admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-23 19:00:33 +00:00
parent 2ac47cb663
commit 8df2bed83d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 207 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/3xxx/CVE-2022-3977.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a732b46736cd8a29092e4b0b1a9ba83e672bf89",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a732b46736cd8a29092e4b0b1a9ba83e672bf89"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230223-0005/",
"url": "https://security.netapp.com/advisory/ntap-20230223-0005/"
}
]
},

5
2022/41xxx/CVE-2022-41858.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798",
"url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230223-0006/",
"url": "https://security.netapp.com/advisory/ntap-20230223-0006/"
}
]
},

5
2022/42xxx/CVE-2022-42898.json
View File

@ -91,6 +91,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230216-0008/",
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230223-0001/",
"url": "https://security.netapp.com/advisory/ntap-20230223-0001/"
}
]
}

5
2022/44xxx/CVE-2022-44792.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230115 [SECURITY] [DLA 3270-1] net-snmp security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230223-0011/",
"url": "https://security.netapp.com/advisory/ntap-20230223-0011/"
}
]
}

5
2022/44xxx/CVE-2022-44793.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230115 [SECURITY] [DLA 3270-1] net-snmp security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230223-0011/",
"url": "https://security.netapp.com/advisory/ntap-20230223-0011/"
}
]
}

171
2023/0xxx/CVE-2023-0315.json
View File

@ -1,89 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0315",
"STATE": "PUBLIC",
"TITLE": "Command Injection in froxlor/froxlor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "froxlor/froxlor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.0.8"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-0315",
"STATE": "PUBLIC",
"TITLE": "Command Injection in froxlor/froxlor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "froxlor/froxlor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.0.8"
}
]
}
}
]
},
"vendor_name": "froxlor"
}
}
]
},
"vendor_name": "froxlor"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943"
},
{
"name": "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a",
"refsource": "MISC",
"url": "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a"
}
]
},
"source": {
"advisory": "ff4e177b-ba48-4913-bbfa-ab8ce0db5943",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943"
},
{
"name": "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a",
"refsource": "MISC",
"url": "https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/171108/Froxlor-2.0.6-Remote-Command-Execution.html"
}
]
},
"source": {
"advisory": "ff4e177b-ba48-4913-bbfa-ab8ce0db5943",
"discovery": "EXTERNAL"
}
}

90
2023/0xxx/CVE-2023-0884.json
View File

@ -4,97 +4,15 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0884",
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=14.3, <15.6.7"
},
{
"version_value": ">=15.7, <15.7.6"
},
{
"version_value": ">=15.8, <15.8.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/379633",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/379633",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1736230",
"url": "https://hackerone.com/reports/1736230",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0884.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0884.json",
"refsource": "CONFIRM"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-3759. Reason: This candidate is a reservation duplicate of CVE-2022-3759. Notes: All CVE users should reference CVE-2022-3759 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [luryus](https://hackerone.com/luryus) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}
}

90
2023/0xxx/CVE-2023-0885.json
View File

@ -4,97 +4,15 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0885",
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=14.0, <15.6.7"
},
{
"version_value": ">=15.7, <15.7.6"
},
{
"version_value": ">=15.8, <15.8.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/383082",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383082",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1766973",
"url": "https://hackerone.com/reports/1766973",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0885.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0885.json",
"refsource": "CONFIRM"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-0518. Reason: This candidate is a reservation duplicate of CVE-2023-0518. Notes: All CVE users should reference CVE-2023-0518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [luryus](https://hackerone.com/luryus) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}
}

90
2023/0xxx/CVE-2023-0886.json
View File

@ -4,97 +4,15 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0886",
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.4, <15.6.7"
},
{
"version_value": ">=15.7, <15.7.6"
},
{
"version_value": ">=15.8, <15.8.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/376247",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/376247",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1685995",
"url": "https://hackerone.com/reports/1685995",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0886.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0886.json",
"refsource": "CONFIRM"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-3411. Reason: This candidate is a reservation duplicate of CVE-2022-3411. Notes: All CVE users should reference CVE-2022-3411 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [cryptopone](https://hackerone.com/cryptopone) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}
}

81
2023/22xxx/CVE-2023-22476.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mantisbt",
"product": {
"product_data": [
{
"product_name": "mantisbt",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.25.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79",
"refsource": "MISC",
"name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79"
},
{
"url": "https://www.mantisbt.org/bugs/view.php?id=31086",
"refsource": "MISC",
"name": "https://www.mantisbt.org/bugs/view.php?id=31086"
}
]
},
"source": {
"advisory": "GHSA-hf4x-6h87-hm79",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

5
2023/25xxx/CVE-2023-25136.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20230222 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"url": "http://www.openwall.com/lists/oss-security/2023/02/22/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230223 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)",
"url": "http://www.openwall.com/lists/oss-security/2023/02/23/3"
}
]
}