admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-18 21:00:37 +00:00
parent 2988560201
commit e45df9d0fb
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 397 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2023/32xxx/CVE-2023-32712.json
View File

@ -102,6 +102,12 @@
"source": {
"advisory": "SVD-2023-0606"
},
"credits": [
{
"lang": "en",
"value": "ST\u00d6K / Fredrik Alexandersson"
}
],
"impact": {
"cvss": [
{

5
2023/36xxx/CVE-2023-36478.json
View File

@ -95,6 +95,11 @@
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009",
"refsource": "MISC",
"name": "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
}
]
},

6
2023/3xxx/CVE-2023-3997.json
View File

@ -77,6 +77,12 @@
"source": {
"advisory": "SVD-2023-0702"
},
"credits": [
{
"lang": "en",
"value": "ST\u00d6K / Fredrik Alexandersson"
}
],
"impact": {
"cvss": [
{

7
2023/40xxx/CVE-2023-40592.json
View File

@ -64,7 +64,7 @@
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2305.200"
"version_value": "9.0.2305.200 "
}
]
}
@ -81,6 +81,11 @@
"url": "https://advisory.splunk.com/advisories/SVD-2023-0801",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0801"
},
{
"url": "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/"
}
]
},

7
2023/40xxx/CVE-2023-40593.json
View File

@ -59,7 +59,7 @@
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2305.200"
"version_value": "9.0.2205"
}
]
}
@ -76,6 +76,11 @@
"url": "https://advisory.splunk.com/advisories/SVD-2023-0802",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0802"
},
{
"url": "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/"
}
]
},

7
2023/40xxx/CVE-2023-40594.json
View File

@ -64,7 +64,7 @@
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2305.200"
"version_value": "9.0.2303.100"
}
]
}
@ -81,6 +81,11 @@
"url": "https://advisory.splunk.com/advisories/SVD-2023-0803",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0803"
},
{
"url": "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/"
}
]
},

5
2023/40xxx/CVE-2023-40595.json
View File

@ -81,6 +81,11 @@
"url": "https://advisory.splunk.com/advisories/SVD-2023-0804",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0804"
},
{
"url": "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/"
}
]
},

5
2023/40xxx/CVE-2023-40597.json
View File

@ -81,6 +81,11 @@
"url": "https://advisory.splunk.com/advisories/SVD-2023-0806",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0806"
},
{
"url": "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/"
}
]
},

5
2023/40xxx/CVE-2023-40598.json
View File

@ -81,6 +81,11 @@
"url": "https://advisory.splunk.com/advisories/SVD-2023-0807",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2023-0807"
},
{
"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/"
}
]
},

76
2023/43xxx/CVE-2023-43802.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/upload` which handles request with the `filename` parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "arduino",
"product": {
"product_data": [
{
"product_name": "arduino-create-agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-75j7-w798-cwwx",
"refsource": "MISC",
"name": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-75j7-w798-cwwx"
}
]
},
"source": {
"advisory": "GHSA-75j7-w798-cwwx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

76
2023/43xxx/CVE-2023-43803.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43803",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "arduino",
"product": {
"product_data": [
{
"product_name": "arduino-create-agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-m5jc-r4gf-c6p8",
"refsource": "MISC",
"name": "https://github.com/arduino/arduino-create-agent/security/advisories/GHSA-m5jc-r4gf-c6p8"
}
]
},
"source": {
"advisory": "GHSA-m5jc-r4gf-c6p8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
]
}

5
2023/44xxx/CVE-2023-44487.json
View File

@ -566,6 +566,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
}
]
}

89
2023/45xxx/CVE-2023-45145.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45145",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere",
"cweId": "CWE-668"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "redis",
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.6.0-rc1, < 6.2.14"
},
{
"version_affected": "=",
"version_value": ">= 7.0.0, < 7.0.14"
},
{
"version_affected": "=",
"version_value": ">= 7.1.0, < 7.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx",
"refsource": "MISC",
"name": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx"
},
{
"url": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1",
"refsource": "MISC",
"name": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1"
}
]
},
"source": {
"advisory": "GHSA-ghmp-889m-7cvx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2023/45xxx/CVE-2023-45813.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DedSecInside",
"product": {
"product_data": [
{
"product_name": "TorBot",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff",
"refsource": "MISC",
"name": "https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff"
},
{
"url": "https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4",
"refsource": "MISC",
"name": "https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4"
}
]
},
"source": {
"advisory": "GHSA-72qw-p7hh-m3ff",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2023/5xxx/CVE-2023-5646.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5646",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5647.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5647",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}