admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-10 16:00:34 +00:00
parent 8321a7be6b
commit 7fafd19669
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 868 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/0xxx/CVE-2023-0001.json
View File

@ -106,6 +106,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/11/08/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/10/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/11/10/1"
}
]
},

20
2023/42xxx/CVE-2023-42754.json
View File

@ -168,16 +168,6 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2239845"
},
{
"url": "https://seclists.org/oss-sec/2023/q4/14",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2023/q4/14"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/",
"refsource": "MISC",
@ -187,6 +177,16 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/"
},
{
"url": "https://seclists.org/oss-sec/2023/q4/14",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2023/q4/14"
}
]
},

2
2023/45xxx/CVE-2023-45806.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.13 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.13 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the \"bleeding\" by ensuring users only use alphanumeric characters in their full name field."
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they've been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the \"bleeding\" by ensuring users only use alphanumeric characters in their full name field."
}
]
},

2
2023/45xxx/CVE-2023-45816.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.13 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.13 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds."
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds."
}
]
},

2
2023/46xxx/CVE-2023-46130.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source platform for community discussion. Prior to version 3.13 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.13 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. "
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. "
}
]
},

90
2023/47xxx/CVE-2023-47119.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.1.3"
},
{
"version_affected": "=",
"version_value": ">= 3.2.0.beta0, < 3.2.0.beta3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w"
},
{
"url": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09"
},
{
"url": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c"
}
]
},
"source": {
"advisory": "GHSA-j95w-5hvx-jp5w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

90
2023/47xxx/CVE-2023-47120.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.1.0, < 3.1.3"
},
{
"version_affected": "=",
"version_value": ">= 3.1.0.beta6, < 3.2.0.beta3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-77cw-xhj8-hfp3"
},
{
"url": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/95a82d608d6377faf68a0e2c5d9640b043557852"
},
{
"url": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/e910dd09140cb4abc3a563b95af4a137ca7fa0ce"
}
]
},
"source": {
"advisory": "GHSA-77cw-xhj8-hfp3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

90
2023/47xxx/CVE-2023-47121.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.1.3"
},
{
"version_affected": "=",
"version_value": ">= 3.2.0.beta0, < 3.2.0.beta3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc"
},
{
"url": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1"
},
{
"url": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6"
}
]
},
"source": {
"advisory": "GHSA-hp24-94qf-8cgc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

510
2023/47xxx/CVE-2023-47614.json
View File

@ -1,17 +1,519 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telit Cinterion",
"product": {
"product_data": [
{
"product_name": "BGS5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.000 ARN 01.001.08"
}
]
}
},
{
"product_name": "EHS5-E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.013 ARN 01.000.06"
}
]
}
},
{
"product_name": "EHS5-US",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.000"
}
]
}
},
{
"product_name": "EHS5-US Rel.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.013 ARN 01.000.06"
}
]
}
},
{
"product_name": "EHS6",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.000"
}
]
}
},
{
"product_name": "EHS6 Rel.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.000 ARN 00.000.20"
}
]
}
},
{
"product_name": "EHS6 Rel.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "3.001 ARN 00.000.49"
}
]
}
},
{
"product_name": "EHS6 Rel.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.013 ARN 01.000.06"
}
]
}
},
{
"product_name": "EHS6-A Rel.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.013 ARN 01.000.06"
}
]
}
},
{
"product_name": "EHS8",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "3.011 ARN 00.000.60"
}
]
}
},
{
"product_name": "EHS8 Rel.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.013 ARN 01.000.06"
}
]
}
},
{
"product_name": "ELS61-AUS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.000"
}
]
}
},
{
"product_name": "ELS61-AUS Rel.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.004 ARN 00.003.01"
}
]
}
},
{
"product_name": "ELS61-AUS Rel.1 MR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.005 ARN 00.005.01"
}
]
}
},
{
"product_name": "ELS61-E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.000"
}
]
}
},
{
"product_name": "ELS61-E Rel.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.000 ARN 00.030.01"
}
]
}
},
{
"product_name": "ELS61-E Rel.1 MR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.000 ARN 00.032.02"
}
]
}
},
{
"product_name": "ELS61-E Rel.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.000 ARN 01.000.03"
}
]
}
},
{
"product_name": "ELS61-E2 Rel.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.000 ARN 00.026.01"
}
]
}
},
{
"product_name": "ELS61-E2 Rel.1 MR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.000 ARN 00.032.02"
}
]
}
},
{
"product_name": "ELS61-US Rel.1 MR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "1.01 ARN 00.028.01"
}
]
}
},
{
"product_name": "ELS61-US Rel.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.012 ARN 01.000.05"
}
]
}
},
{
"product_name": "ELS81-E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.000"
}
]
}
},
{
"product_name": "ELS81-E Rel.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.000 ARN 01.000.05"
}
]
}
},
{
"product_name": "ELS81-E Rel.1.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "5.001 ARN 01.000.04"
}
]
}
},
{
"product_name": "ELS81-US",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "5.012"
}
]
}
},
{
"product_name": "ELS81-US Rel.1.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "5.012 ARN 01.000.05"
}
]
}
},
{
"product_name": "PDS5-E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "3.001"
}
]
}
},
{
"product_name": "PDS5-E Rel.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "3.001 ARN 00.000.32"
}
]
}
},
{
"product_name": "PDS5-E Rel.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "4.013 ARN 01.000.06"
}
]
}
},
{
"product_name": "PDS5-US",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "PDS6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "PDS8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "PLS62-W",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.01"
}
]
}
},
{
"product_name": "PLS62-W Rel.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "2.01 ARN 01.000.05"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/",
"refsource": "MISC",
"name": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
],
"solution": [
{
"lang": "en",
"value": "Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."
}
],
"credits": [
{
"lang": "en",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

90
2023/6xxx/CVE-2023-6076.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6076",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In PHPGurukul Restaurant Table Booking System 1.0 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei booking-details.php der Komponente Reservation Status Handler. Durch Manipulieren des Arguments bid mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPGurukul",
"product": {
"product_data": [
{
"product_name": "Restaurant Table Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.244945",
"refsource": "MISC",
"name": "https://vuldb.com/?id.244945"
},
{
"url": "https://vuldb.com/?ctiid.244945",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.244945"
}
]
},
"credits": [
{
"lang": "en",
"value": "scumdestroy (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}