admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-19 21:00:32 +00:00
parent 85f6c6bdd1
commit b238353c6a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 262 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2023/26xxx/CVE-2023-26217.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@tibco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TIBCO Software Inc.",
"product": {
"product_data": [
{
"product_name": "TIBCO EBX Add-ons",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.5.17"
},
{
"version_affected": "=",
"version_value": "6.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"name": "https://www.tibco.com/services/support/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>TIBCO has released updated versions of the affected components which address these issues.</p><p>TIBCO EBX Add-ons versions 4.5.17 and below: update to version 4.5.18 or later</p><p>TIBCO EBX Add-ons versions 5.6.2 and below: update to version 5.6.3 or later</p><p>TIBCO EBX Add-ons version 6.1.0: update to version 6.1.1 or later</p>"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX Add-ons versions 4.5.17 and below: update to version 4.5.18 or later\n\nTIBCO EBX Add-ons versions 5.6.2 and below: update to version 5.6.3 or later\n\nTIBCO EBX Add-ons version 6.1.0: update to version 6.1.1 or later\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

4
2023/34xxx/CVE-2023-34089.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.6.\n"
"value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.7.\n"
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.14.0, < 0.26.6"
"version_value": ">= 0.14.0, < 0.26.7"
},
{
"version_affected": "=",

45
2023/34xxx/CVE-2023-34329.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nAMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.\n\n"
"value": "\nAMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.\n\n"
}
]
},
@ -45,28 +45,13 @@
"product": {
"product_data": [
{
"product_name": "MegaRAC_SPx",
"product_name": "MegaRAC_SPx12",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "12.4",
"status": "affected",
"version": "12.0",
"versionType": "RC"
},
{
"lessThan": "13.0",
"status": "unaffected",
"version": "0",
"versionType": "RC"
}
],
"defaultStatus": "unaffected"
}
"version_affected": "<",
"version_name": "12.0",
"version_value": "12.4"
}
]
}
@ -92,6 +77,12 @@
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Vlad Babkin from Eclypsium Research"
}
],
"impact": {
"cvss": [
{
@ -107,6 +98,20 @@
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/38xxx/CVE-2023-38537.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/38xxx/CVE-2023-38538.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/3xxx/CVE-2023-3781.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

89
2023/3xxx/CVE-2023-3782.json Normal file
View File

@ -0,0 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-3782",
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/square/okhttp/issues/7738",
"refsource": "MISC",
"name": "https://github.com/square/okhttp/issues/7738"
},
{
"url": "https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/",
"refsource": "MISC",
"name": "https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
}