admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-20 22:00:33 +00:00
parent d0fee1ba4a
commit 5cd06778b6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 408 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/23xxx/CVE-2021-23336.json
View File

@ -254,6 +254,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
},

5
2022/0xxx/CVE-2022-0391.json
View File

@ -73,6 +73,11 @@
"refsource": "GENTOO",
"name": "GLSA-202305-02",
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
},

5
2022/48xxx/CVE-2022-48560.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.python.org/issue39421",
"refsource": "MISC",
"name": "https://bugs.python.org/issue39421"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
}

5
2022/48xxx/CVE-2022-48565.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.python.org/issue42051",
"refsource": "MISC",
"name": "https://bugs.python.org/issue42051"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
}

5
2022/48xxx/CVE-2022-48566.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.python.org/issue40791",
"refsource": "MISC",
"name": "https://bugs.python.org/issue40791"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
}

5
2023/24xxx/CVE-2023-24329.json
View File

@ -181,6 +181,11 @@
"refsource": "CERT-VN",
"name": "VU#127587",
"url": "https://www.kb.cert.org/vuls/id/127587"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
}

70
2023/34xxx/CVE-2023-34575.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34575",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-34575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2023/09/19/opartsavecart.html",
"url": "https://security.friendsofpresta.org/modules/2023/09/19/opartsavecart.html"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

61
2023/36xxx/CVE-2023-36109.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-36109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jerryscript-project/jerryscript/issues/5080",
"refsource": "MISC",
"name": "https://github.com/jerryscript-project/jerryscript/issues/5080"
},
{
"refsource": "MISC",
"name": "https://github.com/Limesss/CVE-2023-36109/tree/main",
"url": "https://github.com/Limesss/CVE-2023-36109/tree/main"
}
]
}

56
2023/36xxx/CVE-2023-36234.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36234",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-36234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gozan10/cve/issues/6",
"refsource": "MISC",
"name": "https://github.com/gozan10/cve/issues/6"
}
]
}

85
2023/37xxx/CVE-2023-37279.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-789: Memory Allocation with Excessive Size Value",
"cweId": "CWE-789"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "contribsys",
"product": {
"product_data": [
{
"product_name": "faktory",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/contribsys/faktory/security/advisories/GHSA-x4hh-vjm7-g2jv",
"refsource": "MISC",
"name": "https://github.com/contribsys/faktory/security/advisories/GHSA-x4hh-vjm7-g2jv"
}
]
},
"source": {
"advisory": "GHSA-x4hh-vjm7-g2jv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

61
2023/39xxx/CVE-2023-39675.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sorcery.ie",
"refsource": "MISC",
"name": "https://sorcery.ie"
},
{
"refsource": "MISC",
"name": "https://blog.sorcery.ie/posts/simpleimportproduct_sqli/",
"url": "https://blog.sorcery.ie/posts/simpleimportproduct_sqli/"
}
]
}

5
2023/40xxx/CVE-2023-40217.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
}

56
2023/43xxx/CVE-2023-43135.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43135",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-43135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"
}
]
}

18
2023/43xxx/CVE-2023-43665.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}