admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-26 21:06:25 +00:00
parent 07a1263645
commit eb9c435dae
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
63 changed files with 2503 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
2022/25xxx/CVE-2022-25350.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25350",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "puppet-facter",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-PUPPETFACTER-3175616",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-PUPPETFACTER-3175616"
},
{
"url": "https://github.com/olindata/node-puppet-facter/blob/f34bcc754325d71bb3b1b534804e53d6170f15f5/index.js%23L10",
"refsource": "MISC",
"name": "https://github.com/olindata/node-puppet-facter/blob/f34bcc754325d71bb3b1b534804e53d6170f15f5/index.js%23L10"
}
]
},
"credits": [
{
"lang": "en",
"value": "JHU"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P"
}
]
}

88
2022/25xxx/CVE-2022-25860.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution (RCE)",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "simple-git",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391"
},
{
"url": "https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13",
"refsource": "MISC",
"name": "https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13"
},
{
"url": "https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951",
"refsource": "MISC",
"name": "https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951"
}
]
},
"credits": [
{
"lang": "en",
"value": "Santos Gallegos"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P"
}
]
}

78
2022/25xxx/CVE-2022-25908.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "create-choo-electron",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953"
}
]
},
"credits": [
{
"lang": "en",
"value": "Mingqing Kang"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P"
}
]
}

96
2022/26xxx/CVE-2022-26329.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "File existence disclosue vulnerability in IDM plugin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Identity Manager",
"version": {
"version_data": [
{
"platform": "ALL",
"version_affected": "<",
"version_name": "NetIQ Identity Manager",
"version_value": "4.8.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538 File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Update to the NetIQ Identity Manager 4.8.5 or above."
}
]
}

86
2022/27xxx/CVE-2022-27507.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@citrix.com",
"DATE_PUBLIC": "2022-05-26T05:58:00.000Z",
"ID": "CVE-2022-27507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Authenticated denial of service "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1",
"version_value": "13.1-21.50"
},
{
"version_affected": "<",
"version_name": "13.0",
"version_value": "13.0-85.19"
},
{
"version_affected": "<",
"version_name": "12.1",
"version_value": "12.1-64.17\u202f "
},
{
"version_affected": "<",
"version_name": "12.1 FIPS",
"version_value": "12.1-55.278"
},
{
"version_affected": "<",
"version_name": "12.1 NDcPP",
"version_value": "12.1-55.278"
}
]
}
}
]
},
"vendor_name": "Citirx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated denial of service"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508",
"name": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

66
2022/27xxx/CVE-2022-27508.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@citrix.com",
"DATE_PUBLIC": "2022-05-26T05:58:00.000Z",
"ID": "CVE-2022-27508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Unauthenticated denial of service "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "12.1",
"version_value": "12.1-64.16"
}
]
}
}
]
},
"vendor_name": "Citirx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated denial of service"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508",
"name": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2022/2xxx/CVE-2022-2873.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230120-0001/",
"url": "https://security.netapp.com/advisory/ntap-20230120-0001/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
},

10
2022/32xxx/CVE-2022-32221.json
View File

@ -68,6 +68,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
},

5
2022/32xxx/CVE-2022-32915.json
View File

@ -54,6 +54,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213604",
"url": "https://support.apple.com/kb/HT213604"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
}
]
},

10
2022/35xxx/CVE-2022-35252.json
View File

@ -68,6 +68,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213604",
"url": "https://support.apple.com/kb/HT213604"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
}
]
},

10
2022/35xxx/CVE-2022-35260.json
View File

@ -68,6 +68,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
},

5
2022/36xxx/CVE-2022-36280.json
View File

@ -92,6 +92,11 @@
"refsource": "MISC",
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2071",
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2071"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
},

90
2022/3xxx/CVE-2022-3478.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.8, <15.4.6"
},
{
"version_value": ">=15.5, <15.5.5"
},
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/377788",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377788",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1716296",
"url": "https://hackerone.com/reports/1716296",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [luryus](https://hackerone.com/luryus) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2022/3xxx/CVE-2022-3482.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.3, <15.4.6"
},
{
"version_value": ">=15.5, <15.5.5"
},
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/377802",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377802",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1725841",
"url": "https://hackerone.com/reports/1725841",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only"
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

