From 71c4bda5248f663ae16bf8a450699878c7b7c589 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 Sep 2023 06:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/5xxx/CVE-2015-5467.json | 53 ++++++++++++++++++++++- 2015/8xxx/CVE-2015-8371.json | 63 ++++++++++++++++++++++++++- 2018/5xxx/CVE-2018-5478.json | 53 ++++++++++++++++++++++- 2023/39xxx/CVE-2023-39252.json | 78 ++++++++++++++++++++++++++++++++-- 2023/43xxx/CVE-2023-43669.json | 72 +++++++++++++++++++++++++++++++ 5 files changed, 309 insertions(+), 10 deletions(-) create mode 100644 2023/43xxx/CVE-2023-43669.json diff --git a/2015/5xxx/CVE-2015-5467.json b/2015/5xxx/CVE-2015-5467.json index d166c4527f7..c4486a3e069 100644 --- a/2015/5xxx/CVE-2015-5467.json +++ b/2015/5xxx/CVE-2015-5467.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5467", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "web\\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix", + "refsource": "MISC", + "name": "https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix" + }, + { + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml", + "refsource": "MISC", + "name": "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml" } ] } diff --git a/2015/8xxx/CVE-2015-8371.json b/2015/8xxx/CVE-2015-8371.json index 712f27afb60..a965667e0cd 100644 --- a/2015/8xxx/CVE-2015-8371.json +++ b/2015/8xxx/CVE-2015-8371.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8371", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html", + "refsource": "MISC", + "name": "https://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html" + }, + { + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml", + "refsource": "MISC", + "name": "https://github.com/FriendsOfPHP/security-advisories/blob/e26be423c5bcfdb38478d2f92d1f928c15afb561/composer/composer/CVE-2015-8371.yaml" + }, + { + "url": "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/composer/composer/CVE-2015-8371.yml" + }, + { + "url": "https://github.com/composer/composer", + "refsource": "MISC", + "name": "https://github.com/composer/composer" } ] } diff --git a/2018/5xxx/CVE-2018-5478.json b/2018/5xxx/CVE-2018-5478.json index 0851fa2849d..ff7fc628248 100644 --- a/2018/5xxx/CVE-2018-5478.json +++ b/2018/5xxx/CVE-2018-5478.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5478", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml", + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml" + }, + { + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397", + "url": "https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397" } ] } diff --git a/2023/39xxx/CVE-2023-39252.json b/2023/39xxx/CVE-2023-39252.json index 0af1a868a25..753cfa6fb68 100644 --- a/2023/39xxx/CVE-2023-39252.json +++ b/2023/39xxx/CVE-2023-39252.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Secure Connect Gateway (SCG) Policy Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.16.00.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43669.json b/2023/43xxx/CVE-2023-43669.json new file mode 100644 index 00000000000..50f6e7758d9 --- /dev/null +++ b/2023/43xxx/CVE-2023-43669.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-43669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/snapview/tungstenite-rs/issues/376", + "refsource": "MISC", + "name": "https://github.com/snapview/tungstenite-rs/issues/376" + }, + { + "url": "https://cwe.mitre.org/data/definitions/407.html", + "refsource": "MISC", + "name": "https://cwe.mitre.org/data/definitions/407.html" + }, + { + "url": "https://crates.io/crates/tungstenite/versions", + "refsource": "MISC", + "name": "https://crates.io/crates/tungstenite/versions" + } + ] + } +} \ No newline at end of file