admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-20 18:00:35 +00:00
parent a960c493e8
commit cfc19400bb
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 459 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2010/3xxx/CVE-2010-3856.json
View File

@ -167,6 +167,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
}
]
}

5
2016/10xxx/CVE-2016-10009.json
View File

@ -146,6 +146,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent",
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/1"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
}
]
}

2
2021/37xxx/CVE-2021-37386.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."
"value": "HTML Injection vulnerability was found in some ONU models allows remote high privileged authenticated user to send arbitrary HTML tags via web interface, this vulnerability can cause deny of service after device is rebooted if an invalid serial number addressed."
}
]
},

66
2021/45xxx/CVE-2021-45094.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.imprivata.com/privileged-access-management",
"refsource": "MISC",
"name": "https://www.imprivata.com/privileged-access-management"
},
{
"url": "https://aegis9.com.au/blog/",
"refsource": "MISC",
"name": "https://aegis9.com.au/blog/"
},
{
"refsource": "MISC",
"name": "https://www.aegis9.com.au/blog/5/",
"url": "https://www.aegis9.com.au/blog/5/"
}
]
}

5
2022/28xxx/CVE-2022-28171.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.html"
}
]
},

7
2023/1xxx/CVE-2023-1258.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.\n\n"
}
]
},
@ -59,6 +59,11 @@
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch"
},
{
"url": "http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html"
}
]
},

61
2023/31xxx/CVE-2023-31461.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31461",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://steelseries.com/gg",
"refsource": "MISC",
"name": "https://steelseries.com/gg"
},
{
"refsource": "MISC",
"name": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation",
"url": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation"
}
]
}

61
2023/31xxx/CVE-2023-31462.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31462",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://steelseries.com/gg",
"refsource": "MISC",
"name": "https://steelseries.com/gg"
},
{
"refsource": "MISC",
"name": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation",
"url": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation"
}
]
}

5
2023/37xxx/CVE-2023-37629.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629",
"url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173656/Online-Piggery-Management-System-1.0-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/173656/Online-Piggery-Management-System-1.0-Shell-Upload.html"
}
]
}

71
2023/37xxx/CVE-2023-37728.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37728",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-37728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://icewarp.com",
"refsource": "MISC",
"name": "http://icewarp.com"
},
{
"url": "http://icearp.com",
"refsource": "MISC",
"name": "http://icearp.com"
},
{
"url": "http://mail.ziyan.com/webmail/?color=%22%3E%3Cimg%20src%20onerror=%22alert(0)%22%3E%3C%22%27",
"refsource": "MISC",
"name": "http://mail.ziyan.com/webmail/?color=%22%3E%3Cimg%20src%20onerror=%22alert(0)%22%3E%3C%22%27"
},
{
"refsource": "MISC",
"name": "https://medium.com/@ayush.engr29/cve-2023-37728-6dfb7586311",
"url": "https://medium.com/@ayush.engr29/cve-2023-37728-6dfb7586311"
}
]
}

56
2023/38xxx/CVE-2023-38334.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38334",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-38334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an \"irreversible operation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt",
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt"
}
]
}

56
2023/38xxx/CVE-2023-38335.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38335",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-38335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries \"always private\" - this is supposed to be an irreversible operation. However, due to implementation issues, \"always private\" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \"irreversible operation\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt",
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt"
}
]
}

5
2023/38xxx/CVE-2023-38408.json
View File

@ -106,6 +106,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released",
"url": "http://www.openwall.com/lists/oss-security/2023/07/20/2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"
}
]
}

96
2023/3xxx/CVE-2023-3791.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in IBOS OA 4.5.5 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion actionExport der Datei ?r=contact/default/export der Komponente Personal Office Address Book. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBOS",
"product": {
"product_data": [
{
"product_name": "OA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.235058",
"refsource": "MISC",
"name": "https://vuldb.com/?id.235058"
},
{
"url": "https://vuldb.com/?ctiid.235058",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235058"
},
{
"url": "https://github.com/zry-wyj/cve/blob/main/ibos.md",
"refsource": "MISC",
"name": "https://github.com/zry-wyj/cve/blob/main/ibos.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Zhang Renyi (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}