admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-16 17:00:44 +00:00
parent 63ac3cbb3a
commit ca8493a1b5
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 429 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2017/3xxx/CVE-2017-3145.json
View File

@ -1,43 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
"ID": "CVE-2017-3145",
"STATE": "PUBLIC",
"TITLE": "Improper fetch cleanup sequencing in the resolver can cause named to crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_value": "9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Jayachandran Palanisamy of Cygate AB for making us aware of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2017-3145",
"ASSIGNER": "security-officer@isc.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -46,22 +15,6 @@
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
@ -74,73 +27,126 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ISC",
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0102",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0102"
"url": "https://access.redhat.com/errata/RHSA-2018:0102",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0102"
},
{
"name": "RHSA-2018:0487",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0487"
"url": "https://access.redhat.com/errata/RHSA-2018:0487",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0487"
},
{
"name": "DSA-4089",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4089"
"url": "https://www.debian.org/security/2018/dsa-4089",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4089"
},
{
"name": "RHSA-2018:0488",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0488"
"url": "https://access.redhat.com/errata/RHSA-2018:0488",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0488"
},
{
"name": "RHSA-2018:0101",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0101"
"url": "https://access.redhat.com/errata/RHSA-2018:0101",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0101"
},
{
"name": "1040195",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040195"
"url": "http://www.securitytracker.com/id/1040195",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1040195"
},
{
"name": "https://kb.isc.org/docs/aa-01542",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01542"
"url": "https://kb.isc.org/docs/aa-01542",
"refsource": "MISC",
"name": "https://kb.isc.org/docs/aa-01542"
},
{
"name": "102716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102716"
"url": "http://www.securityfocus.com/bid/102716",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/102716"
},
{
"name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1255-1] bind9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html"
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180117-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0003/"
"url": "https://security.netapp.com/advisory/ntap-20180117-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20180117-0003/"
},
{
"url": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.11-P1\n BIND 9 version 9.10.6-P1\n BIND 9 version 9.11.2-P1\n BIND 9 version 9.12.0rc2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.11-S2\n BIND 9 version 9.10.6-S2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"lang": "en",
"value": "If an operator is experiencing crashes due to this, temporarily disabling DNSSEC validation can be used to avoid the known problematic code path while replacement builds are prepared."
}
]
],
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.11-P1\n BIND 9 version 9.10.6-P1\n BIND 9 version 9.11.2-P1\n BIND 9 version 9.12.0rc2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.11-S2\n BIND 9 version 9.10.6-S2"
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Jayachandran Palanisamy of Cygate AB for making us aware of this vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}
}

71
2023/24xxx/CVE-2023-24243.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-24243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://arc.cdata.com/",
"refsource": "MISC",
"name": "https://arc.cdata.com/"
},
{
"url": "https://arc.cdata.com/trial/",
"refsource": "MISC",
"name": "https://arc.cdata.com/trial/"
},
{
"refsource": "MISC",
"name": "https://www.cdata.com/kb/entries/netembeddedserver-notice.rst",
"url": "https://www.cdata.com/kb/entries/netembeddedserver-notice.rst"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8",
"url": "https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8"
}
]
}

8
2023/2xxx/CVE-2023-2918.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** Duplicate Assignment."
}
]
}

61
2023/30xxx/CVE-2023-30222.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-30222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com",
"refsource": "MISC",
"name": "https://packetstormsecurity.com"
},
{
"refsource": "MISC",
"name": "https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/",
"url": "https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/"
}
]
}

61
2023/30xxx/CVE-2023-30223.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30223",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-30223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com",
"refsource": "MISC",
"name": "https://packetstormsecurity.com"
},
{
"refsource": "MISC",
"name": "https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/",
"url": "https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server/"
}
]
}

106
2023/30xxx/CVE-2023-30625.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rudderlabs",
"product": {
"product_data": [
{
"product_name": "rudder-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.3.0-rc.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2022-097_rudder-server/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2022-097_rudder-server/"
},
{
"url": "https://github.com/rudderlabs/rudder-server/pull/2652",
"refsource": "MISC",
"name": "https://github.com/rudderlabs/rudder-server/pull/2652"
},
{
"url": "https://github.com/rudderlabs/rudder-server/pull/2663",
"refsource": "MISC",
"name": "https://github.com/rudderlabs/rudder-server/pull/2663"
},
{
"url": "https://github.com/rudderlabs/rudder-server/pull/2664",
"refsource": "MISC",
"name": "https://github.com/rudderlabs/rudder-server/pull/2664"
},
{
"url": "https://github.com/rudderlabs/rudder-server/commit/0d061ff2d8c16845179d215bf8012afceba12a30",
"refsource": "MISC",
"name": "https://github.com/rudderlabs/rudder-server/commit/0d061ff2d8c16845179d215bf8012afceba12a30"
},
{
"url": "https://github.com/rudderlabs/rudder-server/commit/2f956b7eb3d5eb2de3e79d7df2c87405af25071e",
"refsource": "MISC",
"name": "https://github.com/rudderlabs/rudder-server/commit/2f956b7eb3d5eb2de3e79d7df2c87405af25071e"
},
{
"url": "https://github.com/rudderlabs/rudder-server/commit/9c009d9775abc99e72fc470f4c4c8e8f1775e82a",
"refsource": "MISC",
"name": "https://github.com/rudderlabs/rudder-server/commit/9c009d9775abc99e72fc470f4c4c8e8f1775e82a"
}
]
},
"source": {
"advisory": "GHSA-3jmm-f6jj-rcc3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

56
2023/34xxx/CVE-2023-34733.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-34733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zj3t/Automotive-vulnerabilities/tree/main/VW/jetta2021",
"refsource": "MISC",
"name": "https://github.com/zj3t/Automotive-vulnerabilities/tree/main/VW/jetta2021"
}
]
}