admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-18 22:00:35 +00:00
parent 3f0430e591
commit 87d25e0418
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 569 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
2023/28xxx/CVE-2023-28004.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\nA CWE-129: Improper validation of an array index vulnerability exists where a specially crafted\nEthernet request could result in denial of service or remote code execution. \n\n \n\n \n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-129 Improper Validation of Array Index",
"cweId": "CWE-129"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "PowerLogic HDPM6000",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "V0.58.6",
"version_value": "prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-02.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-02.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

84
2023/29xxx/CVE-2023-29002.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cilium",
"product": {
"product_data": [
{
"product_name": "cilium",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.7, < 1.11.16"
},
{
"version_affected": "=",
"version_value": ">= 1.12.0, < 1.12.9"
},
{
"version_affected": "=",
"version_value": ">= 1.13.0, < 1.13.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
}
]
},
"source": {
"advisory": "GHSA-pg5p-wwp8-97g8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}

80
2023/29xxx/CVE-2023-29196.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29196",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker\u2019s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker\u2019s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable: < 3.0.3"
},
{
"version_affected": "=",
"version_value": "beta: < 3.1.0.beta4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-986p-4x8q-8f48"
}
]
},
"source": {
"advisory": "GHSA-986p-4x8q-8f48",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

103
2023/29xxx/CVE-2023-29410.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29410",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nA CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated\nattacker to gain the same privilege as the application on the server when a malicious payload is\nprovided over HTTP for the server to execute. \n\n \n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "InsightHome",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "v1.16 Build 004",
"version_value": "prior"
}
]
}
},
{
"product_name": "InsightFacility",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "v1.16 Build 004",
"version_value": "prior"
}
]
}
},
{
"product_name": "Conext Gateway",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "v1.16 Build 004",
"version_value": "prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

80
2023/30xxx/CVE-2023-30538.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users\u2019 browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Users are advised to upgrade. For users unable to upgrade there are two possible workarounds: enable CDN handing of uploads (and ensure the CDN sanitizes SVG files) or disable SVG file uploads by ensuring that the `authorized extensions` site setting does not include `svg` (or reset that setting to the default, by default Discourse doesn't enable SVG uploads by users). "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable: < 3.0.3"
},
{
"version_affected": "=",
"version_value": "beta: < 3.1.0.beta4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-w5mv-4pjf-xj43"
}
]
},
"source": {
"advisory": "GHSA-w5mv-4pjf-xj43",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

80
2023/30xxx/CVE-2023-30606.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable: < 3.0.2"
},
{
"version_affected": "=",
"version_value": "beta: < 3.1.0.beta3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jj93-w3mv-3jvv"
}
]
},
"source": {
"advisory": "GHSA-jj93-w3mv-3jvv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

91
2023/30xxx/CVE-2023-30608.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "andialbrecht",
"product": {
"product_data": [
{
"product_name": "sqlparse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.1.15, < 0.4.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2",
"refsource": "MISC",
"name": "https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2"
},
{
"url": "https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb",
"refsource": "MISC",
"name": "https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb"
},
{
"url": "https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a",
"refsource": "MISC",
"name": "https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a"
},
{
"url": "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS",
"refsource": "MISC",
"name": "https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"
}
]
},
"source": {
"advisory": "GHSA-rrm6-wvj7-cwh2",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}