admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-09 17:00:33 +00:00
parent 427716d820
commit 89ea61d6b3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 407 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

193
2021/45xxx/CVE-2021-45036.json
View File

@ -1,15 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-11-23T12:00:00.000Z",
"ID": "CVE-2021-45036",
"STATE": "PUBLIC",
"TITLE": "Velneo vClient improper authentication"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nVelneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Velneo",
"product": {
"product_data": [
{
@ -18,117 +41,101 @@
"version_data": [
{
"version_affected": "=",
"version_name": "28.1.3",
"version_value": "28.1.3"
}
]
}
}
]
},
"vendor_name": "Velneo"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jes\u00fas R\u00f3denas Huerta, @Marmeus"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server."
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0"
},
{
"url": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32",
"refsource": "MISC",
"name": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32"
},
{
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena",
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena"
},
{
"url": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/",
"refsource": "MISC",
"name": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/"
},
{
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps",
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps"
},
{
"url": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps",
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps"
},
{
"url": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver",
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-836: use of password hash instead of password for authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0"
},
{
"refsource": "MISC",
"name": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32",
"url": "https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32"
},
{
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena",
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena"
},
{
"refsource": "MISC",
"name": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/",
"url": "https://velneo.es/mivelneo/listado-de-cambios-velneo-32/"
},
{
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps",
"url": "https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps"
},
{
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps",
"url": "https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps"
},
{
"refsource": "MISC",
"name": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver",
"url": "https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022."
}
],
"source": {
"advisory": "INCIBE-2022-1017",
"defect": [
"INCIBE-2021-0028"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022.</span>\n\n"
}
],
"value": "\nThis vulnerability has been fixed by Velneo team in version 32, released on 11/08/2022.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jes\u00fas R\u00f3denas Huerta, @Marmeus"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}
}

91
2023/45xxx/CVE-2023-45283.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-41: Improper Resolution of Path Equivalence"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "path/filepath",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.20.11"
},
{
"version_affected": "<",
"version_name": "1.21.0-0",
"version_value": "1.21.4"
}
]
}
},
{
"product_name": "internal/safefilepath",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.20.11"
},
{
"version_affected": "<",
"version_name": "1.21.0-0",
"version_value": "1.21.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/63713",
"refsource": "MISC",
"name": "https://go.dev/issue/63713"
},
{
"url": "https://go.dev/cl/540277",
"refsource": "MISC",
"name": "https://go.dev/cl/540277"
},
{
"url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2185",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2023-2185"
}
]
}

74
2023/45xxx/CVE-2023-45284.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-41: Improper Resolution of Path Equivalence"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "path/filepath",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.20.11"
},
{
"version_affected": "<",
"version_name": "1.21.0-0",
"version_value": "1.21.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/63713",
"refsource": "MISC",
"name": "https://go.dev/issue/63713"
},
{
"url": "https://go.dev/cl/540277",
"refsource": "MISC",
"name": "https://go.dev/cl/540277"
},
{
"url": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2186",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2023-2186"
}
]
}

56
2023/45xxx/CVE-2023-45884.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45884",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f",
"url": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f"
}
]
}

56
2023/45xxx/CVE-2023-45885.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f",
"url": "https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f"
}
]
}

56
2023/46xxx/CVE-2023-46894.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/espressif/esptool/issues/926",
"refsource": "MISC",
"name": "https://github.com/espressif/esptool/issues/926"
}
]
}