admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-06 19:00:41 +00:00
parent 5ecff95a99
commit 828e209dfb
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
19 changed files with 556 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/35xxx/CVE-2020-35525.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14", "name": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14",
"url": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14" "url": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0007/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0007/"
} }
] ]
}, },

5
2020/36xxx/CVE-2020-36732.json
View File

@ -76,6 +76,11 @@
"url": "https://github.com/brix/crypto-js/compare/3.2.0...3.2.1", "url": "https://github.com/brix/crypto-js/compare/3.2.0...3.2.1",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/brix/crypto-js/compare/3.2.0...3.2.1" "name": "https://github.com/brix/crypto-js/compare/3.2.0...3.2.1"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0003/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0003/"
} }
] ]
} }

5
2022/3xxx/CVE-2022-3515.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-3515", "name": "https://access.redhat.com/security/cve/CVE-2022-3515",
"url": "https://access.redhat.com/security/cve/CVE-2022-3515" "url": "https://access.redhat.com/security/cve/CVE-2022-3515"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0008/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0008/"
} }
] ]
}, },

2
2023/1xxx/CVE-2023-1298.json
View File

@ -42,7 +42,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "Tokyo Patch 4b" "version_value": "San Diego Patch 10"
} }
] ]
} }

5
2023/26xxx/CVE-2023-26965.json
View File

@ -56,6 +56,11 @@
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472", "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472",
"refsource": "MISC", "refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472" "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0009/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0009/"
} }
] ]
} }

5
2023/2xxx/CVE-2023-2183.json
View File

@ -116,6 +116,11 @@
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3", "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3" "name": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230706-0002/"
} }
] ]
}, },

5
2023/2xxx/CVE-2023-2454.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-2454/", "name": "https://www.postgresql.org/support/security/CVE-2023-2454/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2454/" "url": "https://www.postgresql.org/support/security/CVE-2023-2454/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0006/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0006/"
} }
] ]
}, },

5
2023/2xxx/CVE-2023-2455.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-2455/", "name": "https://www.postgresql.org/support/security/CVE-2023-2455/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2455/" "url": "https://www.postgresql.org/support/security/CVE-2023-2455/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0006/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0006/"
} }
] ]
}, },

5
2023/2xxx/CVE-2023-2700.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306", "name": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306",
"url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306" "url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0001/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0001/"
} }
] ]
}, },

5
2023/2xxx/CVE-2023-2801.json
View File

@ -81,6 +81,11 @@
"url": "https://grafana.com/security/security-advisories/cve-2023-2801/", "url": "https://grafana.com/security/security-advisories/cve-2023-2801/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://grafana.com/security/security-advisories/cve-2023-2801/" "name": "https://grafana.com/security/security-advisories/cve-2023-2801/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230706-0002/"
} }
] ]
}, },

5
2023/34xxx/CVE-2023-34149.json
View File

@ -79,6 +79,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/2", "url": "http://www.openwall.com/lists/oss-security/2023/06/14/2",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/06/14/2" "name": "http://www.openwall.com/lists/oss-security/2023/06/14/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230706-0005/"
} }
] ]
}, },

5
2023/34xxx/CVE-2023-34396.json
View File

@ -79,6 +79,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/3", "url": "http://www.openwall.com/lists/oss-security/2023/06/14/3",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/06/14/3" "name": "http://www.openwall.com/lists/oss-security/2023/06/14/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230706-0005/"
} }
] ]
}, },

