admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-26 22:00:35 +00:00
parent ad34999642
commit a8f0ac9970
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 421 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2022/0xxx/CVE-2022-0637.json
View File

@ -1,54 +1,42 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-0637",
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Mozilla pollbot",
"product_name": "mozilla/pollbot",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.4.6"
"version_value": "versions before 1.4.6"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " open redirect in Mozilla pollbot"
"value": "open redirect"
}
]
}
@ -58,17 +46,17 @@
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/mozilla/PollBot/security/advisories/GHSA-vg27-hr3v-3cqv",
"name": "https://github.com/mozilla/PollBot/security/advisories/GHSA-vg27-hr3v-3cqv"
},
{
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2022-0637",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2022-0637"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753838",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753838"
}
]
},
"source": {
"discovery": "UNKNOWN"
"description": {
"description_data": [
{
"lang": "eng",
"value": "open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6"
}
]
}
}

77
2023/21xxx/CVE-2023-21514.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2023-21514",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Galaxy Store",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "",
"version_value": "4.5.49.8"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": "7.5",
"baseSeverity": "High",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2023/21xxx/CVE-2023-21515.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2023-21515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Galaxy Store",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "",
"version_value": "4.5.49.8"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": "7.5",
"baseSeverity": "High",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2023/21xxx/CVE-2023-21516.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2023-21516",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Galaxy Store",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "",
"version_value": "4.5.49.8"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": "7.5",
"baseSeverity": "High",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

50
2023/27xxx/CVE-2023-27311.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27311",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@netapp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Information Disclosure Vulnerability in NetApp BlueXP Connector",
"version": {
"version_data": [
{
"version_value": "prior to 3.9.25"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230525-0001/",
"url": "https://security.netapp.com/advisory/ntap-20230525-0001/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector."
}
]
}

50
2023/2xxx/CVE-2023-2898.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2898",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "NA"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/",
"url": "https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem."
}
]
}

100
2023/31xxx/CVE-2023-31128.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz\";echo${IFS}\"hello\";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "cookbook",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "master < a46d9855"
},
{
"version_affected": "=",
"version_value": "main-0.9.x < 489bb744"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/cookbook/security/advisories/GHSA-c5pc-mf2f-xq8h",
"refsource": "MISC",
"name": "https://github.com/nextcloud/cookbook/security/advisories/GHSA-c5pc-mf2f-xq8h"
},
{
"url": "https://github.com/nextcloud/cookbook/commit/489bb744",
"refsource": "MISC",
"name": "https://github.com/nextcloud/cookbook/commit/489bb744"
},
{
"url": "https://github.com/nextcloud/cookbook/commit/a46d98559e2c64292da9ffb06138cccc2e50ae1b",
"refsource": "MISC",
"name": "https://github.com/nextcloud/cookbook/commit/a46d98559e2c64292da9ffb06138cccc2e50ae1b"
},
{
"url": "https://github.com/nextcloud/cookbook/blob/a14d6ffc4d45e1447556f68606129dfd6c1505cf/.github/workflows/pull-checks.yml#L67",
"refsource": "MISC",
"name": "https://github.com/nextcloud/cookbook/blob/a14d6ffc4d45e1447556f68606129dfd6c1505cf/.github/workflows/pull-checks.yml#L67"
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"refsource": "MISC",
"name": "https://securitylab.github.com/research/github-actions-untrusted-input/"
}
]
},
"source": {
"advisory": "GHSA-c5pc-mf2f-xq8h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}