admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-05 20:00:49 +00:00
parent 47b9999078
commit e39e034606
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 899 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
2022/3xxx/CVE-2022-3375.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.10, <15.8.5"
},
{
"version_value": ">=15.9, <15.9.4"
},
{
"version_value": ">=15.10, <15.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure through an error message in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/376041",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/376041",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1710533",
"url": "https://hackerone.com/reports/1710533",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.0,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [shells3c](https://hackerone.com/shells3c) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2022/3xxx/CVE-2022-3513.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3513",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.8, <15.8.5"
},
{
"version_value": ">=15.9, <15.9.4"
},
{
"version_value": ">=15.10, <15.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/377970",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377970",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1728015",
"url": "https://hackerone.com/reports/1728015",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [ryotak](https://hackerone.com/ryotak) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2023/0xxx/CVE-2023-0319.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.6, <15.8.5"
},
{
"version_value": ">=15.9, <15.9.4"
},
{
"version_value": ">=15.10, <15.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/388096",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/388096",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1817586",
"url": "https://hackerone.com/reports/1817586",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0319.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2023/0xxx/CVE-2023-0523.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=15.6, <15.8.5"
},
{
"version_value": ">=15.9, <15.9.4"
},
{
"version_value": ">=15.10, <15.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/389487",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/389487",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1842867",
"url": "https://hackerone.com/reports/1842867",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [cryptopone](https://hackerone.com/cryptopone) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2023/1xxx/CVE-2023-1098.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.5, <15.8.5"
},
{
"version_value": ">=15.9, <15.9.4"
},
{
"version_value": ">=15.10, <15.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure through an error message in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/383745",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383745",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1784294",
"url": "https://hackerone.com/reports/1784294",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [tennox_](https://hackerone.com/tennox_) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2023/1xxx/CVE-2023-1733.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.10, <15.8.5"
},
{
"version_value": ">=15.9, <15.9.4"
},
{
"version_value": ">=15.10, <15.10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/392665",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/392665",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1723124",
"url": "https://hackerone.com/reports/1723124",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

50
2023/1xxx/CVE-2023-1855.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel prior to Kernel 6.3 RC3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/",
"url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem."
}
]
}

85
2023/1xxx/CVE-2023-1884.json
View File

@ -1,89 +1,18 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1884",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1884",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
}
]
},
"source": {
"advisory": "dda73cb6-9344-4822-97a1-2e31efb6a73e",
"discovery": "EXTERNAL"
}
}

85
2023/1xxx/CVE-2023-1885.json
View File

@ -1,89 +1,18 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1885",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
}
]
},
"source": {
"advisory": "bce84c02-abb2-474f-a67b-1468c9dcabb8",
"discovery": "EXTERNAL"
}
}

18
2023/1xxx/CVE-2023-1894.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/1xxx/CVE-2023-1895.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2023/24xxx/CVE-2023-24720.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24720",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-24720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://infosec.zeyu2001.com/2023/readiumjs-cloud-reader-everybody-gets-an-xss",
"refsource": "MISC",
"name": "https://infosec.zeyu2001.com/2023/readiumjs-cloud-reader-everybody-gets-an-xss"
}
]
}

7
2023/24xxx/CVE-2023-24724.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. NOTE: the vendor's position is that this report \"does not contain adequate or accurate information about affected product versions or the nature of the exploit itself.\""
"value": "A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://medium.com/@williamamorim256/stored-xss-vulnerability-discovered-in-sas-9-4-admin-console-5680e9e4062c",
"url": "https://medium.com/@williamamorim256/stored-xss-vulnerability-discovered-in-sas-9-4-admin-console-5680e9e4062c"
},
{
"refsource": "CONFIRM",
"name": "https://support.sas.com/kb/55/539.html",
"url": "https://support.sas.com/kb/55/539.html"
}
]
}

56
2023/24xxx/CVE-2023-24747.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-24747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/Threonic/a262c19ed5027e5a7fe0b97b62b10a08",
"url": "https://gist.github.com/Threonic/a262c19ed5027e5a7fe0b97b62b10a08"
}
]
}

18
2023/29xxx/CVE-2023-29400.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29401.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29402.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29403.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29404.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29404",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29405.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29405",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29406.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29407.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29407",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29408.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29409.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}