admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-25 17:38:57 +00:00
parent 1e98bca198
commit f8c6155f37
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
100 changed files with 3789 additions and 1233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2019/10xxx/CVE-2019-10407.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10407",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-213"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10408.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10408",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10409.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10409",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-285"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10410.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10410",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Log Parser Plugin",
"version": {
"version_data": [
{
"version_value": "2.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Log Parser Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-732",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-732",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-732"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10411.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10411",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Inedo BuildMaster Plugin",
"version": {
"version_data": [
{
"version_value": "2.4.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-319"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Inedo BuildMaster Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.4.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1513",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1513",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1513"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10412.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10412",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Inedo ProGet Plugin",
"version": {
"version_data": [
{
"version_value": "1.2 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-319"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Inedo ProGet Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1514",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1514",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1514"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10413.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10413",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Data Theorem: CI/CD Plugin",
"version": {
"version_data": [
{
"version_value": "1.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-256"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Data Theorem: CI/CD Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1557",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1557",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1557"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10414.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10414",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Git Changelog Plugin",
"version": {
"version_data": [
{
"version_value": "2.17 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-256"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Git Changelog Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.17 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1574",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1574",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1574"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

79
2020/2xxx/CVE-2020-2098.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2098",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Sounds Plugin",
"version": {
"version_data": [
{
"version_value": "0.5",
"version_affected": "<="
},
{
"version_value": "0.5",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Sounds Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0.5",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814",
"url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814"
}
]
}

95
2020/2xxx/CVE-2020-2099.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2099",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.213",
"version_affected": "<="
},
{
"version_value": "LTS 2.204.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "2.213"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0683",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0402",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
"url": "https://access.redhat.com/errata/RHBA-2020:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0675",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
"url": "https://access.redhat.com/errata/RHBA-2020:0675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0675"
}
]
}

95
2020/2xxx/CVE-2020-2100.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2100",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.218",
"version_affected": "<="
},
{
"version_value": "LTS 2.204.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "2.218"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0683",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0402",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
"url": "https://access.redhat.com/errata/RHBA-2020:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0675",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
"url": "https://access.redhat.com/errata/RHBA-2020:0675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0675"
}
]
}

95
2020/2xxx/CVE-2020-2101.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2101",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.218",
"version_affected": "<="
},
{
"version_value": "LTS 2.204.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-208: Information Exposure Through Timing Discrepancy"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "2.218"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0683",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0402",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
"url": "https://access.redhat.com/errata/RHBA-2020:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0675",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
"url": "https://access.redhat.com/errata/RHBA-2020:0675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0675"
}
]
}

95
2020/2xxx/CVE-2020-2102.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2102",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.218",
"version_affected": "<="
},
{
"version_value": "LTS 2.204.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-208: Information Exposure Through Timing Discrepancy"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "2.218"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0683",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0402",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
"url": "https://access.redhat.com/errata/RHBA-2020:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0675",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
"url": "https://access.redhat.com/errata/RHBA-2020:0675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0675"
}
]
}

95
2020/2xxx/CVE-2020-2103.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2103",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.218",
"version_affected": "<="
},
{
"version_value": "LTS 2.204.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "2.218"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0683",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0402",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
"url": "https://access.redhat.com/errata/RHBA-2020:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0675",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
"url": "https://access.redhat.com/errata/RHBA-2020:0675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0675"
}
]
}

95
2020/2xxx/CVE-2020-2104.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2104",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.218",
"version_affected": "<="
},
{
"version_value": "LTS 2.204.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "2.218"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0683",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0402",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
"url": "https://access.redhat.com/errata/RHBA-2020:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0675",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
"url": "https://access.redhat.com/errata/RHBA-2020:0675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0675"
}
]
}

95
2020/2xxx/CVE-2020-2105.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2105",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "2.218",
"version_affected": "<="
},
{
"version_value": "LTS 2.204.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,43 +21,68 @@
"description": [
{
"lang": "eng",
"value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "2.218"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200129 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0681",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0683",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
"url": "https://access.redhat.com/errata/RHSA-2020:0683",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0402",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
"url": "https://access.redhat.com/errata/RHBA-2020:0402",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"refsource": "REDHAT",
"name": "RHBA-2020:0675",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
"url": "https://access.redhat.com/errata/RHBA-2020:0675",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0675"
}
]
}

