admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-20 21:00:41 +00:00
parent 6da0987fc4
commit bd987dcbf5
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
32 changed files with 326 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2023/0xxx/CVE-2023-0640.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "3.04b01",
"version_affected": "="
"version_affected": "=",
"version_value": "3.04b01"
}
]
}
@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"baseSeverity": "HIGH"
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C"
}
]
}

11
2023/0xxx/CVE-2023-0641.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability."
"value": "A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In PHPGurukul Employee Leaves Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei changepassword.php. Durch Beeinflussen des Arguments newpassword/confirmpassword mit unbekannten Daten kann eine weak password requirements-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
"value": "In PHPGurukul Employee Leaves Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei changepassword.php. Durch Beeinflussen des Arguments newpassword/confirmpassword mit unbekannten Daten kann eine weak password requirements-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0646.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0647.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0648.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0649.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.5.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

63
2023/0xxx/CVE-2023-0650.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability."
"value": "A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The identifier of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,52 +44,52 @@
"version": {
"version_data": [
{
"version_value": "3.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_value": "3.1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_value": "3.1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.2"
},
{
"version_value": "3.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.3"
},
{
"version_value": "3.1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.4"
},
{
"version_value": "3.1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.5"
},
{
"version_value": "3.1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.6"
},
{
"version_value": "3.1.7",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.7"
},
{
"version_value": "3.1.8",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.8"
},
{
"version_value": "3.1.9",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.9"
},
{
"version_value": "3.1.10",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.10"
},
{
"version_value": "3.1.11",
"version_affected": "="
"version_affected": "=",
"version_value": "3.1.11"
}
]
}
@ -117,6 +117,11 @@
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1iJuhjLQy3QPIgKKgWUzEEfr_q0boaR00?usp=sharing"
},
{
"url": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-mg6p-jjff-7g5m",
"refsource": "MISC",
"name": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-mg6p-jjff-7g5m"
},
{
"url": "https://github.com/YAFNET/YAFNET/commit/a1442a2bacc3335461b44c250e81f8d99c60735f",
"refsource": "MISC",
@ -126,11 +131,6 @@
"url": "https://github.com/YAFNET/YAFNET/releases/tag/v3.1.12",
"refsource": "MISC",
"name": "https://github.com/YAFNET/YAFNET/releases/tag/v3.1.12"
},
{
"url": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-mg6p-jjff-7g5m",
"refsource": "MISC",
"name": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-mg6p-jjff-7g5m"
}
]
},
@ -161,8 +161,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0651.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "0.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.0"
}
]
}
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

19
2023/0xxx/CVE-2023-0658.json
View File

@ -44,12 +44,12 @@
"version": {
"version_data": [
{
"version_value": "2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1"
},
{
"version_value": "2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2"
}
]
}
@ -59,12 +59,12 @@
"version": {
"version_data": [
{
"version_value": "2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1"
},
{
"version_value": "2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2"
}
]
}
@ -112,8 +112,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0659.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.0.6314",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.6314"
}
]
}
@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0663.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.3.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.3.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseSeverity": "HIGH"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

11
2023/0xxx/CVE-2023-0673.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195."
"value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The associated identifier of this vulnerability is VDB-220195."
},
{
"lang": "deu",
"value": "In SourceCodester Online Eyewear Shop 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei oews/?p=products/view_product.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
"value": "In SourceCodester Online Eyewear Shop 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei oews/?p=products/view_product.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -97,8 +97,7 @@
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0674.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.3.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.3.1"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0675.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.3.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.3.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

11
2023/0xxx/CVE-2023-0679.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220."
"value": "A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Canteen Management System 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei removeUser.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
"value": "Eine kritische Schwachstelle wurde in SourceCodester Canteen Management System 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei removeUser.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
}
]
}

11
2023/0xxx/CVE-2023-0686.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability."
"value": "A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in SourceCodester Online Eyewear Shop 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion update_cart der Datei /oews/classes/Master.php?f=update_cart der Komponente HTTP POST Request Handler. Durch die Manipulation des Arguments cart_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
"value": "Es wurde eine Schwachstelle in SourceCodester Online Eyewear Shop 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion update_cart der Datei /oews/classes/Master.php?f=update_cart der Komponente HTTP POST Request Handler. Durch die Manipulation des Arguments cart_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -97,8 +97,7 @@
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0706.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0707.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0732.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -97,8 +97,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2023/0xxx/CVE-2023-0758.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0.2",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0.2"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2023/0xxx/CVE-2023-0774.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseSeverity": "HIGH"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

3
2023/0xxx/CVE-2023-0781.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/0xxx/CVE-2023-0782.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"baseSeverity": "HIGH"
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C"
}
]
}

3
2023/0xxx/CVE-2023-0783.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

6
2023/22xxx/CVE-2023-22025.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
@ -48,7 +48,7 @@
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:20.0.2"
"version_value": "Oracle Java SE:21"
},
{
"version_affected": "=",
@ -56,7 +56,7 @@
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM for JDK:20.0.2"
"version_value": "Oracle GraalVM for JDK:21"
}
]
}

6
2023/22xxx/CVE-2023-22081.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
@ -56,7 +56,7 @@
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:20.0.2"
"version_value": "Oracle Java SE:21"
},
{
"version_affected": "=",
@ -64,7 +64,7 @@
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM for JDK:20.0.2"
"version_value": "Oracle GraalVM for JDK:21"
}
]
}

4
2023/22xxx/CVE-2023-22091.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
"value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
@ -44,7 +44,7 @@
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM for JDK:20.0.2"
"version_value": "Oracle GraalVM for JDK:21"
}
]
}

5
2023/44xxx/CVE-2023-44487.json
View File

@ -591,6 +591,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-5ff7bf1dd8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
}
]
}

5
2023/45xxx/CVE-2023-45853.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"name": "https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356",
"url": "https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3",
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/9"
}
]
}

95
2023/5xxx/CVE-2023-5681.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Netentsec NS-ASG Application Security Gateway 6.3 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/list_addr_fwresource_ip.php. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Netentsec",
"product": {
"product_data": [
{
"product_name": "NS-ASG Application Security Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.243057",
"refsource": "MISC",
"name": "https://vuldb.com/?id.243057"
},
{
"url": "https://vuldb.com/?ctiid.243057",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.243057"
},
{
"url": "https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md",
"refsource": "MISC",
"name": "https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "wanghuijie166389 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

95
2023/5xxx/CVE-2023-5682.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Tongda OA 2017 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei general/hr/training/record/delete.php. Mit der Manipulation des Arguments RECORD_ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 11.10 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tongda",
"product": {
"product_data": [
{
"product_name": "OA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2017"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.243058",
"refsource": "MISC",
"name": "https://vuldb.com/?id.243058"
},
{
"url": "https://vuldb.com/?ctiid.243058",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.243058"
},
{
"url": "https://github.com/Godfather-onec/cve/blob/main/sql.md",
"refsource": "MISC",
"name": "https://github.com/Godfather-onec/cve/blob/main/sql.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "r0sec001 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2023/5xxx/CVE-2023-5692.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}