admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-07 13:00:49 +00:00
parent 189213207e
commit add4eb3e70
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 116 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2022/21xxx/CVE-2022-21953.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-25T00:00:00.000Z",
"ID": "CVE-2022-21953",
"STATE": "PUBLIC",
@ -48,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1."
"value": "A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1."
}
]
},

4
2022/31xxx/CVE-2022-31249.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-25T00:00:00.000Z",
"ID": "CVE-2022-31249",
"STATE": "PUBLIC",
@ -48,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler.\nThis issue affects:\nSUSE Rancher\nwrangler version 0.7.3 and prior versions;\nwrangler version 0.8.4 and prior versions;\nwrangler version 1.0.0 and prior versions."
"value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions."
}
]
},

4
2022/43xxx/CVE-2022-43755.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-25T00:00:00.000Z",
"ID": "CVE-2022-43755",
"STATE": "PUBLIC",
@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed.\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1."
"value": "A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1."
}
]
},

4
2022/43xxx/CVE-2022-43756.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-25T00:00:00.000Z",
"ID": "CVE-2022-43756",
"STATE": "PUBLIC",
@ -48,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials.\nThis issue affects:\nSUSE Rancher\nwrangler version 0.7.3 and prior versions;\nwrangler version 0.8.4 and prior versions;\nwrangler version 1.0.0 and prior versions."
"value": "A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions."
}
]
},

4
2022/43xxx/CVE-2022-43757.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-25T00:00:00.000Z",
"ID": "CVE-2022-43757",
"STATE": "PUBLIC",
@ -48,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1."
"value": "A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1."
}
]
},

4
2022/43xxx/CVE-2022-43758.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-25T00:00:00.000Z",
"ID": "CVE-2022-43758",
"STATE": "PUBLIC",
@ -54,7 +54,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default)\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1."
"value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1."
}
]
},

4
2022/43xxx/CVE-2022-43759.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2023-01-25T00:00:00.000Z",
"ID": "CVE-2022-43759",
"STATE": "PUBLIC",
@ -50,7 +50,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster.\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10."
"value": "A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10."
}
]
},

101
2023/0xxx/CVE-2023-0707.json Normal file
View File

@ -0,0 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0707",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Medical Certificate Generator App 1.0 ausgemacht. Es geht hierbei um die Funktion delete_record der Datei function.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Medical Certificate Generator App",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.220346",
"refsource": "MISC",
"name": "https://vuldb.com/?id.220346"
},
{
"url": "https://vuldb.com/?ctiid.220346",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.220346"
}
]
},
"credits": [
{
"lang": "en",
"value": "p1nk (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}