admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-27 16:01:35 +00:00
parent 36e19b5af5
commit c84b41a7ec
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 293 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/20xxx/CVE-2023-20588.json
View File

@ -196,6 +196,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
}
]
},

79
2023/44xxx/CVE-2023-44121.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product.security@lge.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vulnerability is an intent redirection in LG ThinQ Service (\"com.lge.lms2\") in the \"com/lge/lms/things/ui/notification/NotificationManager.java\" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action \"com.lge.lms.things.notification.ACTION\". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId=\"android.uid.system\" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-926 Improper Export of Android Application Components",
"cweId": "CWE-926"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LG Electronics",
"product": {
"product_data": [
{
"product_name": "LG V60 Thin Q 5G(LMV600VM)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Android 9",
"version_value": "Android 13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails",
"refsource": "MISC",
"name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
]
}

65
2023/44xxx/CVE-2023-44205.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "35979"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-4321",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-4321"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

71
2023/44xxx/CVE-2023-44206.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "35979"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5839",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-5839"
}
]
},
"credits": [
{
"lang": "en",
"value": "@theelgo64 (https://hackerone.com/theelgo64)"
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
]
}

71
2023/44xxx/CVE-2023-44207.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 15",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "35979"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5914",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-5914"
}
]
},
"credits": [
{
"lang": "en",
"value": "@und3sc0n0c1d0 (https://hackerone.com/und3sc0n0c1d0)"
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
}
]
}

5
2023/4xxx/CVE-2023-4863.json
View File

@ -233,11 +233,6 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
}
]
}

5
2023/5xxx/CVE-2023-5129.json
View File

@ -69,11 +69,6 @@
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
}
]
},

12
2023/5xxx/CVE-2023-5183.json
View File

@ -46,37 +46,37 @@
{
"lessThanOrEqual": "19.3.6",
"status": "affected",
"version": "0",
"version": "19.3.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "21.2.7",
"status": "affected",
"version": "0",
"version": "21.2.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "21.5.35",
"status": "affected",
"version": "0",
"version": "21.5.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "22.2.41",
"status": "affected",
"version": "0",
"version": "22.2.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "22.5.30",
"status": "affected",
"version": "0",
"version": "22.5.0",
"versionType": "release train"
},
{
"lessThanOrEqual": "23.2.10",
"status": "affected",
"version": "0",
"version": "23.2.0",
"versionType": "release train"
}
],

96
2023/5xxx/CVE-2023-5221.json
View File

@ -1,105 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5221",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in ForU CMS entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /install/index.php. Mit der Manipulation des Arguments db_name mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ForU",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.240363",
"refsource": "MISC",
"name": "https://vuldb.com/?id.240363"
},
{
"url": "https://vuldb.com/?ctiid.240363",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.240363"
},
{
"url": "https://github.com/Fovker8/cve/blob/main/rce.md",
"refsource": "MISC",
"name": "https://github.com/Fovker8/cve/blob/main/rce.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "fovker (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

108
2023/5xxx/CVE-2023-5222.json
View File

@ -1,117 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5222",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Viessmann Vitogate 300 bis 2.1.3.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion isValidUser der Datei /cgi-bin/vitogate.cgi der Komponente Web Management Interface. Durch die Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password",
"cweId": "CWE-259"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Viessmann",
"product": {
"product_data": [
{
"product_name": "Vitogate 300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
},
{
"version_affected": "=",
"version_value": "2.1.2"
},
{
"version_affected": "=",
"version_value": "2.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.240364",
"refsource": "MISC",
"name": "https://vuldb.com/?id.240364"
},
{
"url": "https://vuldb.com/?ctiid.240364",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.240364"
},
{
"url": "https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_HardcodedPassword.md",
"refsource": "MISC",
"name": "https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_HardcodedPassword.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "PushEAX (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

96
2023/5xxx/CVE-2023-5223.json
View File

@ -1,105 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5223",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240365 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in HimitZH HOJ bis 4.6-9a65e3f entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Komponente Topic Handler. Durch Manipulation mit unbekannten Daten kann eine sandbox issue-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-265 Sandbox Issue",
"cweId": "CWE-265"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HimitZH",
"product": {
"product_data": [
{
"product_name": "HOJ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.6-9a65e3f"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.240365",
"refsource": "MISC",
"name": "https://vuldb.com/?id.240365"
},
{
"url": "https://vuldb.com/?ctiid.240365",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.240365"
},
{
"url": "https://github.com/payI0ad/cves/issues/1",
"refsource": "MISC",
"name": "https://github.com/payI0ad/cves/issues/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "payIoad (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}