admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-21 17:00:32 +00:00
parent cb57023f08
commit 9dd5671004
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 444 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/22xxx/CVE-2022-22483.json
View File

@ -89,6 +89,11 @@
"refsource": "XF",
"name": "ibm-db2-cve202222483-info-disc (225979)",
"title": "X-Force Vulnerability Report"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230921-0004/",
"url": "https://security.netapp.com/advisory/ntap-20230921-0004/"
}
]
},

5
2022/33xxx/CVE-2022-33894.json
View File

@ -62,6 +62,11 @@
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html",
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230921-0002/"
}
]
},

5
2022/35xxx/CVE-2022-35637.json
View File

@ -75,6 +75,11 @@
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-db2-cve202235637-dos (230823)"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230921-0003/",
"url": "https://security.netapp.com/advisory/ntap-20230921-0003/"
}
]
},

5
2023/1xxx/CVE-2023-1409.json
View File

@ -74,6 +74,11 @@
"url": "https://jira.mongodb.org/browse/SERVER-77028",
"refsource": "MISC",
"name": "https://jira.mongodb.org/browse/SERVER-77028"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230921-0007/"
}
]
},

70
2023/34xxx/CVE-2023-34577.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34577",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-34577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2023/09/19/opartplannedpopup.html",
"url": "https://security.friendsofpresta.org/modules/2023/09/19/opartplannedpopup.html"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

5
2023/35xxx/CVE-2023-35011.json
View File

@ -63,6 +63,11 @@
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257705",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257705"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230921-0005/"
}
]
},

5
2023/41xxx/CVE-2023-41080.json
View File

@ -74,6 +74,11 @@
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230921-0006/"
}
]
},

99
2023/42xxx/CVE-2023-42458.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the \"Add Documents, Images, and Files\" permission is only assigned to trusted roles. By default, only the Manager has this permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zopefoundation",
"product": {
"product_data": [
{
"product_name": "Zope",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.8.10"
},
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.8.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v",
"refsource": "MISC",
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v"
},
{
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088",
"refsource": "MISC",
"name": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088"
},
{
"url": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb",
"refsource": "MISC",
"name": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb"
}
]
},
"source": {
"advisory": "GHSA-wm8q-9975-xh5v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

95
2023/42xxx/CVE-2023-42805.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42805",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "quinn-rs",
"product": {
"product_data": [
{
"product_name": "quinn",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.9.5"
},
{
"version_affected": "=",
"version_value": ">= 0.10.0, < 0.10.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3",
"refsource": "MISC",
"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3"
},
{
"url": "https://github.com/quinn-rs/quinn/pull/1667",
"refsource": "MISC",
"name": "https://github.com/quinn-rs/quinn/pull/1667"
},
{
"url": "https://github.com/quinn-rs/quinn/pull/1668",
"refsource": "MISC",
"name": "https://github.com/quinn-rs/quinn/pull/1668"
},
{
"url": "https://github.com/quinn-rs/quinn/pull/1669",
"refsource": "MISC",
"name": "https://github.com/quinn-rs/quinn/pull/1669"
}
]
},
"source": {
"advisory": "GHSA-q8wc-j5m9-27w3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

91
2023/42xxx/CVE-2023-42806.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "input-output-hk",
"product": {
"product_data": [
{
"product_name": "hydra",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq",
"refsource": "MISC",
"name": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357",
"refsource": "MISC",
"name": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54",
"refsource": "MISC",
"name": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599",
"refsource": "MISC",
"name": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599"
}
]
},
"source": {
"advisory": "GHSA-gr36-mc6v-72qq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

76
2023/42xxx/CVE-2023-42807.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "frappe",
"product": {
"product_data": [
{
"product_name": "lms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63",
"refsource": "MISC",
"name": "https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63"
}
]
},
"source": {
"advisory": "GHSA-wvq3-3wvp-6x63",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

5
2023/4xxx/CVE-2023-4807.json
View File

@ -83,6 +83,11 @@
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230921-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230921-0001/"
}
]
},