admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-09 22:00:37 +00:00
parent a07c9a59e2
commit 57d41a7da9
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 297 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2023/43xxx/CVE-2023-43641.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43641",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "lipnitsk",
"product": {
"product_data": [
{
"product_name": "libcue",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 2.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/",
"refsource": "MISC",
"name": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/"
}
]
},
"source": {
"advisory": "GHSA-345j-mp2x-2x7w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

61
2023/43xxx/CVE-2023-43899.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-43899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/len0m0/hansuncmssqli/blob/main/README.md",
"refsource": "MISC",
"name": "https://github.com/len0m0/hansuncmssqli/blob/main/README.md"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/len0m0/9cb2e87cb517db297be1b2f110248295",
"url": "https://gist.github.com/len0m0/9cb2e87cb517db297be1b2f110248295"
}
]
}

89
2023/5xxx/CVE-2023-5462.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5462",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In XINJE XD5E-30R-E 3.5.3b wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Modbus Handler. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XINJE",
"product": {
"product_data": [
{
"product_name": "XD5E-30R-E",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.5.3b"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.241585",
"refsource": "MISC",
"name": "https://vuldb.com/?id.241585"
},
{
"url": "https://vuldb.com/?ctiid.241585",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.241585"
},
{
"url": "https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.1,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C"
}
]
}

89
2023/5xxx/CVE-2023-5463.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5463",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in XINJE XDPPro bis 3.7.17a ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion in der Bibliothek cfgmgr32.dll. Durch Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path",
"cweId": "CWE-427"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XINJE",
"product": {
"product_data": [
{
"product_name": "XDPPro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7.17a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.241586",
"refsource": "MISC",
"name": "https://vuldb.com/?id.241586"
},
{
"url": "https://vuldb.com/?ctiid.241586",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.241586"
},
{
"url": "https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.8,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"
}
]
}