admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-07 19:00:40 +00:00
parent 54329f9d70
commit 7c7abed14f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 376 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2022/46xxx/CVE-2022-46285.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libXpm",
"version": {
"version_data": [
{
"version_value": "3.5.15"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library."
}
]
}

50
2022/4xxx/CVE-2022-4883.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libXpm",
"version": {
"version_data": [
{
"version_value": "3.5.15"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2160213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160213"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable."
}
]
}

91
2023/22xxx/CVE-2023-22735.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-436: Interpretation Conflict",
"cweId": "CWE-436"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zulip",
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_value": ">= 04cf68b, < 2f6c5a8",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh",
"refsource": "MISC",
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-wm83-3764-5wqh"
},
{
"url": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da",
"refsource": "MISC",
"name": "https://github.com/zulip/zulip/commit/04cf68b45ebb5c03247a0d6453e35ffc175d55da"
},
{
"url": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3",
"refsource": "MISC",
"name": "https://github.com/zulip/zulip/commit/2f6c5a883e106aa82a570d3d1f243993284b70f3"
},
{
"url": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository",
"refsource": "MISC",
"name": "https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository"
}
]
},
"source": {
"advisory": "GHSA-wm83-3764-5wqh",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2023/24xxx/CVE-2023-24813.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it's possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-436: Interpretation Conflict",
"cweId": "CWE-436"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dompdf",
"product": {
"product_data": [
{
"product_name": "dompdf",
"version": {
"version_data": [
{
"version_value": "= 2.0.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75",
"refsource": "MISC",
"name": "https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75"
},
{
"url": "https://github.com/dompdf/dompdf/commit/95009ea98230f9b084b040c34e3869ef3dccc9aa",
"refsource": "MISC",
"name": "https://github.com/dompdf/dompdf/commit/95009ea98230f9b084b040c34e3869ef3dccc9aa"
}
]
},
"source": {
"advisory": "GHSA-56gj-mvh6-rp75",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

122
2023/24xxx/CVE-2023-24814.json
View File

@ -1,17 +1,131 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TYPO3",
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": ">= 8.7.0, < 8.7.51",
"version_affected": "="
},
{
"version_value": ">= 9.0.0, < 9.5.40",
"version_affected": "="
},
{
"version_value": ">= 10.0.0, < 10.4.36",
"version_affected": "="
},
{
"version_value": "11.0.0, < 11.5.23",
"version_affected": "="
},
{
"version_value": ">= 12.0.0, < 12.2.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3"
},
{
"url": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a"
},
{
"url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix",
"refsource": "MISC",
"name": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix"
},
{
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484"
},
{
"url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-001",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-001"
},
{
"url": "https://typo3.org/security/advisory/typo3-psa-2023-001",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-psa-2023-001"
}
]
},
"source": {
"advisory": "GHSA-r4f8-f93x-5qh3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
]
}