79
2022/25xxx/CVE-2022-25198.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-25198",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins SCP publisher Plugin",
"version": {
"version_data": [
{
"version_value": "1.8",
"version_affected": "<="
},
{
"version_value": "1.8",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins SCP publisher Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.8",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2323",
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2323",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2323"
}
]
}

79
2022/25xxx/CVE-2022-25199.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-25199",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins SCP publisher Plugin",
"version": {
"version_data": [
{
"version_value": "1.8",
"version_affected": "<="
},
{
"version_value": "1.8",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins SCP publisher Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.8",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2323",
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2323",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2323"
}
]
}

85
2022/25xxx/CVE-2022-25200.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-25200",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Checkmarx Plugin",
"version": {
"version_data": [
{
"version_value": "2022.1.2",
"version_affected": "<="
},
{
"version_value": "2022.1.2",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Checkmarx Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2022.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2022.1.2",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017",
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220215 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/02/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/02/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/02/15/2"
}
]
}

79
2022/25xxx/CVE-2022-25201.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-25201",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Checkmarx Plugin",
"version": {
"version_data": [
{
"version_value": "2022.1.2",
"version_affected": "<="
},
{
"version_value": "2022.1.2",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Checkmarx Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2022.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2022.1.2",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017",
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017"
}
]
}

79
2022/25xxx/CVE-2022-25202.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-25202",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Promoted Builds (Simple) Plugin",
"version": {
"version_data": [
{
"version_value": "1.9",
"version_affected": "<="
},
{
"version_value": "1.9",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Promoted Builds (Simple) Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.9",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2334",
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2334",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2334"
}
]
}

79
2022/25xxx/CVE-2022-25203.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-25203",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Team Views Plugin",
"version": {
"version_data": [
{
"version_value": "0.9.0",
"version_affected": "<="
},
{
"version_value": "0.9.0",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Team Views Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "0.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0.9.0",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2324",
"url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2324",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2324"
}
]
}

79
2022/41xxx/CVE-2022-41234.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41234",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Rundeck Plugin",
"version": {
"version_data": [
{
"version_value": "3.6.11",
"version_affected": "<="
},
{
"version_value": "3.6.11",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Rundeck Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "3.6.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 3.6.11",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2169",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2169",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2169"
}
]
}

79
2022/41xxx/CVE-2022-41235.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41235",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins WildFly Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.2",
"version_affected": "<="
},
{
"version_value": "1.0.2",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins WildFly Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.2",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645"
}
]
}

79
2022/41xxx/CVE-2022-41236.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41236",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Security Inspector Plugin",
"version": {
"version_data": [
{
"version_value": "117.v6eecc36919c2",
"version_affected": "<="
},
{
"version_value": "117.v6eecc36919c2",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Security Inspector Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "117.v6eecc36919c2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 117.v6eecc36919c2",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2051",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2051",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2051"
}
]
}

79
2022/41xxx/CVE-2022-41237.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41237",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DotCi Plugin",
"version": {
"version_data": [
{
"version_value": "2.40.00",
"version_affected": "<="
},
{
"version_value": "2.40.00",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DotCi Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.40.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.40.00",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1737",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1737",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1737"
}
]
}

79
2022/41xxx/CVE-2022-41238.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41238",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DotCi Plugin",
"version": {
"version_data": [
{
"version_value": "2.40.00",
"version_affected": "<="
},
{
"version_value": "2.40.00",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DotCi Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.40.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.40.00",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2867",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2867",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2867"
}
]
}

79
2022/41xxx/CVE-2022-41239.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41239",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DotCi Plugin",
"version": {
"version_data": [
{
"version_value": "2.40.00",
"version_affected": "<="
},
{
"version_value": "2.40.00",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DotCi Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.40.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.40.00",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2884",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2884",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2884"
}
]
}

79
2022/41xxx/CVE-2022-41240.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41240",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Walti Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.1",
"version_affected": "<="
},
{
"version_value": "1.0.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,18 +21,57 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Walti Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.1",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1870",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1870",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-1870"
}
]
}

