admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-30 19:00:38 +00:00
parent d38720ccbf
commit e53f49544c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 373 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2015/6xxx/CVE-2015-6639.json
View File

@ -71,6 +71,11 @@
"refsource": "FULLDISC",
"name": "20230530 CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)",
"url": "http://seclists.org/fulldisclosure/2023/May/26"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172637/Widevine-Trustlet-5.x-6.x-7.x-PRDiagVerifyProvisioning-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172637/Widevine-Trustlet-5.x-6.x-7.x-PRDiagVerifyProvisioning-Buffer-Overflow.html"
}
]
}

5
2015/6xxx/CVE-2015-6647.json
View File

@ -66,6 +66,11 @@
"refsource": "FULLDISC",
"name": "20230530 CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)",
"url": "http://seclists.org/fulldisclosure/2023/May/26"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172637/Widevine-Trustlet-5.x-6.x-7.x-PRDiagVerifyProvisioning-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172637/Widevine-Trustlet-5.x-6.x-7.x-PRDiagVerifyProvisioning-Buffer-Overflow.html"
}
]
}

5
2020/27xxx/CVE-2020-27507.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f",
"refsource": "MISC",
"name": "https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230530 [SECURITY] [DLA 3438-1] kamailio security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00030.html"
}
]
}

184
2023/1xxx/CVE-2023-1711.json
View File

@ -1,17 +1,193 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@hitachienergy.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. \nIf exploited an attacker could obtain confidential information.\n\n\n\nList of CPEs:\n * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*\n\n * \n * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*\n\n * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117",
"cweId": "CWE-117"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi Energy",
"product": {
"product_data": [
{
"product_name": "FOXMAN-UN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "FOXMAN-UN R16A"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R15B"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R15A"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R14B"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R14A"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R11B"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R11A"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R10C"
},
{
"version_affected": "=",
"version_value": "FOXMAN-UN R9C"
}
]
}
},
{
"product_name": "UNEM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "UNEM R16A"
},
{
"version_affected": "=",
"version_value": "UNEM R15B"
},
{
"version_affected": "=",
"version_value": "UNEM R15A"
},
{
"version_affected": "=",
"version_value": "UNEM R14B"
},
{
"version_affected": "=",
"version_value": "UNEM R14A"
},
{
"version_affected": "=",
"version_value": "UNEM R11B"
},
{
"version_affected": "=",
"version_value": "UNEM R11A"
},
{
"version_affected": "=",
"version_value": "UNEM R10C"
},
{
"version_affected": "=",
"version_value": "UNEM R9C"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000155&LanguageCode=en&DocumentPartId=&Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000166&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n<br>"
}
],
"value": "\nApply mitigation as described in the cybersecurity advisory Mitigation Factors/Workarounds Section.\n\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is remediated in FOXMAN-UN/UNEM R16B.<br>Please upgrade to R16B when released or apply general mitigation factors.<br><br>"
}
],
"value": "The vulnerability is remediated in FOXMAN-UN/UNEM R16B.\nPlease upgrade to R16B when released or apply general mitigation factors.\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

5
2023/31xxx/CVE-2023-31285.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20230529 SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software",
"url": "http://seclists.org/fulldisclosure/2023/May/14"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html",
"url": "http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html"
}
]
}

5
2023/31xxx/CVE-2023-31286.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20230529 SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software",
"url": "http://seclists.org/fulldisclosure/2023/May/14"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html",
"url": "http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html"
}
]
}

5
2023/31xxx/CVE-2023-31287.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20230529 SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software",
"url": "http://seclists.org/fulldisclosure/2023/May/14"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html",
"url": "http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html"
}
]
}

85
2023/32xxx/CVE-2023-32696.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ckan",
"product": {
"product_data": [
{
"product_name": "ckan-docker-base",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.9.9"
},
{
"version_affected": "=",
"version_value": ">= 2.10.0, < 2.10.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg",
"refsource": "MISC",
"name": "https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg"
},
{
"url": "https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d",
"refsource": "MISC",
"name": "https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d"
}
]
},
"source": {
"advisory": "GHSA-c74x-xfvr-x5wg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2023/32xxx/CVE-2023-32699.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32699",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. \u200bThe `checkUserPassword` method is used to check whether the password provided by the user matches the password saved in the database, and the `CodingUtil.md5` method is used to encrypt the original password with MD5 to ensure that the password will not be saved in plain text when it is stored. If a user submits a very long password when logging in, the system will be forced to execute the long password MD5 encryption process, causing the server CPU and memory to be exhausted, thereby causing a denial of service attack on the server. This issue is fixed in version 2.10.0-lts with a maximum password length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "metersphere",
"product": {
"product_data": [
{
"product_name": "metersphere",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qffq-8gf8-mhq7",
"refsource": "MISC",
"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qffq-8gf8-mhq7"
},
{
"url": "https://github.com/metersphere/metersphere/commit/c59e381d368990214813085a1a4877c5ef865411",
"refsource": "MISC",
"name": "https://github.com/metersphere/metersphere/commit/c59e381d368990214813085a1a4877c5ef865411"
}
]
},
"source": {
"advisory": "GHSA-qffq-8gf8-mhq7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

5
2023/33xxx/CVE-2023-33255.json
View File

@ -66,6 +66,11 @@
"refsource": "FULLDISC",
"name": "20230530 SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer",
"url": "http://seclists.org/fulldisclosure/2023/May/21"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.html"
}
]
}