admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-17 17:00:32 +00:00
parent 81715a1f9c
commit 4d8c051308
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 336 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/1xxx/CVE-2019-1937.json
View File

@ -92,6 +92,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/173531/Cisco-UCS-IMC-Supervisor-2.2.0.0-Authentication-Bypass.html"
}
]
},

72
2021/37xxx/CVE-2021-37386.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37386",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection",
"refsource": "MISC",
"name": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"
},
{
"refsource": "MISC",
"name": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt",
"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"
}
]
}

5
2022/24xxx/CVE-2022-24715.json
View File

@ -86,6 +86,11 @@
"refsource": "GENTOO",
"name": "GLSA-202208-05",
"url": "https://security.gentoo.org/glsa/202208-05"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/173516/Icinga-Web-2.10-Remote-Code-Execution.html"
}
]
},

20
2022/36xxx/CVE-2022-36354.json
View File

@ -62,24 +62,20 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
},
{
"url": "https://security.gentoo.org/glsa/202305-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202305-33"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith >_> of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",

20
2022/41xxx/CVE-2022-41981.json
View File

@ -58,24 +58,20 @@
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628"
},
{
"url": "https://www.debian.org/security/2023/dsa-5384",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5384"
},
{
"url": "https://security.gentoo.org/glsa/202305-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202305-33"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith >_> of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",

122
2023/28xxx/CVE-2023-28767.json
View File

@ -1,17 +1,131 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@zyxel.com.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions\u00a05.00 through 5.36,\u00a0 USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.10 through 5.36"
}
]
}
},
{
"product_name": "USG FLEX series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.00 through 5.36"
}
]
}
},
{
"product_name": "USG FLEX 50(W) series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.10 through 5.36"
}
]
}
},
{
"product_name": "USG20(W)-VPN series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.10 through 5.36"
}
]
}
},
{
"product_name": "VPN series firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.00 through 5.36"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers",
"refsource": "MISC",
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

62
2023/34xxx/CVE-2023-34669.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-34669",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://w3b5h3ll.notion.site/w3b5h3ll/TOTOLINK-CP300-c96d775881f0476b9ef465dba9c6d9b8",
"refsource": "MISC",
"name": "https://w3b5h3ll.notion.site/w3b5h3ll/TOTOLINK-CP300-c96d775881f0476b9ef465dba9c6d9b8"
}
]
}

5
2023/37xxx/CVE-2023-37269.json
View File

@ -73,6 +73,11 @@
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.3",
"refsource": "MISC",
"name": "https://github.com/wintercms/winter/releases/tag/v1.2.3"
},
{
"url": "http://packetstormsecurity.com/files/173520/WinterCMS-1.2.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173520/WinterCMS-1.2.2-Cross-Site-Scripting.html"
}
]
},

81
2023/37xxx/CVE-2023-37475.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37475",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hamba",
"product": {
"product_data": [
{
"product_name": "avro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/hamba/avro/security/advisories/GHSA-9x44-9pgq-cf45",
"refsource": "MISC",
"name": "https://github.com/hamba/avro/security/advisories/GHSA-9x44-9pgq-cf45"
},
{
"url": "https://github.com/hamba/avro/commit/b4a402f41cf44b6094b5131286830ba9bb1eb290",
"refsource": "MISC",
"name": "https://github.com/hamba/avro/commit/b4a402f41cf44b6094b5131286830ba9bb1eb290"
}
]
},
"source": {
"advisory": "GHSA-9x44-9pgq-cf45",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}