diff --git a/2014/125xxx/CVE-2014-125081.json b/2014/125xxx/CVE-2014-125081.json index de55fca7fc6..f20a2d98602 100644 --- a/2014/125xxx/CVE-2014-125081.json +++ b/2014/125xxx/CVE-2014-125081.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2014-125081", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in risheesh debutsav entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 7a8430df79277c613449262201cc792db894fc76 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "risheesh", + "product": { + "product_data": [ + { + "product_name": "debutsav", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218459", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218459" + }, + { + "url": "https://vuldb.com/?ctiid.218459", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218459" + }, + { + "url": "https://github.com/risheesh/debutsav/commit/7a8430df79277c613449262201cc792db894fc76", + "refsource": "MISC", + "name": "https://github.com/risheesh/debutsav/commit/7a8430df79277c613449262201cc792db894fc76" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2015/10xxx/CVE-2015-10065.json b/2015/10xxx/CVE-2015-10065.json index 95c232d392e..e26ef8a2164 100644 --- a/2015/10xxx/CVE-2015-10065.json +++ b/2015/10xxx/CVE-2015-10065.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-10065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The name of the patch is ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In AenBleidd FiND wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion init_result der Datei validator/my_validator.cpp. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Patch wird als ee2eef34a83644f286c9adcaf30437f92e9c48f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AenBleidd", + "product": { + "product_data": [ + { + "product_name": "FiND", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218458", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218458" + }, + { + "url": "https://vuldb.com/?ctiid.218458", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218458" + }, + { + "url": "https://github.com/AenBleidd/FiND/commit/ee2eef34a83644f286c9adcaf30437f92e9c48f1", + "refsource": "MISC", + "name": "https://github.com/AenBleidd/FiND/commit/ee2eef34a83644f286c9adcaf30437f92e9c48f1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2017/20xxx/CVE-2017-20171.json b/2017/20xxx/CVE-2017-20171.json index 849e88a3565..627236ee69c 100644 --- a/2017/20xxx/CVE-2017-20171.json +++ b/2017/20xxx/CVE-2017-20171.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2017-20171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The name of the patch is 954425f61634b556fe644837a592a5b8fcfca068. It is recommended to apply a patch to fix this issue. The identifier VDB-218457 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in PrivateSky apersistence entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei db/sql/mysqlUtils.js. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 954425f61634b556fe644837a592a5b8fcfca068 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PrivateSky", + "product": { + "product_data": [ + { + "product_name": "apersistence", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218457", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218457" + }, + { + "url": "https://vuldb.com/?ctiid.218457", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218457" + }, + { + "url": "https://github.com/PrivateSky/apersistence/commit/954425f61634b556fe644837a592a5b8fcfca068", + "refsource": "MISC", + "name": "https://github.com/PrivateSky/apersistence/commit/954425f61634b556fe644837a592a5b8fcfca068" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/23xxx/CVE-2022-23521.json b/2022/23xxx/CVE-2022-23521.json index 9f793dfaed7..e33cf737fdf 100644 --- a/2022/23xxx/CVE-2022-23521.json +++ b/2022/23xxx/CVE-2022-23521.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "git", + "product": { + "product_data": [ + { + "product_name": "git", + "version": { + "version_data": [ + { + "version_value": "< 2.30.7", + "version_affected": "=" + }, + { + "version_value": ">= 2.31.0, < 2.31.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.32.0, < 2.32.5", + "version_affected": "=" + }, + { + "version_value": ">= 2.33.0, < 2.33.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.34.0, < 2.34.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.35.0, < 2.35.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.36.0, < 2.36.4", + "version_affected": "=" + }, + { + "version_value": ">= 2.37.0, < 2.37.5", + "version_affected": "=" + }, + { + "version_value": ">= 2.38.0, < 2.38.3", + "version_affected": "=" + }, + { + "version_value": "= 2.39.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89", + "refsource": "MISC", + "name": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89" + }, + { + "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", + "refsource": "MISC", + "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76" + } + ] + }, + "source": { + "advisory": "GHSA-c738-c5qq-xg89", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/41xxx/CVE-2022-41903.json b/2022/41xxx/CVE-2022-41903.json index a99da97440f..a1b37c0c2a3 100644 --- a/2022/41xxx/CVE-2022-41903.json +++ b/2022/41xxx/CVE-2022-41903.json @@ -1,17 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "git", + "product": { + "product_data": [ + { + "product_name": "git", + "version": { + "version_data": [ + { + "version_value": "< 2.30.7", + "version_affected": "=" + }, + { + "version_value": ">= 2.31.0, < 2.31.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.32.0, < 2.32.5", + "version_affected": "=" + }, + { + "version_value": ">= 2.33.0, < 2.33.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.34.0, < 2.34.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.35.0, < 2.35.6", + "version_affected": "=" + }, + { + "version_value": ">= 2.36.0, < 2.36.4", + "version_affected": "=" + }, + { + "version_value": ">= 2.37.0, < 2.37.5", + "version_affected": "=" + }, + { + "version_value": ">= 2.38.0, < 2.38.3", + "version_affected": "=" + }, + { + "version_value": "= 2.39.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", + "refsource": "MISC", + "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76" + }, + { + "url": "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq", + "refsource": "MISC", + "name": "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq" + }, + { + "url": "https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst", + "refsource": "MISC", + "name": "https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst" + }, + { + "url": "https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem", + "refsource": "MISC", + "name": "https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem" + } + ] + }, + "source": { + "advisory": "GHSA-475x-2q3q-hvwq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23770.json b/2023/23xxx/CVE-2023-23770.json new file mode 100644 index 00000000000..b510a02c2e4 --- /dev/null +++ b/2023/23xxx/CVE-2023-23770.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23770", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23771.json b/2023/23xxx/CVE-2023-23771.json new file mode 100644 index 00000000000..b2ea02ba6e9 --- /dev/null +++ b/2023/23xxx/CVE-2023-23771.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23771", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23772.json b/2023/23xxx/CVE-2023-23772.json new file mode 100644 index 00000000000..77230658fe5 --- /dev/null +++ b/2023/23xxx/CVE-2023-23772.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23772", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23773.json b/2023/23xxx/CVE-2023-23773.json new file mode 100644 index 00000000000..d688c9286c0 --- /dev/null +++ b/2023/23xxx/CVE-2023-23773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23774.json b/2023/23xxx/CVE-2023-23774.json new file mode 100644 index 00000000000..ddb371d913f --- /dev/null +++ b/2023/23xxx/CVE-2023-23774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file