7
2023/25xxx/CVE-2023-25764.json
View File

@ -45,14 +45,15 @@
{
"lessThanOrEqual": "2.93",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
"version": "0",
"versionType": "maven"
},
{
"status": "unaffected",
"version": "2.89.0.1"
}
]
],
"defaultStatus": "unaffected"
}
}
]

78
2023/30xxx/CVE-2023-30912.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nA remote code execution issue exists in HPE OneView.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hewlett Packard Enterprise (HPE)",
"product": {
"product_data": [
{
"product_name": "HPE OneView",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "8.60.00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us",
"refsource": "MISC",
"name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2023/34xxx/CVE-2023-34446.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Combodo",
"product": {
"product_data": [
{
"product_name": "iTop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68",
"refsource": "MISC",
"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68"
},
{
"url": "https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10",
"refsource": "MISC",
"name": "https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10"
}
]
},
"source": {
"advisory": "GHSA-q4pp-j46r-gm68",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

86
2023/34xxx/CVE-2023-34447.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34447",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Combodo",
"product": {
"product_data": [
{
"product_name": "iTop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p",
"refsource": "MISC",
"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p"
},
{
"url": "https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33",
"refsource": "MISC",
"name": "https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33"
},
{
"url": "https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802",
"refsource": "MISC",
"name": "https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802"
}
]
},
"source": {
"advisory": "GHSA-6rfm-2rwg-mj7p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

103
2023/37xxx/CVE-2023-37283.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ping Identity",
"product": {
"product_data": [
{
"product_name": "PingFederate",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "11.3",
"version_value": "11.3.0"
},
{
"version_affected": "<=",
"version_name": "11.2.0",
"version_value": "11.2.6"
},
{
"version_affected": "<=",
"version_name": "11.1.0",
"version_value": "11.1.7"
},
{
"version_affected": "<=",
"version_name": "10.3.0",
"version_value": "10.3.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
"refsource": "MISC",
"name": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244",
"refsource": "MISC",
"name": "https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "SECADV037",
"defect": [
"PF-34017"
],
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

91
2023/37xxx/CVE-2023-37908.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-83: Improper Neutralization of Script in Attributes in a Web Page",
"cweId": "CWE-83"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-rendering",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 14.6-rc-1, < 14.10.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739"
},
{
"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp"
},
{
"url": "https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f"
},
{
"url": "https://jira.xwiki.org/browse/XRENDERING-697",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XRENDERING-697"
}
]
},
"source": {
"advisory": "GHSA-663w-2xp3-5739",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

90
2023/37xxx/CVE-2023-37909.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
"cweId": "CWE-95"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 5.1-rc-1, < 14.10.8"
},
{
"version_affected": "=",
"version_value": ">= 15.0-rc-1, < 15.3-rc-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20746",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-20746"
}
]
},
"source": {
"advisory": "GHSA-v2rr-xw95-wcjx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

90
2023/37xxx/CVE-2023-37910.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 14.0-rc-1, < 14.4.8"
},
{
"version_affected": "=",
"version_value": ">= 14.5, < 14.10.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20334",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-20334"
}
]
},
"source": {
"advisory": "GHSA-rwwx-6572-mp29",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

105
2023/37xxx/CVE-2023-37911.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere",
"cweId": "CWE-668"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 9.4-rc-1, < 14.10.8"
},
{
"version_affected": "=",
"version_value": ">= 15.0-rc-1, < 15.3-rc-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f"
},
{
"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages",
"refsource": "MISC",
"name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20684",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-20684"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20685",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-20685"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20817",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-20817"
}
]
},
"source": {
"advisory": "GHSA-gh64-qxh5-4m33",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

90
2023/37xxx/CVE-2023-37912.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-270: Privilege Context Switching Error",
"cweId": "CWE-270"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-rendering",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 14.10.6"
},
{
"version_affected": "=",
"version_value": ">= 15.0-rc-1, < 15.1-rc-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5"
},
{
"url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e"
},
{
"url": "https://jira.xwiki.org/browse/XRENDERING-688",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XRENDERING-688"
}
]
},
"source": {
"advisory": "GHSA-35j5-m29r-xfq5",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

64
2023/38xxx/CVE-2023-38041.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "Secure Access Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22.6R1",
"version_value": "22.6R1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US",
"refsource": "MISC",
"name": "https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

