admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-20 15:00:31 +00:00
parent d5fa0d83d5
commit 8067e42ae7
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
21 changed files with 923 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/30xxx/CVE-2022-30114.json
View File

@ -52,16 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "http://fastgate.com",
"refsource": "MISC",
"name": "http://fastgate.com"
},
{
"url": "http://fastweb.com",
"refsource": "MISC",
"name": "http://fastweb.com"
},
{
"refsource": "MISC",
"name": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/",

306
2022/3xxx/CVE-2022-3916.json
View File

@ -1,17 +1,315 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "20.0.2",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Single Sign-On 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.3-1.redhat_00002.1.el7sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.6-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.3-1.redhat_00002.1.el8sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.6-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.3-1.redhat_00002.1.el9sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.6-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "RHEL-8 based Middleware Containers",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.6-15",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.6-20",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:8961",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8961"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8962",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8962"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8963",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8963"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8964",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8964"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8965",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:8965"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1043",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1044",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1045",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1047",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1049",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3916",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-3916"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Peter Flintholm (Trifork) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

18
2023/38xxx/CVE-2023-38584.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2023/3xxx/CVE-2023-3341.json
View File

@ -78,6 +78,11 @@
"url": "https://kb.isc.org/docs/cve-2023-3341",
"refsource": "MISC",
"name": "https://kb.isc.org/docs/cve-2023-3341"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/2"
}
]
},

18
2023/40xxx/CVE-2023-40145.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40145",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

66
2023/42xxx/CVE-2023-42464.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-42464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://netatalk.sourceforge.io/",
"refsource": "MISC",
"name": "https://netatalk.sourceforge.io/"
},
{
"url": "https://netatalk.sourceforge.io/2.0/htmldocs/afpd.8.html",
"refsource": "MISC",
"name": "https://netatalk.sourceforge.io/2.0/htmldocs/afpd.8.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/Netatalk/netatalk/issues/486",
"url": "https://github.com/Netatalk/netatalk/issues/486"
}
]
}

18
2023/43xxx/CVE-2023-43492.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

113
2023/43xxx/CVE-2023-43630.json Normal file
View File

@ -0,0 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-43630",
"ASSIGNER": "cve@asrg.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201d key, but\ndue to the change that was implemented in commit\n\u201c7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\u201d, fixing this issue alone would not solve the\nproblem of the config partition not being measured correctly.\n\nAlso, the \u201cvault\u201d key is sealed/unsealed with SHA1 PCRs instead of\nSHA256. \nThis issue was somewhat mitigated due to all of the PCR extend functions\nupdating both the values of SHA256 and SHA1 for a given PCR ID.\n\nHowever, due to the change that was implemented in commit\n\u201c7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\u201d, this is no longer the case for PCR14, as\nthe code in \u201cmeasurefs.go\u201d explicitly updates only the SHA256 instance of PCR14, which\nmeans that even if PCR14 were to be added to the list of PCRs sealing/unsealing the \u201cvault\u201d\nkey, changes to the config partition would still not be measured.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted \u201cvault\u201d \n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information",
"cweId": "CWE-922"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-328 Use of Weak Hash",
"cweId": "CWE-328"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " LF-Edge, Zededa",
"product": {
"product_data": [
{
"product_name": "EVE OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0.0",
"version_value": "9.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://asrg.io/security-advisories/config-partition-not-measured-from-2-fronts/",
"refsource": "MISC",
"name": "https://asrg.io/security-advisories/config-partition-not-measured-from-2-fronts/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Ilay Levi"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

18
2023/43xxx/CVE-2023-43631.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/43xxx/CVE-2023-43632.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/43xxx/CVE-2023-43633.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/43xxx/CVE-2023-43634.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43634",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

104
2023/43xxx/CVE-2023-43635.json Normal file
View File

@ -0,0 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-43635",
"ASSIGNER": "cve@asrg.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nVault Key Sealed With SHA1 PCRs\n\n\n\n\n\n\nThe measured boot solution implemented in EVE OS leans on a PCR locking mechanism.\n\nDifferent parts of the system update different PCR values in the TPM, resulting in a unique\nvalue for each PCR entry.\n\nThese PCRs are then used in order to seal/unseal a key from the TPM which is used to\nencrypt/decrypt the \u201cvault\u201d directory.\n\nThis \u201cvault\u201d directory is the most sensitive point in the system and as such, its content should\nbe protected.\n\nThis mechanism is noted in Zededa\u2019s documentation as the \u201cmeasured boot\u201d mechanism,\ndesigned to protect said \u201cvault\u201d.\n\nThe code that\u2019s responsible for generating and fetching the key from the TPM assumes that\nSHA256 PCRs are used in order to seal/unseal the key, and as such their presence is being\nchecked.\n\nThe issue here is that the key is not sealed using SHA256 PCRs, but using SHA1 PCRs.\nThis leads to several issues:\n\n\u2022 Machines that have their SHA256 PCRs enabled but SHA1 PCRs disabled, as well\nas not sealing their keys at all, meaning the \u201cvault\u201d is not protected from an attacker.\n\n\u2022 SHA1 is considered insecure and reduces the complexity level required to unseal the\nkey in machines which have their SHA1 PCRs enabled.\n\n\n\nAn attacker can very easily retrieve the contents of the \u201cvault\u201d, which will effectively render\nthe \u201cmeasured boot\u201d mechanism meaningless.\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-328 Use of Weak Hash",
"cweId": "CWE-328"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " LF-Edge, Zededa",
"product": {
"product_data": [
{
"product_name": "EVE OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://asrg.io/security-advisories/vault-key-sealed-with-sha1-pcrs/",
"refsource": "MISC",
"name": "https://asrg.io/security-advisories/vault-key-sealed-with-sha1-pcrs/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Ilay Levi"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

100
2023/43xxx/CVE-2023-43636.json Normal file
View File

@ -0,0 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-43636",
"ASSIGNER": "cve@asrg.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\n\n\nIn EVE OS, the \u201cmeasured boot\u201d mechanism prevents a compromised device from accessing\nthe encrypted data located in the vault.\n\nAs per the \u201cmeasured boot\u201d design, the PCR values calculated at different stages of the boot\nprocess will change if any of their respective parts are changed.\n\nThis includes, among other things, the configuration of the bios, grub, the kernel cmdline,\ninitrd, and more.\n\nHowever, this mechanism does not validate the entire rootfs, so an attacker can edit the\nfilesystem and gain control over the system.\n\nAs the default filesystem used by EVE OS is squashfs, this is somewhat harder than an ext4,\nwhich is easily changeable.\n\nThis will not stop an attacker, as an attacker can repackage the squashfs with their changes\nin it and replace the partition altogether.\n\nThis can also be done directly on the device, as the \u201c003-storage-init\u201d container contains the\n\u201cmksquashfs\u201d and \u201cunsquashfs\u201d binaries (with the corresponding libs).\n\n\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thus not\ntriggering the \u201cmeasured boot\u201d mechanism, and having full access to the vault.\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n\u2022 aa3501d6c57206ced222c33aea15a9169d629141\n\n\u2022 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345 Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " LF-Edge, Zededa",
"product": {
"product_data": [
{
"product_name": "EVE OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0.0",
"version_value": "9.5.0"
},
{
"version_affected": "<",
"version_name": "0",
"version_value": "8.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://asrg.io/security-advisories/19274/",
"refsource": "MISC",
"name": "https://asrg.io/security-advisories/19274/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Ilay Levi"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

18
2023/43xxx/CVE-2023-43637.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/43xxx/CVE-2023-43638.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/43xxx/CVE-2023-43639.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2023/4xxx/CVE-2023-4236.json
View File

@ -63,6 +63,11 @@
"url": "https://kb.isc.org/docs/cve-2023-4236",
"refsource": "MISC",
"name": "https://kb.isc.org/docs/cve-2023-4236"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/2"
}
]
},

18
2023/5xxx/CVE-2023-5087.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5087",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5088.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5089.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5089",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}