admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-20 15:01:41 +00:00
parent 9cee1279b9
commit b1d22764ce
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
40 changed files with 1311 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/4xxx/CVE-2021-4104.json
View File

@ -120,6 +120,11 @@
"refsource": "GENTOO",
"name": "GLSA-202310-16",
"url": "https://security.gentoo.org/glsa/202310-16"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-02",
"url": "https://security.gentoo.org/glsa/202312-02"
}
]
},

2
2022/42xxx/CVE-2022-42003.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1"
"value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
}
]
},

115
2023/0xxx/CVE-2023-0011.json
View File

@ -1,17 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@ncsc.ch",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands.\n\n\n\n\nExploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well..\n\n\n\n\nThis issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "u-blox",
"product": {
"product_data": [
{
"product_name": "TOBY-L2",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "TOBY-L200"
},
{
"status": "affected",
"version": "TOBY-L201"
},
{
"status": "affected",
"version": "TOBY-L210"
},
{
"status": "affected",
"version": "TOBY-L220"
},
{
"status": "affected",
"version": "TOBY-L280"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.u-blox.com/en/report-security-issues",
"refsource": "MISC",
"name": "https://www.u-blox.com/en/report-security-issues"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should ensures that the TOBY-L2 serial port is available only to internal applications of the device and that the application only allows the use of verified AT commands. For product specific security patches, contact u-blox through customer support portal.<br>"
}
],
"value": "Customers should ensures that the TOBY-L2 serial port is available only to internal applications of the device and that the application only allows the use of verified AT commands. For product specific security patches, contact u-blox through customer support portal.\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2023/32xxx/CVE-2023-32205.json
View File

@ -91,6 +91,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753341",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753341"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-03",
"url": "https://security.gentoo.org/glsa/202312-03"
}
]
},

5
2023/32xxx/CVE-2023-32206.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1824892",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1824892"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-03",
"url": "https://security.gentoo.org/glsa/202312-03"
}
]
},

5
2023/32xxx/CVE-2023-32207.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826116",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826116"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-03",
"url": "https://security.gentoo.org/glsa/202312-03"
}
]
},

5
2023/32xxx/CVE-2023-32211.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823379",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823379"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-03",
"url": "https://security.gentoo.org/glsa/202312-03"
}
]
},

5
2023/32xxx/CVE-2023-32212.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826622",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826622"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-03",
"url": "https://security.gentoo.org/glsa/202312-03"
}
]
},

5
2023/32xxx/CVE-2023-32213.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826666",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826666"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-03",
"url": "https://security.gentoo.org/glsa/202312-03"
}
]
},

5
2023/32xxx/CVE-2023-32214.json
View File

@ -97,6 +97,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-18/"
},
{
"url": "https://security.gentoo.org/glsa/202312-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202312-03"
}
]
},

7
2023/32xxx/CVE-2023-32215.json
View File

@ -86,6 +86,11 @@
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186"
},
{
"refsource": "GENTOO",
"name": "GLSA-202312-03",
"url": "https://security.gentoo.org/glsa/202312-03"
}
]
},
@ -93,7 +98,7 @@
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
"value": "Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11."
}
]
}

5
2023/34xxx/CVE-2023-34414.json
View File

@ -97,6 +97,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2023-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-21/"
},
{
"url": "https://security.gentoo.org/glsa/202312-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202312-03"
}
]
},

5
2023/34xxx/CVE-2023-34416.json
View File

@ -97,6 +97,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2023-21/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2023-21/"
},
{
"url": "https://security.gentoo.org/glsa/202312-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202312-03"
}
]
},

109
2023/37xxx/CVE-2023-37544.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication.\n\nThis issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0.\n\nThe known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature.\n\n2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5.\n2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2.\n3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1.\n3.1 Pulsar WebSocket Proxy users are unaffected.\nAny users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Pulsar WebSocket Proxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.8.0",
"version_value": "2.8.*"
},
{
"version_affected": "<=",
"version_name": "2.9.0",
"version_value": "2.9.*"
},
{
"version_affected": "<=",
"version_name": "2.10.0",
"version_value": "2.10.4"
},
{
"version_affected": "<=",
"version_name": "2.11.0",
"version_value": "2.11.1"
},
{
"version_affected": "=",
"version_value": "3.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/od0k9zts1toc9h9snbqq4pjpyx28mv4m",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/od0k9zts1toc9h9snbqq4pjpyx28mv4m"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/12/20/2"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Michael Marshall of DataStax"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

5
2023/48xxx/CVE-2023-48795.json
View File

@ -356,6 +356,11 @@
"refsource": "MISC",
"name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"refsource": "MISC",
"name": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
}
]
}