61
2023/39xxx/CVE-2023-39733.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39733.md",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39733.md"
},
{
"refsource": "MISC",
"name": "https://liff.line.me/1656987103-bk5k9PO4",
"url": "https://liff.line.me/1656987103-bk5k9PO4"
}
]
}

61
2023/39xxx/CVE-2023-39734.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-39734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39734.md",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39734.md"
},
{
"refsource": "MISC",
"name": "https://liff.line.me/1660679145-eMKgg4rJ",
"url": "https://liff.line.me/1660679145-eMKgg4rJ"
}
]
}

64
2023/41xxx/CVE-2023-41721.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.\n\nAffected Products:\nUDM\nUDM-PRO\nUDM-SE\nUDR\nUDW\n \nMitigation:\nUpdate UniFi Network to Version 7.5.187 or later.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ubiquiti",
"product": {
"product_data": [
{
"product_name": "UniFi Network Application",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.5.176",
"version_value": "7.5.176"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615",
"refsource": "MISC",
"name": "https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]
}

18
2023/41xxx/CVE-2023-41966.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41966",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

93
2023/42xxx/CVE-2023-42488.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@cyber.gov.il",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " EisBaer Scada",
"product": {
"product_data": [
{
"product_name": "v3.0.6433.1964",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ILVN-2023-0139",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to latest version</span>\n\n<br>"
}
],
"value": "\nUpgrade to latest version\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

99
2023/42xxx/CVE-2023-42489.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@cyber.gov.il",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " EisBaer Scada",
"product": {
"product_data": [
{
"product_name": "v3.0.6433.1964",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ILVN-2023-0140",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to latest version</span>\n\n<br>"
}
],
"value": "\nUpgrade to latest version\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

99
2023/42xxx/CVE-2023-42490.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42490",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@cyber.gov.il",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\nEisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " EisBaer Scada",
"product": {
"product_data": [
{
"product_name": "v3.0.6433.1964",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ILVN-2023-0141",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to latest version</span>\n\n<br>"
}
],
"value": "\nUpgrade to latest version\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

99
2023/42xxx/CVE-2023-42492.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@cyber.gov.il",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " EisBaer Scada",
"product": {
"product_data": [
{
"product_name": "v3.0.6433.1964",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ILVN-2023-0143",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to latest version</span>\n\n<br>"
}
],
"value": "\nUpgrade to latest version\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

99
2023/42xxx/CVE-2023-42493.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@cyber.gov.il",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " EisBaer Scada - CWE-256: Plaintext Storage of a Password"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Plaintext Storage of a Password",
"cweId": "CWE-256"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " EisBaer Scada",
"product": {
"product_data": [
{
"product_name": "v3.0.6433.1964",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ILVN-2023-0144",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to latest version</span>\n\n<br>"
}
],
"value": "\nUpgrade to latest version\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

99
2023/42xxx/CVE-2023-42494.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@cyber.gov.il",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " EisBaer Scada - CWE-749: Exposed Dangerous Method or Function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749: Exposed Dangerous Method or Function",
"cweId": "CWE-749"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " EisBaer Scada",
"product": {
"product_data": [
{
"product_name": "v3.0.6433.1964",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ILVN-2023-0145",
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to latest version</span>\n\n<br>"
}
],
"value": "\nUpgrade to latest version\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

18
2023/42xxx/CVE-2023-42769.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45228.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/45xxx/CVE-2023-45317.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

100
2023/46xxx/CVE-2023-46119.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "parse-community",
"product": {
"product_data": [
{
"product_name": "parse-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.0.0, < 5.5.6"
},
{
"version_affected": "=",
"version_value": ">= 6.0.0, < 6.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579"
},
{
"url": "https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe"
},
{
"url": "https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0"
},
{
"url": "https://github.com/parse-community/parse-server/releases/tag/5.5.6",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/releases/tag/5.5.6"
},
{
"url": "https://github.com/parse-community/parse-server/releases/tag/6.3.1",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/releases/tag/6.3.1"
}
]
},
"source": {
"advisory": "GHSA-792q-q67h-w579",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

