admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-04 17:00:37 +00:00
parent e92be098b2
commit 789a60ec1b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 102 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
2022/4xxx/CVE-2022-4297.json
View File

@ -39,8 +39,18 @@
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.0.4"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -57,6 +67,11 @@
"url": "https://wpscan.com/vulnerability/e2dcc76c-65ac-4cd6-a5c9-6d813b5ac26d",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/e2dcc76c-65ac-4cd6-a5c9-6d813b5ac26d"
},
{
"url": "http://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.html"
}
]
},

5
2023/21xxx/CVE-2023-21670.json
View File

@ -773,6 +773,11 @@
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin",
"refsource": "MISC",
"name": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
},
{
"url": "http://packetstormsecurity.com/files/173296/Qualcomm-Adreno-KGSL-Insecure-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173296/Qualcomm-Adreno-KGSL-Insecure-Execution.html"
}
]
},

5
2023/24xxx/CVE-2023-24078.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/ojan2021/Fuguhub-8.1-RCE",
"refsource": "MISC",
"name": "https://github.com/ojan2021/Fuguhub-8.1-RCE"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173279/FuguHub-8.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/173279/FuguHub-8.1-Remote-Code-Execution.html"
}
]
}

64
2023/31xxx/CVE-2023-31999.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31999",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it.\r\n\r\nv7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "npm",
"product": {
"product_data": [
{
"product_name": "@fastify/oauth2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v7.2.0",
"version_value": "v7.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/2020418",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2020418"
},
{
"url": "https://auth0.com/docs/secure/attack-protection/state-parameters",
"refsource": "MISC",
"name": "https://auth0.com/docs/secure/attack-protection/state-parameters"
},
{
"url": "https://github.com/fastify/fastify-oauth2/releases/tag/v7.2.0",
"refsource": "MISC",
"name": "https://github.com/fastify/fastify-oauth2/releases/tag/v7.2.0"
}
]
}

5
2023/36xxx/CVE-2023-36346.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://yuyudhn.github.io/pos-codekop-vulnerability/",
"url": "https://yuyudhn.github.io/pos-codekop-vulnerability/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.html"
}
]
}

5
2023/36xxx/CVE-2023-36348.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://yuyudhn.github.io/pos-codekop-vulnerability/",
"url": "https://yuyudhn.github.io/pos-codekop-vulnerability/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.html"
}
]
}

5
2023/36xxx/CVE-2023-36355.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/9/TP-Link%20TL-WR940N%20wireless%20router%20userRpmWanDynamicIpV6CfgRpm%20buffer%20write%20out-of-bounds%20vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/9/TP-Link%20TL-WR940N%20wireless%20router%20userRpmWanDynamicIpV6CfgRpm%20buffer%20write%20out-of-bounds%20vulnerability.md"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173294/TP-Link-TL-WR940N-4-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/173294/TP-Link-TL-WR940N-4-Buffer-Overflow.html"
}
]
}