admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-15 19:00:34 +00:00
parent 82ce8d907f
commit 7ec96bd4ea
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 290 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2023/32xxx/CVE-2023-32664.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability."
"value": "A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability."
}
]
},

2
2023/33xxx/CVE-2023-33876.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled."
"value": "A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled."
}
]
},

81
2023/36xxx/CVE-2023-36472.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36472",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Strapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "strapi",
"product": {
"product_data": [
{
"product_name": "strapi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.11.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4"
},
{
"url": "https://github.com/strapi/strapi/releases/tag/v4.11.7",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/releases/tag/v4.11.7"
}
]
},
"source": {
"advisory": "GHSA-v8gg-4mq2-88q4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

103
2023/36xxx/CVE-2023-36479.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36479",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-149: Improper Neutralization of Quoting Syntax",
"cweId": "CWE-149"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "eclipse",
"product": {
"product_data": [
{
"product_name": "jetty.project",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 9.0.0, <= 9.4.51"
},
{
"version_affected": "=",
"version_value": ">= 10.0.0, <= 10.0.15"
},
{
"version_affected": "=",
"version_value": ">= 11.0.0, <= 11.0.15"
},
{
"version_affected": "=",
"version_value": "<= 12.0.0-beta1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j",
"refsource": "MISC",
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j"
},
{
"url": "https://github.com/eclipse/jetty.project/pull/9516",
"refsource": "MISC",
"name": "https://github.com/eclipse/jetty.project/pull/9516"
},
{
"url": "https://github.com/eclipse/jetty.project/pull/9888",
"refsource": "MISC",
"name": "https://github.com/eclipse/jetty.project/pull/9888"
},
{
"url": "https://github.com/eclipse/jetty.project/pull/9889",
"refsource": "MISC",
"name": "https://github.com/eclipse/jetty.project/pull/9889"
}
]
},
"source": {
"advisory": "GHSA-3gh6-v5v9-6v9j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
]
}

81
2023/37xxx/CVE-2023-37263.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "strapi",
"product": {
"product_data": [
{
"product_name": "strapi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.12.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc"
},
{
"url": "https://github.com/strapi/strapi/releases/tag/v4.12.1",
"refsource": "MISC",
"name": "https://github.com/strapi/strapi/releases/tag/v4.12.1"
}
]
},
"source": {
"advisory": "GHSA-m284-85mf-cgrc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

34
2023/37xxx/CVE-2023-37905.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability."
"value": "ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n"
}
]
},
@ -48,6 +48,28 @@
}
]
}
},
{
"vendor_name": "typo3",
"product": {
"product_data": [
{
"product_name": "cms-rte-ckeditor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 10.0.0, < 10.4.39"
},
{
"version_affected": "=",
"version_value": ">= 11.0.0, < 11.5.30"
}
]
}
}
]
}
}
]
}
@ -68,6 +90,16 @@
"url": "https://github.com/w8tcha/CKEditor-WordCount-Plugin/commit/a4b154bdf35b3465320136fcb078f196b437c2f1",
"refsource": "MISC",
"name": "https://github.com/w8tcha/CKEditor-WordCount-Plugin/commit/a4b154bdf35b3465320136fcb078f196b437c2f1"
},
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m8fw-p3cr-6jqc",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m8fw-p3cr-6jqc"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-004",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-004"
}
]
},

2
2023/3xxx/CVE-2023-3814.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"value": "CWE-863 Incorrect Authorization"
}
]
}

2
2023/4xxx/CVE-2023-4269.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
"value": "CWE-863 Incorrect Authorization"
}
]
}