81
2023/46xxx/CVE-2023-46123.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46123",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"cweId": "CWE-307"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jumpserver",
"product": {
"product_data": [
{
"product_name": "jumpserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-hvw4-766m-p89f",
"refsource": "MISC",
"name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-hvw4-766m-p89f"
},
{
"url": "https://github.com/jumpserver/jumpserver/releases/tag/v3.8.0",
"refsource": "MISC",
"name": "https://github.com/jumpserver/jumpserver/releases/tag/v3.8.0"
}
]
},
"source": {
"advisory": "GHSA-hvw4-766m-p89f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

81
2023/46xxx/CVE-2023-46135.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46135",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception",
"cweId": "CWE-248"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "stellar",
"product": {
"product_data": [
{
"product_name": "rs-stellar-strkey",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f",
"refsource": "MISC",
"name": "https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f"
},
{
"url": "https://github.com/stellar/rs-stellar-strkey/issues/58",
"refsource": "MISC",
"name": "https://github.com/stellar/rs-stellar-strkey/issues/58"
}
]
},
"source": {
"advisory": "GHSA-5873-6fwq-463f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

85
2023/46xxx/CVE-2023-46150.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46150",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <=\u00a03.1.9 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WP Military",
"product": {
"product_data": [
{
"product_name": "WP Radio",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "3.1.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-radio/wordpress-wp-radio-worldwide-online-radio-stations-directory-for-wordpress-plugin-3-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-radio/wordpress-wp-radio-worldwide-online-radio-stations-directory-for-wordpress-plugin-3-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Nguyen Xuan Chien (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

56
2023/46xxx/CVE-2023-46396.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/file/d/13PK6RnYdq7fJKw47ssgLEsQvzHOJttLL/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/13PK6RnYdq7fJKw47ssgLEsQvzHOJttLL/view?usp=sharing"
}
]
}

61
2023/46xxx/CVE-2023-46523.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/3/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/3/1.md"
}
]
}

18
2023/46xxx/CVE-2023-46734.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46735.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46736.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46737.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46738.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46739.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46740.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46740",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46741.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46741",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46742.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46743.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46744.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46744",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46745.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46745",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/46xxx/CVE-2023-46746.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46746",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

3
2023/4xxx/CVE-2023-4443.json
View File

@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/4xxx/CVE-2023-4444.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/4xxx/CVE-2023-4445.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/4xxx/CVE-2023-4446.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2023/4xxx/CVE-2023-4966.json
View File

@ -106,6 +106,11 @@
"url": "https://support.citrix.com/article/CTX579459",
"refsource": "MISC",
"name": "https://support.citrix.com/article/CTX579459"
},
{
"url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
}
]
},

3
2023/4xxx/CVE-2023-4988.json
View File

@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/4xxx/CVE-2023-4991.json
View File

@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"baseSeverity": "MEDIUM"
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

3
2023/5xxx/CVE-2023-5012.json
View File

@ -93,8 +93,7 @@
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5013.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N"
}
]
}

3
2023/5xxx/CVE-2023-5014.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5015.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2023/5xxx/CVE-2023-5016.json
View File

@ -119,8 +119,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5017.json
View File

@ -257,8 +257,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5278.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5279.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5280.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5281.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5282.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2023/5xxx/CVE-2023-5283.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

59
2023/5xxx/CVE-2023-5472.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5472",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "118.0.5993.117",
"version_value": "118.0.5993.117"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html"
},
{
"url": "https://crbug.com/1491296",
"refsource": "MISC",
"name": "https://crbug.com/1491296"
}
]
}

6
2023/5xxx/CVE-2023-5633.json
View File

@ -170,6 +170,12 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."
}
],
"credits": [
{
"lang": "en",

64
2023/5xxx/CVE-2023-5671.json
View File

@ -1,18 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HP Inc.",
"product": {
"product_data": [
{
"product_name": "HP Print and Scan Doctor for Windows",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "See HP Security Bulletin reference for affected versions.",
"status": "affected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hp.com/us-en/document/ish_9502679-9502704-16",
"refsource": "MISC",
"name": "https://support.hp.com/us-en/document/ish_9502679-9502704-16"
}
]
},
"generator": {
"engine": "cveClient/1.0.15"
}
}

18
2023/5xxx/CVE-2023-5750.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5760.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5761.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5767.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5768.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5769.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}