admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-11 16:00:36 +00:00
parent 3a83cc0ba2
commit 4ef37b5d57
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 297 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
2022/26xxx/CVE-2022-26562.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired."
"value": "An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final)."
}
]
},
@ -66,6 +66,31 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230306 [SECURITY] [DLA 3354-1] kopanocore security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00006.html"
},
{
"refsource": "MISC",
"name": "https://jira.kopano.io/browse/KC-2021",
"url": "https://jira.kopano.io/browse/KC-2021"
},
{
"refsource": "MISC",
"name": "https://github.com/Kopano-dev/kopano-core/blob/master/provider/libserver/ECKrbAuth.cpp#L137",
"url": "https://github.com/Kopano-dev/kopano-core/blob/master/provider/libserver/ECKrbAuth.cpp#L137"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2192126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192126"
},
{
"refsource": "MISC",
"name": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-342b96903b",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-342b96903b"
},
{
"refsource": "MISC",
"name": "https://src.fedoraproject.org/rpms/zarafa/c/a5a8366ccf07f248fae6edffb5123cfda579bfdb?branch=epel7",
"url": "https://src.fedoraproject.org/rpms/zarafa/c/a5a8366ccf07f248fae6edffb5123cfda579bfdb?branch=epel7"
}
]
}

4
2022/45xxx/CVE-2022-45608.json
View File

@ -59,8 +59,8 @@
},
{
"refsource": "MISC",
"name": "https://outpost24.com/blog/access-control-vulnerability-discovered-in-the-thingsboard-iot-platform",
"url": "https://outpost24.com/blog/access-control-vulnerability-discovered-in-the-thingsboard-iot-platform"
"name": "https://wiki.wizard32.net/en/blog/access-control-vulnerability-ThingsBoard",
"url": "https://wiki.wizard32.net/en/blog/access-control-vulnerability-ThingsBoard"
}
]
}

82
2023/24xxx/CVE-2023-24539.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper input validation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "html/template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.19.9"
},
{
"version_affected": "<",
"version_name": "1.20.0-0",
"version_value": "1.20.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/59720",
"refsource": "MISC",
"name": "https://go.dev/issue/59720"
},
{
"url": "https://go.dev/cl/491615",
"refsource": "MISC",
"name": "https://go.dev/cl/491615"
},
{
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1751",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2023-1751"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Nurminen of Mattermost"
}
]
}

82
2023/24xxx/CVE-2023-24540.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper input validation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "html/template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.19.9"
},
{
"version_affected": "<",
"version_name": "1.20.0-0",
"version_value": "1.20.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/59721",
"refsource": "MISC",
"name": "https://go.dev/issue/59721"
},
{
"url": "https://go.dev/cl/491616",
"refsource": "MISC",
"name": "https://go.dev/cl/491616"
},
{
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1752",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2023-1752"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Nurminen of Mattermost"
}
]
}

2
2023/24xxx/CVE-2023-24788.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php."
"value": "NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php."
}
]
},

82
2023/29xxx/CVE-2023-29400.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper input validation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "html/template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.19.9"
},
{
"version_affected": "<",
"version_name": "1.20.0-0",
"version_value": "1.20.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/59722",
"refsource": "MISC",
"name": "https://go.dev/issue/59722"
},
{
"url": "https://go.dev/cl/491617",
"refsource": "MISC",
"name": "https://go.dev/cl/491617"
},
{
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1753",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2023-1753"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Nurminen of Mattermost"
}
]
}

2
2023/30xxx/CVE-2023-30093.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file."
"value": "A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard."
}
]
},

5
2023/30xxx/CVE-2023-30094.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "https://www.youtube.com/watch?v=8VbTm2sIdBE",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=8VbTm2sIdBE"
},
{
"url": "https://github.com/totaljs/flow/issues/100",
"refsource": "MISC",

5
2023/30xxx/CVE-2023-30095.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC",
"name": "https://github.com/totaljs/messenger/issues/11"
},
{
"url": "https://www.youtube.com/watch?v=nzhIKn999Mk",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=nzhIKn999Mk"
},
{
"refsource": "MISC",
"name": "https://www.edoardoottavianelli.it/CVE-2023-30095/",

5
2023/30xxx/CVE-2023-30096.json
View File

@ -57,11 +57,6 @@
"refsource": "MISC",
"name": "https://github.com/totaljs/messenger/issues/10"
},
{
"url": "https://www.youtube.com/watch?v=1SMQKRiibHw",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=1SMQKRiibHw"
},
{
"refsource": "MISC",
"name": "https://www.edoardoottavianelli.it/CVE-2023-30096/",

5
2023/30xxx/CVE-2023-30097.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "https://www.youtube.com/watch?v=qX_wuVQsj1I",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=qX_wuVQsj1I"
},
{
"url": "https://github.com/totaljs/messenger/issues/9",
"refsource": "MISC",

18
2023/32xxx/CVE-2023-32673.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32673",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/32xxx/CVE-2023-32674.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}