admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-20 00:00:39 +00:00
parent c1476d06f1
commit bd75faeb5d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
50 changed files with 521 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/39xxx/CVE-2022-39189.json
View File

@ -81,6 +81,11 @@
"refsource": "DEBIAN",
"name": "DSA-5480",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2022/4xxx/CVE-2022-4269.json
View File

@ -68,6 +68,11 @@
"url": "https://security.netapp.com/advisory/ntap-20230929-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230929-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2023/1xxx/CVE-2023-1206.json
View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230929-0006/",
"url": "https://security.netapp.com/advisory/ntap-20230929-0006/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/1xxx/CVE-2023-1380.json
View File

@ -83,6 +83,11 @@
"refsource": "DEBIAN",
"name": "DSA-5480",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/20xxx/CVE-2023-20588.json
View File

@ -266,6 +266,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/21xxx/CVE-2023-21255.json
View File

@ -67,6 +67,11 @@
"url": "https://www.debian.org/security/2023/dsa-5480",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2023/21xxx/CVE-2023-21400.json
View File

@ -87,6 +87,11 @@
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2023/2xxx/CVE-2023-2002.json
View File

@ -58,6 +58,11 @@
"refsource": "DEBIAN",
"name": "DSA-5480",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/2xxx/CVE-2023-2007.json
View File

@ -58,6 +58,11 @@
"refsource": "DEBIAN",
"name": "DSA-5480",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/2xxx/CVE-2023-2124.json
View File

@ -68,6 +68,11 @@
"refsource": "DEBIAN",
"name": "DSA-5480",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/2xxx/CVE-2023-2269.json
View File

@ -83,6 +83,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230929-0004/",
"url": "https://security.netapp.com/advisory/ntap-20230929-0004/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/2xxx/CVE-2023-2898.json
View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230929-0002/",
"url": "https://security.netapp.com/advisory/ntap-20230929-0002/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

7
2023/31xxx/CVE-2023-31046.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an attacker to achieve read-only access to the server's filesystem."
"value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with \"GET /ui/static/..//..\" reach getStaticContent in UIContentResource.class in the static-content-files servlet."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://research.aurainfosec.io/disclosure/papercut/",
"url": "https://research.aurainfosec.io/disclosure/papercut/"
},
{
"refsource": "MISC",
"name": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/",
"url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/"
}
]
}

5
2023/31xxx/CVE-2023-31084.json
View File

@ -86,6 +86,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230929-0003/",
"url": "https://security.netapp.com/advisory/ntap-20230929-0003/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2023/34xxx/CVE-2023-34256.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2023/34xxx/CVE-2023-34319.json
View File

@ -65,6 +65,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-438.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-438.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/35xxx/CVE-2023-35788.json
View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2023/35xxx/CVE-2023-35823.json
View File

@ -81,6 +81,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230803-0002/",
"url": "https://security.netapp.com/advisory/ntap-20230803-0002/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

5
2023/35xxx/CVE-2023-35824.json
View File

@ -81,6 +81,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230803-0002/",
"url": "https://security.netapp.com/advisory/ntap-20230803-0002/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

56
2023/39xxx/CVE-2023-39731.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md"
}
]
}

5
2023/3xxx/CVE-2023-3090.json
View File

@ -94,6 +94,11 @@
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3111.json
View File

@ -63,6 +63,11 @@
"refsource": "DEBIAN",
"name": "DSA-5480",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3141.json
View File

@ -68,6 +68,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3212.json
View File

@ -68,6 +68,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230929-0005/",
"url": "https://security.netapp.com/advisory/ntap-20230929-0005/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3268.json
View File

@ -78,6 +78,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230824-0006/",
"url": "https://security.netapp.com/advisory/ntap-20230824-0006/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3338.json
View File

@ -187,6 +187,11 @@
"url": "https://security.netapp.com/advisory/ntap-20230824-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230824-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3389.json
View File

@ -104,6 +104,11 @@
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3609.json
View File

@ -79,6 +79,11 @@
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3611.json
View File

@ -79,6 +79,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3772.json
View File

@ -177,6 +177,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3773.json
View File

@ -167,6 +167,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3776.json
View File

@ -79,6 +79,11 @@
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/3xxx/CVE-2023-3863.json
View File

@ -182,6 +182,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/40xxx/CVE-2023-40283.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}

81
2023/41xxx/CVE-2023-41893.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Home assistant is an open source home automation. The audit team\u2019s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim\u2019s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim\u2019s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "home-assistant",
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2023.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5",
"refsource": "MISC",
"name": "https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5"
},
{
"url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/",
"refsource": "MISC",
"name": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/"
}
]
},
"source": {
"advisory": "GHSA-qhhj-7hrc-gqj5",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

81
2023/41xxx/CVE-2023-41894.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669: Incorrect Resource Transfer Between Spheres",
"cweId": "CWE-669"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "home-assistant",
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2023.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/home-assistant/core/security/advisories/GHSA-wx3j-3v2j-rf45",
"refsource": "MISC",
"name": "https://github.com/home-assistant/core/security/advisories/GHSA-wx3j-3v2j-rf45"
},
{
"url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/",
"refsource": "MISC",
"name": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/"
}
]
},
"source": {
"advisory": "GHSA-wx3j-3v2j-rf45",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

5
2023/42xxx/CVE-2023-42753.json
View File

@ -177,6 +177,11 @@
"url": "https://www.openwall.com/lists/oss-security/2023/09/22/10",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2023/09/22/10"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/42xxx/CVE-2023-42755.json
View File

@ -172,6 +172,11 @@
"url": "https://seclists.org/oss-sec/2023/q3/229",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2023/q3/229"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/42xxx/CVE-2023-42756.json
View File

@ -187,6 +187,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

90
2023/46xxx/CVE-2023-46115.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tauri-apps",
"product": {
"product_data": [
{
"product_name": "tauri",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.0.0-alpha.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259",
"refsource": "MISC",
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259"
},
{
"url": "https://tauri.app/v1/guides/getting-started/setup/vite/",
"refsource": "MISC",
"name": "https://tauri.app/v1/guides/getting-started/setup/vite/"
}
]
},
"source": {
"advisory": "GHSA-2rcp-jvr4-r259",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}

5
2023/4xxx/CVE-2023-4004.json
View File

@ -437,6 +437,11 @@
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4128.json
View File

@ -538,6 +538,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4132.json
View File

@ -177,6 +177,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4147.json
View File

@ -251,6 +251,11 @@
"url": "https://www.spinics.net/lists/stable/msg671573.html",
"refsource": "MISC",
"name": "https://www.spinics.net/lists/stable/msg671573.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4194.json
View File

@ -221,6 +221,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4244.json
View File

@ -64,6 +64,11 @@
"url": "https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8",
"refsource": "MISC",
"name": "https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4273.json
View File

@ -192,6 +192,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4622.json
View File

@ -69,6 +69,11 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4623.json
View File

@ -64,6 +64,11 @@
"url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f",
"refsource": "MISC",
"name": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},

5
2023/4xxx/CVE-2023-4921.json
View File

@ -64,6 +64,11 @@
"url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8",
"refsource": "MISC",
"name": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},