admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-04 15:00:37 +00:00
parent 1476df64e9
commit 5c83af6a2c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 500 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2022/0xxx/CVE-2022-0918.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0918",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,26 +27,53 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "1.4",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-0918",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-0918",
"url": "https://access.redhat.com/security/cve/CVE-2022-0918"
"name": "https://access.redhat.com/security/cve/CVE-2022-0918"
},
{
"url": "https://github.com/389ds/389-ds-base/issues/5242",
"refsource": "MISC",
"name": "https://github.com/389ds/389-ds-base/issues/5242"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing."
}
]
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

72
2022/45xxx/CVE-2022-45875.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45875",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache DolphinScheduler",
"version": {
"version_data": [
{
"version_value": "3.0",
"version_affected": "="
},
{
"version_value": "3.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/r0wqzkjsoq17j6ww381kmpx3jjp9hb6r"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "4ra1n of Chaitin Tech"
}
]
}

18
2022/4xxx/CVE-2022-4873.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/4xxx/CVE-2022-4874.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

166
2023/0xxx/CVE-2023-0048.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0048",
"STATE": "PUBLIC",
"TITLE": " Code Injection in lirantal/daloradius"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lirantal/daloradius",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "master-branch"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0048",
"STATE": "PUBLIC",
"TITLE": " Code Injection in lirantal/daloradius"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lirantal/daloradius",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "master-branch"
}
]
}
}
]
},
"vendor_name": "lirantal"
}
}
]
},
"vendor_name": "lirantal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": " Code Injection in GitHub repository lirantal/daloradius prior to master-branch."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in GitHub repository lirantal/daloradius prior to master-branch."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/57abd666-4b9c-4f59-825d-1ec832153e79",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/57abd666-4b9c-4f59-825d-1ec832153e79"
},
{
"name": "https://github.com/lirantal/daloradius/commit/3650eea7277a5c278063214a5b71dbd7d77fc5aa",
"refsource": "MISC",
"url": "https://github.com/lirantal/daloradius/commit/3650eea7277a5c278063214a5b71dbd7d77fc5aa"
}
]
},
"source": {
"advisory": "57abd666-4b9c-4f59-825d-1ec832153e79",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/57abd666-4b9c-4f59-825d-1ec832153e79",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/57abd666-4b9c-4f59-825d-1ec832153e79"
},
{
"name": "https://github.com/lirantal/daloradius/commit/3650eea7277a5c278063214a5b71dbd7d77fc5aa",
"refsource": "MISC",
"url": "https://github.com/lirantal/daloradius/commit/3650eea7277a5c278063214a5b71dbd7d77fc5aa"
}
]
},
"source": {
"advisory": "57abd666-4b9c-4f59-825d-1ec832153e79",
"discovery": "EXTERNAL"
}
}

18
2023/0xxx/CVE-2023-0049.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2023/22xxx/CVE-2023-22457.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22457",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki. The issue has been patched in the CKEditor Integration version 1.64.3. This has also been patched in the version of the CKEditor integration that is bundled starting with XWiki 14.6 RC1. There are no known workarounds for this other than upgrading the CKEditor integration to a fixed version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki-contrib",
"product": {
"product_data": [
{
"product_name": "application-ckeditor",
"version": {
"version_data": [
{
"version_value": "< 1.64.3",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki-contrib/application-ckeditor/security/advisories/GHSA-6mjp-2rm6-9g85",
"refsource": "MISC",
"name": "https://github.com/xwiki-contrib/application-ckeditor/security/advisories/GHSA-6mjp-2rm6-9g85"
},
{
"url": "https://github.com/xwiki-contrib/application-ckeditor/commit/6b1053164386aefc526df7512bc664918aa6849b",
"refsource": "MISC",
"name": "https://github.com/xwiki-contrib/application-ckeditor/commit/6b1053164386aefc526df7512bc664918aa6849b"
},
{
"url": "https://jira.xwiki.org/browse/CKEDITOR-475",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/CKEDITOR-475"
}
]
},
"source": {
"advisory": "GHSA-6mjp-2rm6-9g85",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

86
2023/22xxx/CVE-2023-22460.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22460",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens. Such an encode should be treated as an error, as plain JSON should not be able to encode Bytes. This only impacts uses of the `json` codec. `dag-json` is not impacted. Use of `json` as a decoder is not impacted. This issue is fixed in v0.19.0. As a workaround, one may prefer the `dag-json` codec, which has the ability to encode bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ipld",
"product": {
"product_data": [
{
"product_name": "go-ipld-prime",
"version": {
"version_data": [
{
"version_value": "< 0.19.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ipld/go-ipld-prime/security/advisories/GHSA-c653-6hhg-9x92",
"refsource": "MISC",
"name": "https://github.com/ipld/go-ipld-prime/security/advisories/GHSA-c653-6hhg-9x92"
},
{
"url": "https://github.com/ipld/go-ipld-prime/pull/472",
"refsource": "MISC",
"name": "https://github.com/ipld/go-ipld-prime/pull/472"
},
{
"url": "https://github.com/ipld/go-ipld-prime/releases/tag/v0.19.0",
"refsource": "MISC",
"name": "https://github.com/ipld/go-ipld-prime/releases/tag/v0.19.0"
}
]
},
"source": {
"advisory": "GHSA-c653-6hhg-9x92",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

90
2023/22xxx/CVE-2023-22461.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22461",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. In doing so, literal `<script>`-tags and on-event handlers were detected in versions prior to 0.4.0. As a result, downstream software that relies on `sanitize-svg` and expects resulting SVGs to be safe, may be vulnerable to cross-site scripting. This vulnerability was addressed in v0.4.0. There are no known workarounds"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mattkrick",
"product": {
"product_data": [
{
"product_name": "sanitize-svg",
"version": {
"version_data": [
{
"version_value": "< 0.4",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mattkrick/sanitize-svg/security/advisories/GHSA-h857-2g56-468g",
"refsource": "MISC",
"name": "https://github.com/mattkrick/sanitize-svg/security/advisories/GHSA-h857-2g56-468g"
},
{
"url": "https://github.com/mattkrick/sanitize-svg/commit/b107e453ede7b58adcccae74a3e474c012eec85d",
"refsource": "MISC",
"name": "https://github.com/mattkrick/sanitize-svg/commit/b107e453ede7b58adcccae74a3e474c012eec85d"
}
]
},
"source": {
"advisory": "GHSA-h857-2g56-468g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
]
}