5
2022/3xxx/CVE-2022-3545.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0003/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0003/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}

90
2022/3xxx/CVE-2022-3572.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3572",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.5, <15.4.6"
},
{
"version_value": ">=15.5, <15.5.5"
},
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/378214",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/378214",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1727985",
"url": "https://hackerone.com/reports/1727985",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [ryotak](https://hackerone.com/ryotak) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

5
2022/3xxx/CVE-2022-3623.json
View File

@ -71,6 +71,11 @@
"url": "https://vuldb.com/?id.211921",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211921"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}

5
2022/3xxx/CVE-2022-3705.json
View File

@ -101,6 +101,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}

90
2022/3xxx/CVE-2022-3740.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3740",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.9, <15.4.6"
},
{
"version_value": ">=15.5, <15.5.5"
},
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/368416",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/368416",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1602904",
"url": "https://hackerone.com/reports/1602904",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys ."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [@joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

85
2022/3xxx/CVE-2022-3820.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=15.4, <15.4.6"
},
{
"version_value": ">=15.5, <15.5.5"
},
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/378638",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/378638",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team."
}
]
}

90
2022/3xxx/CVE-2022-3902.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=9.3, <15.4.6"
},
{
"version_value": ">=15.5, <15.5.5"
},
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/381895",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/381895",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1757999",
"url": "https://hackerone.com/reports/1757999",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

5
2022/41xxx/CVE-2022-41218.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220923 [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
"url": "http://www.openwall.com/lists/oss-security/2022/09/24/1"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}

10
2022/42xxx/CVE-2022-42915.json
View File

@ -91,6 +91,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}

10
2022/42xxx/CVE-2022-42916.json
View File

@ -96,6 +96,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"refsource": "FULLDISC",
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}

5
2022/45xxx/CVE-2022-45934.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230113-0008/",
"url": "https://security.netapp.com/advisory/ntap-20230113-0008/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}

56
2022/47xxx/CVE-2022-47100.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-47100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/iot-sec23/IoT-CVE/blob/main/Sengled%20Smart%20Bulb%20Vulnerability%20Report.pdf",
"url": "https://github.com/iot-sec23/IoT-CVE/blob/main/Sengled%20Smart%20Bulb%20Vulnerability%20Report.pdf"
}
]
}

5
2022/47xxx/CVE-2022-47929.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6",
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}

90
2022/4xxx/CVE-2022-4054.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=9.3, <15.4.6"
},
{
"version_value": ">=15.5, <15.5.5"
},
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/382260",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/382260",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1758126",
"url": "https://hackerone.com/reports/1758126",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program."
}
]
}

84
2022/4xxx/CVE-2022-4092.json
View File

@ -4,15 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=15.6, <15.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper enforcement of message or data structure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/383208",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383208",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1777934",
"url": "https://hackerone.com/reports/1777934",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

97
2023/0xxx/CVE-2023-0356.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-261 Weak Encoding For Password",
"cweId": "CWE-261"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SOCOMEC",
"product": {
"product_data": [
{
"product_name": "MODULYS GP ",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-024-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-024-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">SOCOMEC has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact SOCOMEC </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.socomec.com/contact-us_en.html\">customer support</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nSOCOMEC has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact SOCOMEC customer support https://www.socomec.com/contact-us_en.html .\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Javier Fernandez Ber\u00e9 and Aar\u00f3n Flecha Men\u00e9ndez of S21sec reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

89
2023/0xxx/CVE-2023-0411.json
View File

@ -4,15 +4,98 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=4.0.0, <4.0.3"
},
{
"version_value": ">=3.6.0, <3.6.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive iteration in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2023-06.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2023-06.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18711",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18711",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18720",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18720",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18737",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18737",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
}

