admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-01 00:00:40 +00:00
parent 60279a716f
commit a87216c8ec
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
20 changed files with 428 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/16xxx/CVE-2018-16981.json
View File

@ -56,6 +56,11 @@
"name": "https://github.com/nothings/stb/issues/656",
"refsource": "MISC",
"url": "https://github.com/nothings/stb/issues/656"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2019/13xxx/CVE-2019-13217.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6",
"url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2019/13xxx/CVE-2019-13218.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6",
"url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2019/13xxx/CVE-2019-13219.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6",
"url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2019/13xxx/CVE-2019-13220.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6",
"url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2019/13xxx/CVE-2019-13221.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6",
"url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2019/13xxx/CVE-2019-13222.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6",
"url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2019/13xxx/CVE-2019-13223.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6",
"url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2021/28xxx/CVE-2021-28021.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-832689aa6b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2021/37xxx/CVE-2021-37789.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/nothings/stb/issues/1178",
"refsource": "MISC",
"name": "https://github.com/nothings/stb/issues/1178"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2021/42xxx/CVE-2021-42715.json
View File

@ -106,6 +106,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-832689aa6b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2022/28xxx/CVE-2022-28041.json
View File

@ -111,6 +111,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-0125d9cd29",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J72YJQ3R5MG23GECPUCLAWPPZ6TZPG7U/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

5
2022/28xxx/CVE-2022-28042.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-c8f6a39cf6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"
}
]
}

62
2022/48xxx/CVE-2022-48161.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-48161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-48161",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sunset-move/EasyImages2.0-arbitrary-file-download-vulnerability",
"refsource": "MISC",
"name": "https://github.com/sunset-move/EasyImages2.0-arbitrary-file-download-vulnerability"
}
]
}

87
2023/0xxx/CVE-2023-0341.json
View File

@ -1,17 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@ubuntu.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EditorConfig",
"product": {
"product_data": [
{
"product_name": "EditorConfig C Core",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e",
"refsource": "MISC",
"name": "https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e"
},
{
"url": "https://litios.github.io/2023/01/14/CVE-2023-0341.html",
"refsource": "MISC",
"name": "https://litios.github.io/2023/01/14/CVE-2023-0341.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "David Fernandez Gonzalez"
},
{
"lang": "en",
"value": "Mark Esler"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/0xxx/CVE-2023-0606.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0607.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0607",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2023/23xxx/CVE-2023-23924.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23924",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
"cweId": "CWE-551"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dompdf",
"product": {
"product_data": [
{
"product_name": "dompdf",
"version": {
"version_data": [
{
"version_value": "< 2.0.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg",
"refsource": "MISC",
"name": "https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg"
},
{
"url": "https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85",
"refsource": "MISC",
"name": "https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85"
},
{
"url": "https://github.com/dompdf/dompdf/releases/tag/v2.0.2",
"refsource": "MISC",
"name": "https://github.com/dompdf/dompdf/releases/tag/v2.0.2"
}
]
},
"source": {
"advisory": "GHSA-3cw5-7cxw-v5qg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
]
}

62
2023/24xxx/CVE-2023-24241.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-24241",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Mortalwangxin/lives/issues/1",
"refsource": "MISC",
"name": "https://github.com/Mortalwangxin/lives/issues/1"
}
]
}

62
2023/24xxx/CVE-2023-24956.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-24956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Mortalwangxin/lives/issues/1",
"refsource": "MISC",
"name": "https://github.com/Mortalwangxin/lives/issues/1"
}
]
}
}