admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-08 16:00:35 +00:00
parent 3f9e6509cd
commit c1d0e0e88e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 384 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

321
2023/20xxx/CVE-2023-20065.json
View File

@ -1,86 +1,295 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2023-03-22T16:00:00",
"ID": "CVE-2023-20065",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-20065",
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges."
"value": "A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. \r\n\r This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "17.3.1"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.3.1a"
},
{
"version_affected": "=",
"version_value": "17.3.1w"
},
{
"version_affected": "=",
"version_value": "17.3.2a"
},
{
"version_affected": "=",
"version_value": "17.3.1x"
},
{
"version_affected": "=",
"version_value": "17.3.1z"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.5"
},
{
"version_affected": "=",
"version_value": "17.3.4a"
},
{
"version_affected": "=",
"version_value": "17.3.6"
},
{
"version_affected": "=",
"version_value": "17.3.4b"
},
{
"version_affected": "=",
"version_value": "17.3.4c"
},
{
"version_affected": "=",
"version_value": "17.3.5a"
},
{
"version_affected": "=",
"version_value": "17.3.5b"
},
{
"version_affected": "=",
"version_value": "17.4.1"
},
{
"version_affected": "=",
"version_value": "17.4.2"
},
{
"version_affected": "=",
"version_value": "17.4.1a"
},
{
"version_affected": "=",
"version_value": "17.4.1b"
},
{
"version_affected": "=",
"version_value": "17.4.2a"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.5.1b"
},
{
"version_affected": "=",
"version_value": "17.5.1c"
},
{
"version_affected": "=",
"version_value": "17.6.1"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.1w"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1x"
},
{
"version_affected": "=",
"version_value": "17.6.3"
},
{
"version_affected": "=",
"version_value": "17.6.1y"
},
{
"version_affected": "=",
"version_value": "17.6.1z"
},
{
"version_affected": "=",
"version_value": "17.6.3a"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.6.1z1"
},
{
"version_affected": "=",
"version_value": "17.7.1"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.7.1b"
},
{
"version_affected": "=",
"version_value": "17.7.2"
},
{
"version_affected": "=",
"version_value": "17.8.1"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1"
},
{
"version_affected": "=",
"version_value": "17.9.1w"
},
{
"version_affected": "=",
"version_value": "17.9.2"
},
{
"version_affected": "=",
"version_value": "17.9.1a"
},
{
"version_affected": "=",
"version_value": "17.9.2a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "20230322 Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-priv-escalate-Xg8zkyPk"
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-priv-escalate-Xg8zkyPk",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-priv-escalate-Xg8zkyPk"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-qrpq-fp26-7v9r",
"refsource": "MISC",
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-qrpq-fp26-7v9r"
}
]
},
"source": {
"advisory": "cisco-sa-iox-priv-escalate-Xg8zkyPk",
"defect": [
[
"CSCwd25783"
]
],
"discovery": "INTERNAL"
"discovery": "EXTERNAL",
"defects": [
"CSCwd25783"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}
}

18
2023/2xxx/CVE-2023-2582.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2582",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/2xxx/CVE-2023-2583.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2023/30xxx/CVE-2023-30019.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "imgproxy <= 3.6.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter."
"value": "imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter."
}
]
},

86
2023/30xxx/CVE-2023-30551.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30551",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sigstore",
"product": {
"product_data": [
{
"product_name": "rekor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9",
"refsource": "MISC",
"name": "https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9"
},
{
"url": "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48",
"refsource": "MISC",
"name": "https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48"
},
{
"url": "https://github.com/sigstore/rekor/releases/tag/v1.1.1",
"refsource": "MISC",
"name": "https://github.com/sigstore/rekor/releases/tag/v1.1.1"
}
]
},
"source": {
"advisory": "GHSA-2h5h-59f5-c5x9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}