2
2023/49xxx/CVE-2023-49355.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the \" []-1.2e-1111111111\" input."
"value": "decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the \" []-1.2e-1111111111\" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation."
}
]
},

61
2023/50xxx/CVE-2023-50044.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-50044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows attackers to execute arbitrary code, cause a denial of service (Dos), and obtain sensitive information via segmentation fault can occur in getprop_builtin_foreign when input string includes a name of Built-in APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cesanta/mjs/issues/254",
"refsource": "MISC",
"name": "https://github.com/cesanta/mjs/issues/254"
},
{
"url": "https://github.com/cesanta/mjs/pull/255",
"refsource": "MISC",
"name": "https://github.com/cesanta/mjs/pull/255"
}
]
}

61
2023/50xxx/CVE-2023-50628.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-50628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libming/libming/issues/289",
"refsource": "MISC",
"name": "https://github.com/libming/libming/issues/289"
},
{
"url": "https://github.com/libming/libming/pull/290",
"refsource": "MISC",
"name": "https://github.com/libming/libming/pull/290"
}
]
}

88
2023/6xxx/CVE-2023-6768.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the \"lp_admin.php?adminstep=\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Amazing Little poll",
"product": {
"product_data": [
{
"product_name": "Amazing Little poll",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amazing-little-poll",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amazing-little-poll"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}

88
2023/6xxx/CVE-2023-6769.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the \"lp_admin.php\" file in the \"question\" and \"item\" parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Amazing Little poll",
"product": {
"product_data": [
{
"product_name": "Amazing Little poll",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amazing-little-poll",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amazing-little-poll"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

92
2023/6xxx/CVE-2023-6910.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@m-files.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "M-Files Corporation",
"product": {
"product_data": [
{
"product_name": "M-Files Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.12.13195.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to patched version.<br>"
}
],
"value": "\nUpdate to patched version.\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

92
2023/6xxx/CVE-2023-6912.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@m-files.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"cweId": "CWE-307"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "M-Files Corporation",
"product": {
"product_data": [
{
"product_name": "M-Files Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.12.13205.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6912/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6912/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to patched version.<br>"
}
],
"value": "Update to patched version.\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

82
2023/6xxx/CVE-2023-6974.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mlflow",
"product": {
"product_data": [
{
"product_name": "mlflow/mlflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393",
"refsource": "MISC",
"name": "https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393"
},
{
"url": "https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555",
"refsource": "MISC",
"name": "https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555"
}
]
},
"source": {
"advisory": "438b0524-da0e-4d08-976a-6f270c688393",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 8.6,
"baseSeverity": "HIGH"
}
]
}

82
2023/6xxx/CVE-2023-6975.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-29 Path Traversal: '\\..\\filename'",
"cweId": "CWE-29"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mlflow",
"product": {
"product_data": [
{
"product_name": "mlflow/mlflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/029a3824-cee3-4cf1-b260-7138aa539b85",
"refsource": "MISC",
"name": "https://huntr.com/bounties/029a3824-cee3-4cf1-b260-7138aa539b85"
},
{
"url": "https://github.com/mlflow/mlflow/commit/b9ab9ed77e1deda9697fe472fb1079fd428149ee",
"refsource": "MISC",
"name": "https://github.com/mlflow/mlflow/commit/b9ab9ed77e1deda9697fe472fb1079fd428149ee"
}
]
},
"source": {
"advisory": "029a3824-cee3-4cf1-b260-7138aa539b85",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]
}

82
2023/6xxx/CVE-2023-6976.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mlflow",
"product": {
"product_data": [
{
"product_name": "mlflow/mlflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f",
"refsource": "MISC",
"name": "https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f"
},
{
"url": "https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc",
"refsource": "MISC",
"name": "https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc"
}
]
},
"source": {
"advisory": "2408a52b-f05b-4cac-9765-4f74bac3f20f",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

92
2023/6xxx/CVE-2023-6977.json Normal file
View File

@ -0,0 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-6977",
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability enables malicious users to read sensitive files on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-29 Path Traversal: '\\..\\filename'",
"cweId": "CWE-29"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mlflow",
"product": {
"product_data": [
{
"product_name": "mlflow/mlflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf",
"refsource": "MISC",
"name": "https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf"
},
{
"url": "https://github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c",
"refsource": "MISC",
"name": "https://github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c"
}
]
},
"source": {
"advisory": "fe53bf71-3687-4711-90df-c26172880aaf",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]
}
}

18
2023/6xxx/CVE-2023-6978.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6979.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6980.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6981.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6982.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6983.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6984.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6984",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6985.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6986.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6987.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6988.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6989.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6989",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6990.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6991.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6991",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}