admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-03 20:00:29 +00:00
parent de509cae25
commit a6062ded64
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 499 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
2022/3xxx/CVE-2022-3172.json
View File

@ -1,17 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3172",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@kubernetes.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL. This could\n lead to the client performing unexpected actions as well as forwarding \nthe client's API server credentials to third parties.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kubernetes",
"product": {
"product_data": [
{
"product_name": "kube-apiserver",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "v1.25.0"
},
{
"lessThanOrEqual": "v1.24.4",
"status": "affected",
"version": "v1.24.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.23.10",
"status": "affected",
"version": "v1.23.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.22.13",
"status": "affected",
"version": "v1.22.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.25.1"
},
{
"status": "unaffected",
"version": "v1.24.5"
},
{
"status": "unaffected",
"version": "v1.23.11"
},
{
"status": "unaffected",
"version": "v1.22.14"
},
{
"lessThanOrEqual": "v1.21.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/112513",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/issues/112513"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak",
"refsource": "MISC",
"name": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Nicolas Joly"
},
{
"lang": "en",
"value": "Weinong Wang"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

73
2022/43xxx/CVE-2022-43554.json
View File

@ -1,17 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "Avalanche",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4.1.236",
"status": "unaffected",
"lessThan": "6.4.1.236",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"refsource": "MISC",
"name": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

64
2022/43xxx/CVE-2022-43555.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "Avalanche",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.4.1.236",
"version_value": "6.4.1.236"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"refsource": "MISC",
"name": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

64
2022/44xxx/CVE-2022-44569.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-44569",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "Automation",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2023.4",
"version_value": "2023.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm",
"refsource": "MISC",
"name": "https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

33
2023/32xxx/CVE-2023-32567.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1."
"value": "Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236"
}
]
},
@ -35,22 +35,13 @@
"product": {
"product_data": [
{
"product_name": "Avalanche",
"product_name": "Wavelink",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4.1",
"status": "unaffected",
"lessThan": "6.4.1",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
"version_affected": "<",
"version_name": "6.4.1.236",
"version_value": "6.4.1.236"
}
]
}
@ -64,9 +55,19 @@
"references": {
"reference_data": [
{
"url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US",
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"refsource": "MISC",
"name": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US"
"name": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

32
2023/39xxx/CVE-2023-39332.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\n\nThis is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\n\nImpacts:\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
"value": "Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.\r\n\r\nThis is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.\r\n\r\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
}
]
},
@ -39,9 +39,23 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "20.8.0",
"version_value": "20.8.0"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "20.8.0",
"status": "affected",
"lessThanOrEqual": "20.8.0",
"versionType": "semver"
},
{
"version": "20.0.0",
"status": "unaffected",
"lessThan": "20.0.0",
"versionType": "semver"
}
]
}
}
]
}
@ -58,16 +72,6 @@
"url": "https://hackerone.com/reports/2199818",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2199818"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
}
]
}

64
2023/41xxx/CVE-2023-41725.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "Avalanche",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.4.1.236",
"version_value": "6.4.1.236"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"refsource": "MISC",
"name": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

64
2023/41xxx/CVE-2023-41726.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "Avalanche",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.4.1.236",
"version_value": "6.4.1.236"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt",
"refsource": "MISC",
"name": "https://download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

18
2023/5xxx/CVE-2023-5958.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}