admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-12 12:00:35 +00:00
parent c7234f3d8a
commit a0824982f0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 328 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2023/27xxx/CVE-2023-27169.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://writeback4t.com",
"refsource": "MISC",
"name": "https://writeback4t.com"
},
{
"url": "https://www.xpand-it.com",
"refsource": "MISC",
"name": "https://www.xpand-it.com"
},
{
"url": "https://balwurk.com",
"refsource": "MISC",
"name": "https://balwurk.com"
},
{
"refsource": "MISC",
"name": "https://balwurk.com/cve-use-of-hard-coded-cryptographic-key/",
"url": "https://balwurk.com/cve-use-of-hard-coded-cryptographic-key/"
}
]
}

71
2023/39xxx/CVE-2023-39637.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://d-link.com",
"refsource": "MISC",
"name": "http://d-link.com"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-816",
"refsource": "MISC",
"name": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-816"
},
{
"refsource": "MISC",
"name": "https://github.com/mmmmmx1/dlink/blob/main/DIR-816/readme.md",
"url": "https://github.com/mmmmmx1/dlink/blob/main/DIR-816/readme.md"
}
]
}

74
2023/40xxx/CVE-2023-40611.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows\u00a0authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/airflow/pull/33413",
"refsource": "MISC",
"name": "https://github.com/apache/airflow/pull/33413"
},
{
"url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "happyhacking"
}
]
}

79
2023/40xxx/CVE-2023-40712.json
View File

@ -1,18 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40712",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated\u00a0users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to\u00a0version 2.7.1 or later which has removed the vulnerability."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/airflow/pull/33512",
"refsource": "MISC",
"name": "https://github.com/apache/airflow/pull/33512"
},
{
"url": "https://github.com/apache/airflow/pull/33516",
"refsource": "MISC",
"name": "https://github.com/apache/airflow/pull/33516"
},
{
"url": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "klexadoc"
}
]
}

61
2023/41xxx/CVE-2023-41013.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-41013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the \"p4\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://icewrap.com",
"refsource": "MISC",
"name": "http://icewrap.com"
},
{
"refsource": "MISC",
"name": "https://medium.com/@katikitala.sushmitha078/cve-2023-41013-789841dcad91",
"url": "https://medium.com/@katikitala.sushmitha078/cve-2023-41013-789841dcad91"
}
]
}