100
2023/36xxx/CVE-2023-36456.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-36456", "ID": "CVE-2023-36456",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used.\n\nThis poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to.\n\nVersions 2023.4.3 and 2023.5.5 contain a patch for this issue.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-436: Interpretation Conflict",
"cweId": "CWE-436"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "goauthentik",
"product": {
"product_data": [
{
"product_name": "authentik",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2023.4.3"
},
{
"version_affected": "=",
"version_value": ">= 2023.5.0, < 2023.5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-cmxp-jcw7-jjjv",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-cmxp-jcw7-jjjv"
},
{
"url": "https://github.com/goauthentik/authentik/commit/15026748d19d490eb2baf9a9566ead4f805f7dff",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/commit/15026748d19d490eb2baf9a9566ead4f805f7dff"
},
{
"url": "https://github.com/goauthentik/authentik/commit/c07a48a3eccbd7b23026f72136d3392bbc6f795a",
"refsource": "MISC",
"name": "https://github.com/goauthentik/authentik/commit/c07a48a3eccbd7b23026f72136d3392bbc6f795a"
},
{
"url": "https://goauthentik.io/docs/releases/2023.4#fixed-in-202343",
"refsource": "MISC",
"name": "https://goauthentik.io/docs/releases/2023.4#fixed-in-202343"
},
{
"url": "https://goauthentik.io/docs/releases/2023.5#fixed-in-202355",
"refsource": "MISC",
"name": "https://goauthentik.io/docs/releases/2023.5#fixed-in-202355"
}
]
},
"source": {
"advisory": "GHSA-cmxp-jcw7-jjjv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

104
2023/36xxx/CVE-2023-36459.json
View File

@ -1,17 +1,113 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-36459", "ID": "CVE-2023-36459",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mastodon",
"product": {
"product_data": [
{
"product_name": "mastodon",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.3, < 3.5.9"
},
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.0.5"
},
{
"version_affected": "=",
"version_value": ">= 4.1.0, < 4.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-ccm4-vgcc-73hp",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-ccm4-vgcc-73hp"
},
{
"url": "https://github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa7fcf5b95ff761b2",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa7fcf5b95ff761b2"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3"
}
]
},
"source": {
"advisory": "GHSA-ccm4-vgcc-73hp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
} }
] ]
} }

104
2023/36xxx/CVE-2023-36460.json
View File

@ -1,17 +1,113 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-36460", "ID": "CVE-2023-36460",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mastodon",
"product": {
"product_data": [
{
"product_name": "mastodon",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.5.0, < 3.5.9"
},
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.0.5"
},
{
"version_affected": "=",
"version_value": ">= 4.1.0, < 4.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm"
},
{
"url": "https://github.com/mastodon/mastodon/commit/dc8f1fbd976ae544720a4e07120d9a91b2722440",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/commit/dc8f1fbd976ae544720a4e07120d9a91b2722440"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3"
}
]
},
"source": {
"advisory": "GHSA-9928-3cp5-93fm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

104
2023/36xxx/CVE-2023-36461.json
View File

@ -1,17 +1,113 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-36461", "ID": "CVE-2023-36461",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mastodon",
"product": {
"product_data": [
{
"product_name": "mastodon",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.5.9"
},
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.0.5"
},
{
"version_affected": "=",
"version_value": ">= 4.1.0, < 4.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc"
},
{
"url": "https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5"
},
{
"url": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3",
"refsource": "MISC",
"name": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3"
}
]
},
"source": {
"advisory": "GHSA-9pxv-6qvf-pjwc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
} }
] ]
} }

5
2023/3xxx/CVE-2023-3141.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7" "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230706-0004/",
"url": "https://security.netapp.com/advisory/ntap-20230706-0004/"
} }
] ]
}, },

85
2023/3xxx/CVE-2023-3529.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-3529", "ID": "CVE-2023-3529",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Rotem Dynamics Rotem CRM bis 20230729 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /LandingPages/api/otp/send?id=[ID][ampersand]method=sms der Komponente OTP URI Interface. Durch das Beeinflussen mit unbekannten Daten kann eine information exposure through discrepancy-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rotem Dynamics",
"product": {
"product_data": [
{
"product_name": "Rotem CRM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20230729"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.233253",
"refsource": "MISC",
"name": "https://vuldb.com/?id.233253"
},
{
"url": "https://vuldb.com/?ctiid.233253",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.233253"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "MEDIUM"
} }
] ]
} }

18
2023/3xxx/CVE-2023-3530.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}