admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-23 21:00:32 +00:00
parent b71bc78054
commit e1a8910364
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 375 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/37xxx/CVE-2023-37379.json
View File

@ -82,6 +82,11 @@
"url": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/23/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/08/23/4"
}
]
},

5
2023/39xxx/CVE-2023-39441.json
View File

@ -98,6 +98,11 @@
"url": "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/23/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/08/23/2"
}
]
},

95
2023/40xxx/CVE-2023-40035.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "craftcms",
"product": {
"product_data": [
{
"product_name": "cms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.0.0-RC1, < 4.4.15"
},
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.8.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw"
},
{
"url": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5"
},
{
"url": "https://github.com/craftcms/cms/releases/tag/3.8.15",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/releases/tag/3.8.15"
},
{
"url": "https://github.com/craftcms/cms/releases/tag/4.4.15",
"refsource": "MISC",
"name": "https://github.com/craftcms/cms/releases/tag/4.4.15"
}
]
},
"source": {
"advisory": "GHSA-44wr-rmwq-3phw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

86
2023/40xxx/CVE-2023-40177.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the ``display`` script service to render the content we make sure that the proper author is used for access rights checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
"cweId": "CWE-95"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.3-milestone-2, < 14.10.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-7369",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-7369"
}
]
},
"source": {
"advisory": "GHSA-5mf8-v43w-mfxp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
]
}

86
2023/40xxx/CVE-2023-40178.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "node-saml",
"product": {
"product_data": [
{
"product_name": "node-saml",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw",
"refsource": "MISC",
"name": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw"
},
{
"url": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec",
"refsource": "MISC",
"name": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec"
},
{
"url": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5",
"refsource": "MISC",
"name": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5"
}
]
},
"source": {
"advisory": "GHSA-vx8m-6fhw-pccw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

91
2023/40xxx/CVE-2023-40185.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences",
"cweId": "CWE-150"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ericcornelissen",
"product": {
"product_data": [
{
"product_name": "shescape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.7.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549",
"refsource": "MISC",
"name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"
},
{
"url": "https://github.com/ericcornelissen/shescape/pull/1142",
"refsource": "MISC",
"name": "https://github.com/ericcornelissen/shescape/pull/1142"
},
{
"url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63",
"refsource": "MISC",
"name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"
},
{
"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4",
"refsource": "MISC",
"name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"
}
]
},
"source": {
"advisory": "GHSA-j55r-787p-m549",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

5
2023/40xxx/CVE-2023-40273.json
View File

@ -64,6 +64,11 @@
"url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/23/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/08/23/1"
}
]
},

18
2023/4xxx/CVE-2023-4503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}