admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-08 00:00:39 +00:00
parent cf02c961a7
commit 803bc17c8f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 208 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2005/1xxx/CVE-2005-1513.json
View File

@ -131,6 +131,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[oss-security] 20230606 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863", "name": "[oss-security] 20230606 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863",
"url": "http://www.openwall.com/lists/oss-security/2023/06/06/3" "url": "http://www.openwall.com/lists/oss-security/2023/06/06/3"
},
{
"refsource": "FULLDISC",
"name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863",
"url": "http://seclists.org/fulldisclosure/2023/Jun/2"
} }
] ]
} }

10
2022/42xxx/CVE-2022-42837.json
View File

@ -78,6 +78,11 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213535",
"url": "https://support.apple.com/kb/HT213535"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213532", "url": "https://support.apple.com/en-us/HT213532",
@ -112,6 +117,11 @@
"refsource": "FULLDISC", "refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"url": "http://seclists.org/fulldisclosure/2022/Dec/23" "url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
} }
] ]
}, },

5
2022/46xxx/CVE-2022-46705.json
View File

@ -77,6 +77,11 @@
"name": "https://support.apple.com/kb/HT213536", "name": "https://support.apple.com/kb/HT213536",
"url": "https://support.apple.com/kb/HT213536" "url": "https://support.apple.com/kb/HT213536"
}, },
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213535",
"url": "https://support.apple.com/kb/HT213535"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213532", "url": "https://support.apple.com/en-us/HT213532",

5
2023/23xxx/CVE-2023-23520.json
View File

@ -61,6 +61,11 @@
"name": "https://support.apple.com/kb/HT213599", "name": "https://support.apple.com/kb/HT213599",
"url": "https://support.apple.com/kb/HT213599" "url": "https://support.apple.com/kb/HT213599"
}, },
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213601",
"url": "https://support.apple.com/kb/HT213601"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213605", "url": "https://support.apple.com/en-us/HT213605",

5
2023/33xxx/CVE-2023-33863.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt", "name": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt",
"url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt" "url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt"
},
{
"refsource": "FULLDISC",
"name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863",
"url": "http://seclists.org/fulldisclosure/2023/Jun/2"
} }
] ]
} }

5
2023/33xxx/CVE-2023-33864.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt", "name": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt",
"url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt" "url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt"
},
{
"refsource": "FULLDISC",
"name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863",
"url": "http://seclists.org/fulldisclosure/2023/Jun/2"
} }
] ]
} }

5
2023/33xxx/CVE-2023-33865.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt", "name": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt",
"url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt" "url": "https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt"
},
{
"refsource": "FULLDISC",
"name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863",
"url": "http://seclists.org/fulldisclosure/2023/Jun/2"
} }
] ]
} }

90
2023/34xxx/CVE-2023-34238.json
View File

@ -1,17 +1,99 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-34238", "ID": "CVE-2023-34238",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `gatsby@5.9.1` and `gatsby@4.25.7` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gatsbyjs",
"product": {
"product_data": [
{
"product_name": "gatsby",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.9.1"
},
{
"version_affected": "=",
"version_value": "< 4.25.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-c6f8-8r25-c4gc",
"refsource": "MISC",
"name": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-c6f8-8r25-c4gc"
},
{
"url": "https://github.com/gatsbyjs/gatsby/commit/ae5a654eb346b2e7a9d341b809b2f82d34c0f17c",
"refsource": "MISC",
"name": "https://github.com/gatsbyjs/gatsby/commit/ae5a654eb346b2e7a9d341b809b2f82d34c0f17c"
},
{
"url": "https://github.com/gatsbyjs/gatsby/commit/fc22f4ba3ad7ca5fb3592f38f4f0ca8ae60b4bf7",
"refsource": "MISC",
"name": "https://github.com/gatsbyjs/gatsby/commit/fc22f4ba3ad7ca5fb3592f38f4f0ca8ae60b4bf7"
}
]
},
"source": {
"advisory": "GHSA-c6f8-8r25-c4gc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

86
2023/34xxx/CVE-2023-34239.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-34239", "ID": "CVE-2023-34239",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gradio-app",
"product": {
"product_data": [
{
"product_name": "gradio",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.34.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695",
"refsource": "MISC",
"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695"
},
{
"url": "https://github.com/gradio-app/gradio/pull/4370",
"refsource": "MISC",
"name": "https://github.com/gradio-app/gradio/pull/4370"
},
{
"url": "https://github.com/gradio-app/gradio/pull/4406",
"refsource": "MISC",
"name": "https://github.com/gradio-app/gradio/pull/4406"
}
]
},
"source": {
"advisory": "GHSA-3qqg-pgqq-3695",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }