admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-03 05:00:36 +00:00
parent 2fb96c7c44
commit 81e1483c7b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 405 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
2023/26xxx/CVE-2023-26150.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26150",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.\r\r**Note:**\r\rThis issue is a result of missing checks for services that require an active session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "asyncua",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "0.9.96"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435"
},
{
"url": "https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121",
"refsource": "MISC",
"name": "https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1014",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1014"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1015",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1015"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tran Van Arthur"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"
}
]
}

104
2023/26xxx/CVE-2023-26151.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "asyncua",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "0.9.96"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709"
},
{
"url": "https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8",
"refsource": "MISC",
"name": "https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1013",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1013"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1039",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1039"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262"
},
{
"url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96",
"refsource": "MISC",
"name": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tran Van Arthur"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"
}
]
}

89
2023/26xxx/CVE-2023-26152.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "static-server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341"
},
{
"url": "https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d",
"refsource": "MISC",
"name": "https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d"
},
{
"url": "https://github.com/nbluis/static-server/blob/master/server.js%23L218-L223",
"refsource": "MISC",
"name": "https://github.com/nbluis/static-server/blob/master/server.js%23L218-L223"
}
]
},
"credits": [
{
"lang": "en",
"value": "Liran Tal - Snyk Research Team"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P"
}
]
}

5
2023/35xxx/CVE-2023-35074.json
View File

@ -131,6 +131,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/2"
}
]
}

5
2023/40xxx/CVE-2023-40417.json
View File

@ -109,6 +109,11 @@
"url": "https://support.apple.com/en-us/HT213937",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213937"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/2"
}
]
}

5
2023/40xxx/CVE-2023-40451.json
View File

@ -63,6 +63,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/2"
}
]
}

5
2023/41xxx/CVE-2023-41074.json
View File

@ -131,6 +131,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/2"
}
]
}

5
2023/41xxx/CVE-2023-41993.json
View File

@ -107,6 +107,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ELXBV26Q54BIOVN5LBCJFM2G6VQZ7FO/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ELXBV26Q54BIOVN5LBCJFM2G6VQZ7FO/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/2"
}
]
}

7
2023/44xxx/CVE-2023-44216.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin."
"value": "PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin."
}
]
},
@ -91,6 +91,11 @@
"url": "https://news.ycombinator.com/item?id=37663159",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=37663159"
},
{
"refsource": "MISC",
"name": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/",
"url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack/"
}
]
}

5
2023/44xxx/CVE-2023-44488.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231001 [SECURITY] [DLA 3598-1] libvpx security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2241806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241806"
}
]
}

18
2023/45xxx/CVE-2023-45023.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45024.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

25
2023/4xxx/CVE-2023-4211.json
View File

@ -155,6 +155,31 @@
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"refsource": "MISC",
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2023-09-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2023-09-01"
},
{
"url": "https://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html"
},
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html"
},
{
"url": "https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/",
"refsource": "MISC",
"name": "https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/"
},
{
"url": "https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/",
"refsource": "MISC",
"name": "https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/"
}
]
},

18
2023/5xxx/CVE-2023-5346.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5346",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}