admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-20 19:00:38 +00:00
parent 3802aa802d
commit 9ec8937247
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 342 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
2023/0xxx/CVE-2023-0113.json
View File

@ -44,32 +44,32 @@
"version": {
"version_data": [
{
"version_value": "2.2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2.0"
},
{
"version_value": "2.2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2.1"
},
{
"version_value": "2.2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2.2"
},
{
"version_value": "2.2.3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2.3"
},
{
"version_value": "2.2.4",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2.4"
},
{
"version_value": "2.2.5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2.5"
},
{
"version_value": "2.2.6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2.6"
}
]
}
@ -117,8 +117,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0114.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -87,8 +87,7 @@
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"
}
]
}

3
2023/0xxx/CVE-2023-0125.json
View File

@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0243.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.0.6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.6"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0244.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.0.6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.6"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0245.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

23
2023/0xxx/CVE-2023-0246.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "P8.21120101",
"version_affected": "="
"version_affected": "=",
"version_value": "P8.21120101"
}
]
}
@ -58,11 +58,6 @@
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/earclink/espcms/issues/I6812Q",
"refsource": "MISC",
"name": "https://gitee.com/earclink/espcms/issues/I6812Q"
},
{
"url": "https://vuldb.com/?id.218154",
"refsource": "MISC",
@ -72,9 +67,20 @@
"url": "https://vuldb.com/?ctiid.218154",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218154"
},
{
"url": "https://gitee.com/earclink/espcms/issues/I6812Q",
"refsource": "MISC",
"name": "https://gitee.com/earclink/espcms/issues/I6812Q"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB Gitee Analyzer"
}
],
"impact": {
"cvss": [
{
@ -92,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0256.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0"
}
]
}
@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0257.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0"
}
]
}
@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0258.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0"
}
]
}
@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0281.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0283.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

23
2023/0xxx/CVE-2023-0287.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -58,11 +58,6 @@
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/ityouknow/favorites-web/issues/I684L9",
"refsource": "MISC",
"name": "https://gitee.com/ityouknow/favorites-web/issues/I684L9"
},
{
"url": "https://vuldb.com/?id.218294",
"refsource": "MISC",
@ -72,9 +67,20 @@
"url": "https://vuldb.com/?ctiid.218294",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218294"
},
{
"url": "https://gitee.com/ityouknow/favorites-web/issues/I684L9",
"refsource": "MISC",
"name": "https://gitee.com/ityouknow/favorites-web/issues/I684L9"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB Gitee Analyzer"
}
],
"impact": {
"cvss": [
{
@ -92,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0303.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0304.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0305.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0324.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseSeverity": "HIGH"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

96
2023/45xxx/CVE-2023-45805.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45805",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pdm-project",
"product": {
"product_data": [
{
"product_name": "pdm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.0.0,< 2.9.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9",
"refsource": "MISC",
"name": "https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9"
},
{
"url": "https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831",
"refsource": "MISC",
"name": "https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831"
},
{
"url": "https://github.com/frostming/unearth/blob/eca170d9370ac5032f2e497ee9b1b63823d3fe0f/src/unearth/evaluator.py#L215-L229",
"refsource": "MISC",
"name": "https://github.com/frostming/unearth/blob/eca170d9370ac5032f2e497ee9b1b63823d3fe0f/src/unearth/evaluator.py#L215-L229"
},
{
"url": "https://github.com/pdm-project/pdm/blob/45d1dfa47d4900c14a31b9bb761e4c46eb5c9442/src/pdm/models/candidates.py#L98-L99",
"refsource": "MISC",
"name": "https://github.com/pdm-project/pdm/blob/45d1dfa47d4900c14a31b9bb761e4c46eb5c9442/src/pdm/models/candidates.py#L98-L99"
},
{
"url": "https://peps.python.org/pep-0440/#post-release-spelling",
"refsource": "MISC",
"name": "https://peps.python.org/pep-0440/#post-release-spelling"
}
]
},
"source": {
"advisory": "GHSA-j44v-mmf2-xvm9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2023/46xxx/CVE-2023-46117.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46117",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "six2dez",
"product": {
"product_data": [
{
"product_name": "reconftw",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.7.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/six2dez/reconftw/security/advisories/GHSA-fxwr-vr9x-wvjp",
"refsource": "MISC",
"name": "https://github.com/six2dez/reconftw/security/advisories/GHSA-fxwr-vr9x-wvjp"
},
{
"url": "https://github.com/six2dez/reconftw/commit/e639de356c0880fe5fe01a32de9d0c58afb5f086",
"refsource": "MISC",
"name": "https://github.com/six2dez/reconftw/commit/e639de356c0880fe5fe01a32de9d0c58afb5f086"
}
]
},
"source": {
"advisory": "GHSA-fxwr-vr9x-wvjp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}

18
2023/46xxx/CVE-2023-46289.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46290.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46291.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46291",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46292.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46293.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}