admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-09 19:00:39 +00:00
parent 4016ea1cf1
commit bb096881bb
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 341 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2023/27xxx/CVE-2023-27706.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-27706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bitwarden/clients",
"refsource": "MISC",
"name": "https://github.com/bitwarden/clients"
},
{
"url": "https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16",
"refsource": "MISC",
"name": "https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16"
},
{
"url": "https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19",
"refsource": "MISC",
"name": "https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1874155",
"url": "https://hackerone.com/reports/1874155"
}
]
}

66
2023/29xxx/CVE-2023-29713.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-29713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vadesecure.com/en/",
"refsource": "MISC",
"name": "https://www.vadesecure.com/en/"
},
{
"url": "https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf",
"refsource": "MISC",
"name": "https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf"
},
{
"refsource": "MISC",
"name": "https://labs.yarix.com/advisories/cve-2023-29713-reflected-xss-in-vade-secure-gateway/",
"url": "https://labs.yarix.com/advisories/cve-2023-29713-reflected-xss-in-vade-secure-gateway/"
}
]
}

66
2023/29xxx/CVE-2023-29714.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-29714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vadesecure.com/en/",
"refsource": "MISC",
"name": "https://www.vadesecure.com/en/"
},
{
"url": "https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf",
"refsource": "MISC",
"name": "https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf"
},
{
"refsource": "MISC",
"name": "https://labs.yarix.com/advisories/cve-2023-29714-dom-based-xss-in-vade-secure-gateway/",
"url": "https://labs.yarix.com/advisories/cve-2023-29714-dom-based-xss-in-vade-secure-gateway/"
}
]
}

55
2023/2xxx/CVE-2023-2454.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "PostgreSQL 15.3, PostgreSQL 14.8, PostgreSQL 13.11, PostgreSQL 12.15, PostgreSQL 11.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-2454",
"url": "https://access.redhat.com/security/cve/CVE-2023-2454"
},
{
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-2454/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2454/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code."
}
]
}

55
2023/2xxx/CVE-2023-2455.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "PostgreSQL 15.3, PostgreSQL 14.8, PostgreSQL 13.11, PostgreSQL 12.15, PostgreSQL 11.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-2455",
"url": "https://access.redhat.com/security/cve/CVE-2023-2455"
},
{
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-2455/",
"url": "https://www.postgresql.org/support/security/CVE-2023-2455/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy."
}
]
}

10
2023/32xxx/CVE-2023-32758.json
View File

@ -66,6 +66,16 @@
"url": "https://github.com/returntocorp/semgrep/pull/7611",
"refsource": "MISC",
"name": "https://github.com/returntocorp/semgrep/pull/7611"
},
{
"refsource": "MISC",
"name": "https://github.com/returntocorp/semgrep/pull/7955",
"url": "https://github.com/returntocorp/semgrep/pull/7955"
},
{
"refsource": "MISC",
"name": "https://github.com/returntocorp/semgrep/pull/7943",
"url": "https://github.com/returntocorp/semgrep/pull/7943"
}
]
}

7
2023/33xxx/CVE-2023-33255.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application"
"value": "An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application."
}
]
},
@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "https://www.schutzwerk.com/blog/schutzwerk-sa-2022-001/",
"url": "https://www.schutzwerk.com/blog/schutzwerk-sa-2022-001/"
}
]
}

18
2023/3xxx/CVE-2023-3185.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/3xxx/CVE-2023-3186.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3186",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}