admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-08 22:00:37 +00:00
parent f843416ef5
commit 57dcca125e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 715 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/41xxx/CVE-2022-41723.json
View File

@ -134,6 +134,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
}
]
},

5
2023/0xxx/CVE-2023-0001.json
View File

@ -96,6 +96,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/11/08/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/11/08/5"
}
]
},

5
2023/21xxx/CVE-2023-21930.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
"refsource": "MISC",

5
2023/21xxx/CVE-2023-21937.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
"refsource": "MISC",

5
2023/21xxx/CVE-2023-21938.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
"refsource": "MISC",

5
2023/21xxx/CVE-2023-21939.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
"refsource": "MISC",

5
2023/21xxx/CVE-2023-21954.json
View File

@ -82,6 +82,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
"refsource": "MISC",

5
2023/21xxx/CVE-2023-21967.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
"refsource": "MISC",

5
2023/21xxx/CVE-2023-21968.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
"refsource": "MISC",

5
2023/2xxx/CVE-2023-2033.json
View File

@ -64,6 +64,11 @@
"refsource": "MISC",
"name": "https://crbug.com/1432210"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5390",
"refsource": "MISC",

61
2023/36xxx/CVE-2023-36667.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-36667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",
"refsource": "MISC",
"name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
},
{
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/",
"url": "https://www.couchbase.com/alerts/"
}
]
}

2
2023/38xxx/CVE-2023-38994.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function."
"value": "The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users."
}
]
},

5
2023/3xxx/CVE-2023-3079.json
View File

@ -64,6 +64,11 @@
"refsource": "MISC",
"name": "https://crbug.com/1450481"
},
{
"url": "https://www.couchbase.com/alerts/",
"refsource": "MISC",
"name": "https://www.couchbase.com/alerts/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5420",
"refsource": "MISC",

56
2023/45xxx/CVE-2023-45857.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/axios/axios/issues/6006",
"url": "https://github.com/axios/axios/issues/6006"
}
]
}

91
2023/47xxx/CVE-2023-47109.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PrestaShop",
"product": {
"product_data": [
{
"product_name": "blockreassurance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 5.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc"
},
{
"url": "https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa"
},
{
"url": "https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823"
},
{
"url": "https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4"
}
]
},
"source": {
"advisory": "GHSA-83j2-qhx2-p7jc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
]
}

95
2023/47xxx/CVE-2023-47111.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zitadel",
"product": {
"product_data": [
{
"product_name": "zitadel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.39.0, < 2.40.5"
},
{
"version_affected": "=",
"version_value": "< 2.38.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4m",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4m"
},
{
"url": "https://github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.38.3",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.38.3"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.40.5",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.40.5"
}
]
},
"source": {
"advisory": "GHSA-7h8m-vrxx-vr4m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

76
2023/47xxx/CVE-2023-47113.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element",
"cweId": "CWE-427"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bleachbit",
"product": {
"product_data": [
{
"product_name": "bleachbit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 4.4.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"refsource": "MISC",
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
]
},
"source": {
"advisory": "GHSA-j8jc-f6p7-55p8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

86
2023/47xxx/CVE-2023-47114.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being bundled together as a data subject access request package for the data subject to download. Supported data formats for the package include json and csv, but the most commonly used format is a series of HTML files compressed in a ZIP file. Once downloaded and unzipped, the data subject user can browse the HTML files on their local machine. It was identified that there was no validation of input coming from e.g. the connected systems and data stores which is later reflected in the downloaded data. This can result in an HTML injection that can be abused e.g. for phishing attacks or malicious JavaScript code execution, but only in the context of the data subject's browser accessing a HTML page using the `file://` protocol. Exploitation is limited to rogue Admin UI users, malicious connected system / data store users, and the data subject user if tricked via social engineering into submitting malicious data themselves. This vulnerability has been patched in version 2.23.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ethyca",
"product": {
"product_data": [
{
"product_name": "fides",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.15.1, < 2.23.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-3vpf-mcj7-5h38",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/security/advisories/GHSA-3vpf-mcj7-5h38"
},
{
"url": "https://github.com/ethyca/fides/commit/50360a0e24aac858459806bb140bb1c4b71e67a1",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/commit/50360a0e24aac858459806bb140bb1c4b71e67a1"
},
{
"url": "https://github.com/ethyca/fides/releases/tag/2.23.3",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/releases/tag/2.23.3"
}
]
},
"source": {
"advisory": "GHSA-3vpf-mcj7-5h38",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

97
2023/4xxx/CVE-2023-4632.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element",
"cweId": "CWE-427"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "Lenovo System Update",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions prior to 5.08.02.25"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-135367",
"refsource": "MISC",
"name": "https://support.lenovo.com/us/en/product_security/LEN-135367"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo System Update to version 5.08.02.25 or later as indicated in the advisory.&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-135367\">https://support.lenovo.com/us/en/product_security/LEN-135367</a><br>"
}
],
"value": "Update Lenovo System Update to version 5.08.02.25 or later as indicated in the advisory.\u00a0 https://support.lenovo.com/us/en/product_security/LEN-135367 \n"
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Matt Nelson, Hunter Orrantia and Max Harley of SpecterOps for reporting this issue. "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2023/4xxx/CVE-2023-4706.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nA privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "1Lenovo Preload Directory",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Refer to Mitigation strategy section in LEN-127385"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-127385",
"refsource": "MISC",
"name": "https://support.lenovo.com/us/en/product_security/LEN-127385"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Refer to Mitigation strategy section in the advisory:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-127385\">https://support.lenovo.com/us/en/product_security/LEN-127385</a><br>"
}
],
"value": "Refer to Mitigation strategy section in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-127385 \n"
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Steven Pritchard for reporting this issue. "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/6xxx/CVE-2023-6043.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6044.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}