xxx/CVE-2023-25394.json +++ b/2023/25xxx/CVE-2023-25394.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/", "url": "https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/" + }, + { + "refsource": "CERT-VN", + "name": "VU#757109", + "url": "https://www.kb.cert.org/vuls/id/757109" } ] } diff --git a/2023/39xxx/CVE-2023-39062.json b/2023/39xxx/CVE-2023-39062.json index e6f2a7c1370..0ceea6a7e8d 100644 --- a/2023/39xxx/CVE-2023-39062.json +++ b/2023/39xxx/CVE-2023-39062.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39062", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39062", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md", + "refsource": "MISC", + "name": "https://github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/afine-com/CVE-2023-39062", + "url": "https://github.com/afine-com/CVE-2023-39062" + }, + { + "refsource": "MISC", + "name": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-39062", + "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-39062" } ] } diff --git a/2023/40xxx/CVE-2023-40590.json b/2023/40xxx/CVE-2023-40590.json index c15272c2bca..56c3449dd51 100644 --- a/2023/40xxx/CVE-2023-40590.json +++ b/2023/40xxx/CVE-2023-40590.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": " GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\\\Program Files\\\\Git\\\\cmd\\\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gitpython-developers", + "product": { + "product_data": [ + { + "product_name": "GitPython", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 3.1.32" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4", + "refsource": "MISC", + "name": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4" + }, + { + "url": "https://docs.python.org/3/library/subprocess.html#popen-constructor", + "refsource": "MISC", + "name": "https://docs.python.org/3/library/subprocess.html#popen-constructor" + } + ] + }, + "source": { + "advisory": "GHSA-wfm5-v35h-vwf4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41340.json b/2023/41xxx/CVE-2023-41340.json new file mode 100644 index 00000000000..fbf4de8249d --- /dev/null +++ b/2023/41xxx/CVE-2023-41340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41341.json b/2023/41xxx/CVE-2023-41341.json new file mode 100644 index 00000000000..df7b0e3bdb2 --- /dev/null +++ b/2023/41xxx/CVE-2023-41341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41342.json b/2023/41xxx/CVE-2023-41342.json new file mode 100644 index 00000000000..0088cc3f233 --- /dev/null +++ b/2023/41xxx/CVE-2023-41342.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41342", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4547.json b/2023/4xxx/CVE-2023-4547.json index 9b2cef56ecf..5b2606f2c30 100644 --- a/2023/4xxx/CVE-2023-4547.json +++ b/2023/4xxx/CVE-2023-4547.json @@ -67,6 +67,11 @@ "url": "https://vuldb.com/?ctiid.238058", "refsource": "MISC", "name": "https://vuldb.com/?ctiid.238058" + }, + { + "url": "http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4548.json b/2023/4xxx/CVE-2023-4548.json index b05b246dc22..95a1ba40050 100644 --- a/2023/4xxx/CVE-2023-4548.json +++ b/2023/4xxx/CVE-2023-4548.json @@ -67,6 +67,11 @@ "url": "https://vuldb.com/?ctiid.238059", "refsource": "MISC", "name": "https://vuldb.com/?ctiid.238059" + }, + { + "url": "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html" } ] },