admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-17 21:00:35 +00:00
parent 3a6dae20bb
commit d29b3eed7e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 411 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2022/33xxx/CVE-2022-33886.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
"product_name": "Autodesk Maya",
"version": {
"version_data": [
{
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Variable"
"value": "Out-of-bound Write"
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code."
"value": "A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code."
}
]
}

4
2022/42xxx/CVE-2022-42946.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "2023"
"version_value": "2023, 2022"
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
"value": "Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
]
}

4
2022/42xxx/CVE-2022-42947.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "2023"
"version_value": "2023, 2022"
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
"value": "A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
}
]
}

50
2023/25xxx/CVE-2023-25010.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Maya USD Plugin",
"version": {
"version_data": [
{
"version_value": "0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized Variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution."
}
]
}

50
2023/27xxx/CVE-2023-27906.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Maya USD Plugin",
"version": {
"version_data": [
{
"version_value": "0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution."
}
]
}

50
2023/27xxx/CVE-2023-27907.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Maya USD Plugin",
"version": {
"version_data": [
{
"version_value": "0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution."
}
]
}

50
2023/27xxx/CVE-2023-27909.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk FBX SDK",
"version": {
"version_data": [
{
"version_value": "2020"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Out-Of-Bounds Write Vulnerability in Autodesk\u00ae FBX\u00ae SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure."
}
]
}

50
2023/27xxx/CVE-2023-27910.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk FBX SDK",
"version": {
"version_data": [
{
"version_value": "2020"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior which may lead to code execution."
}
]
}

50
2023/27xxx/CVE-2023-27911.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk FBX SDK",
"version": {
"version_data": [
{
"version_value": "2020"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk\u00ae FBX\u00ae SDK 2020 or prior which may lead to code execution."
}
]
}

18
2023/2xxx/CVE-2023-2131.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

90
2023/30xxx/CVE-2023-30548.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30548",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server (`gatsby develop`). It should be noted that by default gatsby develop is only accessible via the localhost 127.0.0.1, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as --host 0.0.0.0, -H 0.0.0.0, or the GATSBY_HOST=0.0.0.0 environment variable. Attackers exploiting this vulnerability will have read access to all files within the scope of the server process. A patch has been introduced in gatsby-plugin-sharp@5.8.1 and gatsby-plugin-sharp@4.25.1 which mitigates the issue by ensuring that included paths remain within the project directory. As stated above, by default gatsby develop is only exposed to the localhost 127.0.0.1. For those using the develop server in the default configuration no risk is posed. If other ranges are required, preventing the develop server from being exposed to untrusted interfaces or IP address ranges would mitigate the risk from this vulnerability. Users are non the less encouraged to upgrade to a safe version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gatsbyjs",
"product": {
"product_data": [
{
"product_name": "gatsby",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.25.1"
},
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-h2pm-378c-pcxx",
"refsource": "MISC",
"name": "https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-h2pm-378c-pcxx"
},
{
"url": "https://github.com/gatsbyjs/gatsby/commit/5f442081b227cc0879babb96858f970c4ce94c6b",
"refsource": "MISC",
"name": "https://github.com/gatsbyjs/gatsby/commit/5f442081b227cc0879babb96858f970c4ce94c6b"
},
{
"url": "https://github.com/gatsbyjs/gatsby/commit/dcf88ed01df2c26e0c93a41e1a2a840076d8247e",
"refsource": "MISC",
"name": "https://github.com/gatsbyjs/gatsby/commit/dcf88ed01df2c26e0c93a41e1a2a840076d8247e"
}
]
},
"source": {
"advisory": "GHSA-h2pm-378c-pcxx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

18
2023/30xxx/CVE-2023-30793.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}