admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-05 22:00:45 +00:00
parent bf35315a0c
commit 8bcbd5de94
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 510 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2013/10xxx/CVE-2013-10030.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Exit Box Lite Plugin bis 1.06 f\u00fcr WordPress entdeckt. Dies betrifft einen unbekannten Teil der Datei wordpress-exit-box-lite.php. Mit der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.10 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fad26701addb862c51baf85c6e3cc136aa79c309 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Exit Box Lite Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.06"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.230672",
"refsource": "MISC",
"name": "https://vuldb.com/?id.230672"
},
{
"url": "https://vuldb.com/?ctiid.230672",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.230672"
},
{
"url": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "MEDIUM"
}
]
}

2
2021/21xxx/CVE-2021-21741.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor's java object service is enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending a deserialized payload to port 5001."
"value": "There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command."
}
]
}

97
2022/48xxx/CVE-2022-48181.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-48181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "ThinkStation BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-124495",
"refsource": "MISC",
"name": "https://support.lenovo.com/us/en/product_security/LEN-124495"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo product security advisory:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-124495\">https://support.lenovo.com/us/en/product_security/LEN-124495</a>"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo product security advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-124495 https://support.lenovo.com/us/en/product_security/LEN-124495 "
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks River Li and Fangtao Cao for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2022/48xxx/CVE-2022-48188.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-48188",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "ThinkStation BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-124495",
"refsource": "MISC",
"name": "https://support.lenovo.com/us/en/product_security/LEN-124495"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-124495\">https://support.lenovo.com/us/en/product_security/LEN-124495</a>"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-124495 https://support.lenovo.com/us/en/product_security/LEN-124495 "
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks River Li and Fangtao Cao for reporting this issue. "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

126
2023/24xxx/CVE-2023-24510.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2023-05-31T15:00:00.000Z",
"ID": "CVE-2023-24510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arista EOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.25.0F",
"version_value": "4.25.10M"
},
{
"version_affected": "<=",
"version_name": "4.26.0F",
"version_value": "4.26.9M"
},
{
"version_affected": "<=",
"version_name": "4.27.0F",
"version_value": "4.27.9M"
},
{
"version_affected": "<=",
"version_name": "4.28.0F",
"version_value": "4.28.6.1M"
},
{
"version_affected": "<=",
"version_name": "4.29.0F",
"version_value": "4.29.1F"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "In order to be vulnerable to CVE-2023-24510, the following condition must be met:\nAt least two \u201cip helper-address\u201d commands for the DHCP server are configured on the same interface.\n \u2013 Scenario One: One command uses \u201csource-interface\u201d, with or without being in a VRF. The second command does not use a source-interface and does not use a VRF.\n \u2013 Scenario Two: One command is run inside of a VRF. The second command does not use a source-interface and does not use a VRF."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087"
}
]
},
"solution": [
{
"lang": "eng",
"value": "CVE-2023-24510 has been fixed in the following releases:\n - 4.29.2F and later releases in the 4.29.x train\n - 4.28.7M and later releases in the 4.28.x train\n - 4.27.10M and later releases in the 4.27.x train\n - 4.26.10M and later releases in the 4.26.x train"
}
],
"source": {
"advisory": "Security Advisory 0087",
"defect": [
"BUG753188"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "The hotfix https://www.arista.com/support/advisories-notices/sa-download?sa=87-SecurityAdvisory87_Hotfix.swix can be used to remediate CVE-2023-24510. The hotfix only applies to the releases listed below and no other releases:\n - 4.29.1F and below releases in the 4.29.x train\n - 4.28.6.1M and below releases in the 4.28.x train\n - 4.27.9M and below releases in the 4.27.x train\n - 4.26.9M and below releases in the 4.26.x train\n - 4.25.10M and below releases in the 4.25.x train"
}
]
}

5
2023/2xxx/CVE-2023-2704.json
View File

@ -73,6 +73,11 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2914042%40bp-social-connect%2Ftrunk&old=1904372%40bp-social-connect%2Ftrunk&sfp_email=&sfph_mail=#file6",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2914042%40bp-social-connect%2Ftrunk&old=1904372%40bp-social-connect%2Ftrunk&sfp_email=&sfph_mail=#file6"
},
{
"url": "https://lana.codes/lanavdb/1bd0dfd9-ffec-4d69-bc55-286751300cab/",
"refsource": "MISC",
"name": "https://lana.codes/lanavdb/1bd0dfd9-ffec-4d69-bc55-286751300cab/"
}
]
},

5
2023/2xxx/CVE-2023-2706.json
View File

@ -68,6 +68,11 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2912731%40mobile-login-woocommerce&new=2912731%40mobile-login-woocommerce&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2912731%40mobile-login-woocommerce&new=2912731%40mobile-login-woocommerce&sfp_email=&sfph_mail="
},
{
"url": "https://lana.codes/lanavdb/87b5e80e-fd5b-47c3-bf82-088bdf4573b5/",
"refsource": "MISC",
"name": "https://lana.codes/lanavdb/87b5e80e-fd5b-47c3-bf82-088bdf4573b5/"
}
]
},

50
2023/3xxx/CVE-2023-3027.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RHACM",
"version": {
"version_data": [
{
"version_value": "2.5, 2.6, 2.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created."
}
]
}

59
2023/3xxx/CVE-2023-3079.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3079",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "114.0.5735.110",
"version_value": "114.0.5735.110"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1450481",
"refsource": "MISC",
"name": "https://crbug.com/1450481"
}
]
}