admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-14 21:00:51 +00:00
parent 2dbff95d53
commit c97d185bc2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 248 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2023/21xxx/CVE-2023-21778.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-21778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability"
},
{
"lang": "eng",
"value": "Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics 365",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.2.0",
"version_value": "4.2.0.51"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21778",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21778"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 8.3,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}

101
2023/22xxx/CVE-2023-22743.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "git-for-windows",
"product": {
"product_data": [
{
"product_name": "git",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.39.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq",
"refsource": "MISC",
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq"
},
{
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3",
"refsource": "MISC",
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3"
},
{
"url": "https://attack.mitre.org/techniques/T1574/002/",
"refsource": "MISC",
"name": "https://attack.mitre.org/techniques/T1574/002/"
},
{
"url": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1",
"refsource": "MISC",
"name": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1"
},
{
"url": "https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions",
"refsource": "MISC",
"name": "https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions"
},
{
"url": "https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies-",
"refsource": "MISC",
"name": "https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies-"
}
]
},
"source": {
"advisory": "GHSA-p2x9-prp4-8gvq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

91
2023/23xxx/CVE-2023-23618.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's \"Visualize History\" functionality) in clones of untrusted repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "git-for-windows",
"product": {
"product_data": [
{
"product_name": "git",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.39.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1",
"refsource": "MISC",
"name": "https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1"
},
{
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm",
"refsource": "MISC",
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm"
},
{
"url": "https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c",
"refsource": "MISC",
"name": "https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c"
},
{
"url": "https://wiki.tcl-lang.org/page/exec",
"refsource": "MISC",
"name": "https://wiki.tcl-lang.org/page/exec"
}
]
},
"source": {
"advisory": "GHSA-wxwv-49qw-35pm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}