admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-05 18:00:36 +00:00
parent 5e1cf4e40b
commit 76fcbb112f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 400 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/2xxx/CVE-2022-2846.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c",
"name": "https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171697/Calendar-Event-Multi-View-1.4.07-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/171697/Calendar-Event-Multi-View-1.4.07-Cross-Site-Scripting.html"
}
]
},

5
2022/46xxx/CVE-2022-46552.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "https://github.com/c2dc/cve-reported/blob/main/CVE-2022-46552/CVE-2022-46552.md",
"url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2022-46552/CVE-2022-46552.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171710/D-Link-DIR-846-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/171710/D-Link-DIR-846-Remote-Command-Execution.html"
}
]
}

18
2022/4xxx/CVE-2022-4939.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/4xxx/CVE-2022-4940.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2023/22xxx/CVE-2023-22855.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Execution.html"
}
]
}

5
2023/26xxx/CVE-2023-26777.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/louislam/uptime-kuma/issues/2186",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/issues/2186"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171699/Uptime-Kuma-1.19.6-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/171699/Uptime-Kuma-1.19.6-Cross-Site-Scripting.html"
}
]
}

90
2023/28xxx/CVE-2023-28849.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "glpi-project",
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 10.0.0, < 10.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.7",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/releases/tag/10.0.7"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-9r84-jpg3-h4m6",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-9r84-jpg3-h4m6"
}
]
},
"source": {
"advisory": "GHSA-9r84-jpg3-h4m6",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}

90
2023/28xxx/CVE-2023-28852.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "glpi-project",
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 9.5.0, < 9.5.13"
},
{
"version_affected": "=",
"version_value": ">= 10.0.0, < 10.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.7",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/releases/tag/10.0.7"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/9.5.13",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/releases/tag/9.5.13"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-65gq-p8hg-7m92",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-65gq-p8hg-7m92"
}
]
},
"source": {
"advisory": "GHSA-65gq-p8hg-7m92",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

95
2023/28xxx/CVE-2023-28855.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pluginsGLPI",
"product": {
"product_data": [
{
"product_name": "fields",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.13.1"
},
{
"version_affected": "=",
"version_value": ">= 1.20.0, < 1.20.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/fields/security/advisories/GHSA-52vv-hm4x-8584"
},
{
"url": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/fields/commit/784260be7db185bb1e7d66b299997238c4c0205d"
},
{
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.13.1"
},
{
"url": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/fields/releases/tag/1.20.4"
}
]
},
"source": {
"advisory": "GHSA-52vv-hm4x-8584",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

85
2023/29xxx/CVE-2023-29006.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pluginsGLPI",
"product": {
"product_data": [
{
"product_name": "order",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.8.0, < 2.7.7"
},
{
"version_affected": "=",
"version_value": ">= 2.10.0, < 2.10.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/order/security/advisories/GHSA-xfx2-qx2r-3wwm"
},
{
"url": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/order/commit/c78e64b95e54d5e47d9835984c93049f245b579e"
}
]
},
"source": {
"advisory": "GHSA-xfx2-qx2r-3wwm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}