79
2023/0xxx/CVE-2023-0412.json
View File

@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0412",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=4.0.0, <4.0.3"
},
{
"version_value": ">=3.6.0, <3.6.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled recursion in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2023-07.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18770",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18770",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
}

79
2023/0xxx/CVE-2023-0413.json
View File

@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=4.0.0, <4.0.3"
},
{
"version_value": ">=3.6.0, <3.6.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null pointer dereference in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2023-03.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18766",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18766",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
}

76
2023/0xxx/CVE-2023-0414.json
View File

@ -4,15 +4,85 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0414",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=4.0.0, <4.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Expired pointer dereference in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2023-01.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2023-01.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18622",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18622",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
}

79
2023/0xxx/CVE-2023-0415.json
View File

@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=4.0.0, <4.0.3"
},
{
"version_value": ">=3.6.0, <3.6.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null pointer dereference in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2023-05.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2023-05.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18796",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18796",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
}

79
2023/0xxx/CVE-2023-0416.json
View File

@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=4.0.0, <4.0.3"
},
{
"version_value": ">=3.6.0, <3.6.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Expired pointer dereference in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2023-04.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2023-04.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18779",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18779",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
}

79
2023/0xxx/CVE-2023-0417.json
View File

@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wireshark Foundation",
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=4.0.0, <4.0.3"
},
{
"version_value": ">=3.6.0, <3.6.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled memory allocation in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2023-02.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2023-02.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/18628",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18628",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
}

50
2023/0xxx/CVE-2023-0444.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Delta Electronics InfraSuite Device Master 00.00.02a",
"version": {
"version_data": [
{
"version_value": "Delta Electronics InfraSuite Device Master 00.00.02a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2023-4",
"url": "https://www.tenable.com/security/research/tra-2023-4"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator."
}
]
}

50
2023/0xxx/CVE-2023-0448.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "WP Helper Lite Wordpress Plugin",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2023-3",
"url": "https://www.tenable.com/security/research/tra-2023-3"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability."
}
]
}

18
2023/0xxx/CVE-2023-0455.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0456.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0480.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0481.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0481",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0482.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

85
2023/22xxx/CVE-2023-22486.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22486",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-407: Inefficient Algorithmic Complexity",
"cweId": "CWE-407"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github",
"product": {
"product_data": [
{
"product_name": "cmark-gfm",
"version": {
"version_data": [
{
"version_value": "< 0.29.0.gfm.7",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p",
"refsource": "MISC",
"name": "https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p"
}
]
},
"source": {
"advisory": "GHSA-r572-jvj2-3m8p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

5
2023/23xxx/CVE-2023-23454.json
View File

@ -66,6 +66,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}

5
2023/23xxx/CVE-2023-23455.json
View File

@ -66,6 +66,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b"
},
{
"refsource": "DEBIAN",
"name": "DSA-5324",
"url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}

76
2023/23xxx/CVE-2023-23608.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an attacker to insert arbitrary characters into the path that is used for API requests. Because it is possible to include \"..\", an attacker can redirect for example a track lookup via spotifyApi.track() to an arbitrary API endpoint like playlists, but this is possible for other endpoints as well. The impact of this vulnerability depends heavily on what operations a client application performs when it handles a URI from a user and how it uses the responses it receives from the API. This issue is patched in version 2.22.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "spotipy-dev",
"product": {
"product_data": [
{
"product_name": "spotipy",
"version": {
"version_data": [
{
"version_value": "< 2.22.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v",
"refsource": "MISC",
"name": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v"
}
]
},
"source": {
"advisory": "GHSA-q764-g6fm-555v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N",
"version": "3.1"
}
]
}

2
2023/24xxx/CVE-2023-24068.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file."
"value": "** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
}
]
},

2
2023/24xxx/CVE-2023-24069.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.)"
"value": "** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
}
]
},

18
2023/24xxx/CVE-2023-24496.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24497.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24498.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24499.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24500.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24501.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24502.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24504.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24505.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24506.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24507.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24508.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}