admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-22 13:00:36 +00:00
parent 3a688dfd3a
commit a4599303da
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 335 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/6xxx/CVE-2016-6153.json
View File

@ -111,6 +111,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-49f80a78bc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
]
}

5
2018/8xxx/CVE-2018-8740.json
View File

@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
]
}

57
2023/26xxx/CVE-2023-26116.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
"value": "Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
}
]
},
@ -37,6 +37,42 @@
"product_data": [
{
"product_name": "angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.21",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.bower:angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.21",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.npm:angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.23",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.bowergithub.angular:angular",
"version": {
"version_data": [
{
@ -60,6 +96,21 @@
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322"
},
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos",
"refsource": "MISC",
@ -80,7 +131,6 @@
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -91,7 +141,8 @@
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
}
]
}

57
2023/26xxx/CVE-2023-26117.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
"value": "Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
}
]
},
@ -37,6 +37,42 @@
"product_data": [
{
"product_name": "angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.bower:angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.npm:angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.bowergithub.angular:angular",
"version": {
"version_data": [
{
@ -60,6 +96,21 @@
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325"
},
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos",
"refsource": "MISC",
@ -80,7 +131,6 @@
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -91,7 +141,8 @@
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
}
]
}

57
2023/26xxx/CVE-2023-26118.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type=\"url\"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
"value": "Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type=\"url\"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
}
]
},
@ -37,6 +37,42 @@
"product_data": [
{
"product_name": "angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.9",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.bower:angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.9",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.npm:angular",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.9",
"version_value": "*"
}
]
}
},
{
"product_name": "org.webjars.bowergithub.angular:angular",
"version": {
"version_data": [
{
@ -60,6 +96,21 @@
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328"
},
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos",
"refsource": "MISC",
@ -80,7 +131,6 @@
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -91,7 +141,8 @@
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"version": "3.1"
}
]
}

18
2023/2xxx/CVE-2023-2835.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/2xxx/CVE-2023-2836.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

77
2023/31xxx/CVE-2023-31058.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the\n'autoDeserialize' option filtering by adding\u00a0blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n\n\n[1] \n\n https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 \n\n\n\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache InLong",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.4.0",
"version_value": "1.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "sw0rd1ight of Caiji Sec Team"
},
{
"lang": "en",
"value": "4ra1n of Chaitin Tech"
},
{
"lang": "en",
"value": "H Ming"
}
]
}

61
2023/31xxx/CVE-2023-31779.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in \"Reaction to comment\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/wekan/wekan/blob/master/CHANGELOG.md",
"refsource": "MISC",
"name": "https://github.com/wekan/wekan/blob/master/CHANGELOG.md"
},
{
"url": "https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279",
"refsource": "MISC",
"name": "https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279"
}
]
}