admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-20 18:00:32 +00:00
parent 460068c078
commit a34ca80484
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
20 changed files with 872 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
2022/39xxx/CVE-2022-39135.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-39135",
"STATE": "PUBLIC",
"TITLE": "Apache Calcite: potential XEE attacks"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
@ -17,69 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "Apache Calcite",
"version_name": "1.22.0",
"version_value": "1.32.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Calcite would like to thank David Handermann for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators."
"url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/21/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/21/3"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082",
"name": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221121 Apache Solr is vulnerable to CVE-2022-39135 via /sql handler",
"url": "http://www.openwall.com/lists/oss-security/2022/11/21/3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"credits": [
{
"lang": "en",
"value": "Apache Calcite would like to thank David Handermann for reporting this issue"
}
]
}

334
2023/20xxx/CVE-2023-20594.json
View File

@ -1,18 +1,344 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20594",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "3rd Gen AMD EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007",
"refsource": "MISC",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4007",
"discovery": "UNKNOWN"
}
}

239
2023/20xxx/CVE-2023-20597.json
View File

@ -1,18 +1,249 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@amd.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AMD",
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "various "
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007",
"refsource": "MISC",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "AMD-SB-4007",
"discovery": "UNKNOWN"
}
}

56
2023/39xxx/CVE-2023-39044.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39044.md",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39044.md"
}
]
}

48
2023/40xxx/CVE-2023-40618.json
View File

@ -5,13 +5,57 @@
"CVE_data_meta": {
"ID": "CVE-2023-40618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618",
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'."
}
]
}

48
2023/40xxx/CVE-2023-40619.json
View File

@ -5,13 +5,57 @@
"CVE_data_meta": {
"ID": "CVE-2023-40619",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619",
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized."
}
]
}

5
2023/43xxx/CVE-2023-43494.json
View File

@ -79,6 +79,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43495.json
View File

@ -73,6 +73,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43496.json
View File

@ -73,6 +73,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43497.json
View File

@ -73,6 +73,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43498.json
View File

@ -73,6 +73,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43499.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43500.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43501.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

5
2023/43xxx/CVE-2023-43502.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/20/5"
}
]
}

172
2023/4xxx/CVE-2023-4881.json
View File

@ -5,181 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2023-4881",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4881",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-4881"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238312",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2238312"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
"value": "** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team."
}
]
}

18
2023/5xxx/CVE-2023-5093.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5094.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5095.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5096.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}