admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-13 21:00:39 +00:00
parent 5833a8e57f
commit 57b04935bb
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 311 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/34xxx/CVE-2023-34118.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Zoom Rooms",
"product_name": "Zoom Rooms for Windows",
"version": {
"version_data": [
{

4
2023/34xxx/CVE-2023-34119.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Insecure temporary file in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": " Insecure temporary file in the installer for Zoom Rooms for Windows\u00a0before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Zoom Rooms",
"product_name": "Zoom Rooms for Windows",
"version": {
"version_data": [
{

93
2023/35xxx/CVE-2023-35945.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-35945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy\u2019s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "envoyproxy",
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.26.0, < 1.26.3"
},
{
"version_affected": "=",
"version_value": ">= 1.25.0, < 1.25.8"
},
{
"version_affected": "=",
"version_value": ">= 1.24.0, < 1.24.9"
},
{
"version_affected": "=",
"version_value": ">= 1.23.0, < 1.23.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r",
"refsource": "MISC",
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
},
{
"url": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346",
"refsource": "MISC",
"name": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346"
}
]
},
"source": {
"advisory": "GHSA-jfxv-29pc-x22r",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

84
2023/36xxx/CVE-2023-36473.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36473",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": " stable >= 3.0.5"
},
{
"version_affected": "=",
"version_value": "beta >= 3.1.0.beta6"
},
{
"version_affected": "=",
"version_value": "tests-passed >= 3.1.0.beta6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-9f52-624j-8ppq"
}
]
},
"source": {
"advisory": "GHSA-9f52-624j-8ppq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

4
2023/36xxx/CVE-2023-36536.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Untrusted search path in the installer for Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": " Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Zoom Rooms",
"product_name": "Zoom Rooms for Windows",
"version": {
"version_data": [
{

4
2023/36xxx/CVE-2023-36537.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": " Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Zoom Rooms",
"product_name": "Zoom Rooms for Windows",
"version": {
"version_data": [
{

4
2023/36xxx/CVE-2023-36538.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Improper access control in Zoom Rooms before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": " Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Zoom Rooms",
"product_name": "Zoom Rooms for Windows",
"version": {
"version_data": [
{

86
2023/37xxx/CVE-2023-37468.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "thm-mni-ii",
"product": {
"product_data": [
{
"product_name": "feedbacksystem",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.5.0, < 1.19.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-g28r-8wg3-7349",
"refsource": "MISC",
"name": "https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-g28r-8wg3-7349"
},
{
"url": "https://github.com/thm-mni-ii/feedbacksystem/commit/8d896125263e1efb1b70990987c7704426325bcf",
"refsource": "MISC",
"name": "https://github.com/thm-mni-ii/feedbacksystem/commit/8d896125263e1efb1b70990987c7704426325bcf"
},
{
"url": "https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.9.2",
"refsource": "MISC",
"name": "https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.9.2"
}
]
},
"source": {
"advisory": "GHSA-g28r-8wg3-7349",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

56
2023/37xxx/CVE-2023-37598.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-37598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/sahiloj/CVE-2023-37598",
"url": "https://github.com/sahiloj/CVE-2023-37598"
}
]
}