admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-26 20:00:39 +00:00
parent db943b7714
commit 6f8d6a270b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
18 changed files with 281 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/24xxx/CVE-2020-24736.json
View File

@ -56,6 +56,11 @@
"url": "https://www.sqlite.org/src/info/4feb3159c6bc3f7e33959",
"refsource": "MISC",
"name": "https://www.sqlite.org/src/info/4feb3159c6bc3f7e33959"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230526-0005/",
"url": "https://security.netapp.com/advisory/ntap-20230526-0005/"
}
]
}

5
2022/4xxx/CVE-2022-4744.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230526-0009/",
"url": "https://security.netapp.com/advisory/ntap-20230526-0009/"
}
]
},

7
2023/0xxx/CVE-2023-0620.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9."
"value": "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\n\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9."
}
]
},
@ -91,6 +91,11 @@
"url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
]
},

5
2023/0xxx/CVE-2023-0665.json
View File

@ -91,6 +91,11 @@
"url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
]
},

5
2023/1xxx/CVE-2023-1670.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230526-0010/",
"url": "https://security.netapp.com/advisory/ntap-20230526-0010/"
}
]
},

5
2023/20xxx/CVE-2023-20862.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://spring.io/security/cve-2023-20862",
"url": "https://spring.io/security/cve-2023-20862"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230526-0002/",
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
}
]
},

5
2023/24xxx/CVE-2023-24534.json
View File

@ -78,6 +78,11 @@
"url": "https://pkg.go.dev/vuln/GO-2023-1704",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2023-1704"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230526-0007/"
}
]
},

15
2023/24xxx/CVE-2023-24536.json
View File

@ -76,11 +76,6 @@
},
"references": {
"reference_data": [
{
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
},
{
"url": "https://go.dev/issue/59153",
"refsource": "MISC",
@ -101,10 +96,20 @@
"refsource": "MISC",
"name": "https://go.dev/cl/482077"
},
{
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1705",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2023-1705"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230526-0007/"
}
]
},

5
2023/25xxx/CVE-2023-25000.json
View File

@ -101,6 +101,11 @@
"url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
]
},

5
2023/26xxx/CVE-2023-26048.json
View File

@ -86,6 +86,11 @@
"url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload",
"refsource": "MISC",
"name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230526-0001/"
}
]
},

5
2023/26xxx/CVE-2023-26049.json
View File

@ -90,6 +90,11 @@
"url": "https://www.rfc-editor.org/rfc/rfc6265",
"refsource": "MISC",
"name": "https://www.rfc-editor.org/rfc/rfc6265"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230526-0001/"
}
]
},

5
2023/28xxx/CVE-2023-28755.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230526-0003/",
"url": "https://security.netapp.com/advisory/ntap-20230526-0003/"
}
]
}

5
2023/28xxx/CVE-2023-28756.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230526-0004/",
"url": "https://security.netapp.com/advisory/ntap-20230526-0004/"
}
]
}

5
2023/29xxx/CVE-2023-29323.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae",
"url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230526-0006/",
"url": "https://security.netapp.com/advisory/ntap-20230526-0006/"
}
]
}

18
2023/2xxx/CVE-2023-2921.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2023/33xxx/CVE-2023-33197.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33197",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "craftcms",
"product": {
"product_data": [
{
"product_name": "cms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.0.0-RC1, <= 4.4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr"
},
{
"url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766"
},
{
"url": "https://github.com/craftcms/cms/releases/tag/4.4.6",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/releases/tag/4.4.6"
}
]
},
"source": {
"advisory": "GHSA-6qjx-787v-6pxr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

56
2023/33xxx/CVE-2023-33247.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs",
"url": "https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs"
}
]
}

61
2023/33xxx/CVE-2023-33255.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://schutzwerk.com",
"refsource": "MISC",
"name": "https://schutzwerk.com"
},
{
"refsource": "MISC",
"name": "https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt",
"url": "https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt"
}
]
}