admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-11 05:00:32 +00:00
parent 1a2d72cf9f
commit 42b366c902
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 266 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
2023/26xxx/CVE-2023-26121.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution",
"cweId": "CWE-1321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "safe-eval",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373062",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373062"
},
{
"url": "https://gist.github.com/seongil-wi/9d9fc0cc5b7b130419cd45827e59c4f9",
"refsource": "MISC",
"name": "https://gist.github.com/seongil-wi/9d9fc0cc5b7b130419cd45827e59c4f9"
},
{
"url": "https://github.com/hacksparrow/safe-eval/issues/28",
"refsource": "MISC",
"name": "https://github.com/hacksparrow/safe-eval/issues/28"
}
]
},
"credits": [
{
"lang": "en",
"value": "seongil-wi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"
}
]
}

114
2023/26xxx/CVE-2023-26122.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.\rExploiting this vulnerability might result in remote code execution (\"RCE\").\r\r**Vulnerable functions:**\r\r__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sandbox Bypass",
"cweId": "CWE-265"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "safe-eval",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064"
},
{
"url": "https://github.com/hacksparrow/safe-eval/issues/27",
"refsource": "MISC",
"name": "https://github.com/hacksparrow/safe-eval/issues/27"
},
{
"url": "https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce",
"refsource": "MISC",
"name": "https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce"
},
{
"url": "https://github.com/hacksparrow/safe-eval/issues/31",
"refsource": "MISC",
"name": "https://github.com/hacksparrow/safe-eval/issues/31"
},
{
"url": "https://github.com/hacksparrow/safe-eval/issues/32",
"refsource": "MISC",
"name": "https://github.com/hacksparrow/safe-eval/issues/32"
},
{
"url": "https://github.com/hacksparrow/safe-eval/issues/33",
"refsource": "MISC",
"name": "https://github.com/hacksparrow/safe-eval/issues/33"
},
{
"url": "https://github.com/hacksparrow/safe-eval/issues/34",
"refsource": "MISC",
"name": "https://github.com/hacksparrow/safe-eval/issues/34"
},
{
"url": "https://github.com/hacksparrow/safe-eval/issues/35",
"refsource": "MISC",
"name": "https://github.com/hacksparrow/safe-eval/issues/35"
}
]
},
"credits": [
{
"lang": "en",
"value": "seongil-wi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P"
}
]
}

2
2023/26xxx/CVE-2023-26777.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint."
"value": "Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint."
}
]
},

5
2023/28xxx/CVE-2023-28205.json
View File

@ -112,6 +112,11 @@
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1",
"url": "http://seclists.org/fulldisclosure/2023/Apr/2"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-10-1 iOS 15.7.5 and iPadOS 15.7.5",
"url": "http://seclists.org/fulldisclosure/2023/Apr/5"
}
]
},

15
2023/28xxx/CVE-2023-28206.json
View File

@ -123,6 +123,21 @@
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-07-2 macOS Ventura 13.3.1",
"url": "http://seclists.org/fulldisclosure/2023/Apr/2"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6",
"url": "http://seclists.org/fulldisclosure/2023/Apr/6"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-10-1 iOS 15.7.5 and iPadOS 15.7.5",
"url": "http://seclists.org/fulldisclosure/2023/Apr/5"
},
{
"refsource": "FULLDISC",
"name": "20230410 APPLE-SA-2023-04-10-2 macOS Monterey 12.6.5",
"url": "http://seclists.org/fulldisclosure/2023/Apr/4"
}
]
},

56
2023/29xxx/CVE-2023-29492.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-29492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx",
"url": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx"
}
]
}