admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-16 22:00:34 +00:00
parent d63ac6de03
commit fdbf9af269
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 662 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/28xxx/CVE-2021-28117.json
View File

@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60",
"url": "https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60"
},
{
"refsource": "MISC",
"name": "https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356",
"url": "https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356"
}
]
}

5
2021/31xxx/CVE-2021-31606.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164274/OpenVPN-Monitor-1.1.3-Authorization-Bypass-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/164274/OpenVPN-Monitor-1.1.3-Authorization-Bypass-Denial-Of-Service.html"
},
{
"refsource": "MISC",
"name": "https://github.com/furlongm/openvpn-monitor/commit/ddb9d31ef0ec56f578bdacf99ebe9d68455ed8ca",
"url": "https://github.com/furlongm/openvpn-monitor/commit/ddb9d31ef0ec56f578bdacf99ebe9d68455ed8ca"
}
]
}

135
2023/40xxx/CVE-2023-40314.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40314",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@opennms.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\nCross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer\n\n\n\n\n\n\n\n\n\n\nMeridian\nand Horizon installation instructions state that they are intended for\ninstallation within an organization's private networks and should not be\ndirectly accessible from the Internet. \n\nOpenNMS thanks \n\nMoshe Apelbaum\n\n for reporting this issue.\n\n\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": " The OpenNMS Group",
"product": {
"product_data": [
{
"product_name": "Horizon",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "31.0.8",
"version_value": "32.0.4"
}
]
}
}
]
}
},
{
"vendor_name": "The OpenNMS Group ",
"product": {
"product_data": [
{
"product_name": "Meridian",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2023.1.8",
"status": "unknown",
"version": "0",
"versionType": "git"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenNMS/opennms/pull/6791",
"refsource": "MISC",
"name": "https://github.com/OpenNMS/opennms/pull/6791"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nupgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer\n\n<br>"
}
],
"value": "\nupgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Moshe Apelbaum"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

81
2023/47xxx/CVE-2023-47642.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47642",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream\u2019s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zulip",
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.3.0, < 7.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p",
"refsource": "MISC",
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-c9wc-65fh-9x8p"
},
{
"url": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737",
"refsource": "MISC",
"name": "https://github.com/zulip/zulip/commit/6336322d2f9bbccaacfc80cba83a3c62eefd5737"
}
]
},
"source": {
"advisory": "GHSA-c9wc-65fh-9x8p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

76
2023/48xxx/CVE-2023-48222.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rundeck",
"product": {
"product_data": [
{
"product_name": "rundeck",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.12.0, < 4.17.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-phmw-jx86-x666",
"refsource": "MISC",
"name": "https://github.com/rundeck/rundeck/security/advisories/GHSA-phmw-jx86-x666"
}
]
},
"source": {
"advisory": "GHSA-phmw-jx86-x666",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

18
2023/48xxx/CVE-2023-48433.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/48xxx/CVE-2023-48434.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

85
2023/5xxx/CVE-2023-5900.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pkp",
"product": {
"product_data": [
{
"product_name": "pkp/pkp-lib",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "3.3.0-16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354",
"refsource": "MISC",
"name": "https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354"
},
{
"url": "https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803",
"refsource": "MISC",
"name": "https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

85
2023/5xxx/CVE-2023-5901.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pkp",
"product": {
"product_data": [
{
"product_name": "pkp/pkp-lib",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "3.3.0-16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/8fb9b06b-cadd-469e-862d-5ce026019597",
"refsource": "MISC",
"name": "https://huntr.com/bounties/8fb9b06b-cadd-469e-862d-5ce026019597"
},
{
"url": "https://github.com/pkp/pkp-lib/commit/44d8bde60eb2575fd4087b76540aec9b49389e23",
"refsource": "MISC",
"name": "https://github.com/pkp/pkp-lib/commit/44d8bde60eb2575fd4087b76540aec9b49389e23"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "8fb9b06b-cadd-469e-862d-5ce026019597",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

77
2023/6xxx/CVE-2023-6014.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
"cweId": "CWE-598"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mlflow",
"product": {
"product_data": [
{
"product_name": "mlflow/mlflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "latest"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4",
"refsource": "MISC",
"name": "https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4"
}
]
},
"source": {
"advisory": "3e64df69-ddc2-463e-9809-d07c24dc1de4",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

77
2023/6xxx/CVE-2023-6020.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598 Use of GET Request Method With Sensitive Query Strings",
"cweId": "CWE-598"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ray-project",
"product": {
"product_data": [
{
"product_name": "ray-project/ray",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "latest"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6",
"refsource": "MISC",
"name": "https://huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6"
}
]
},
"source": {
"advisory": "83dd8619-6dc3-4c98-8f1b-e620fedcd1f6",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
]
}

17
2023/6xxx/CVE-2023-6069.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0."
"value": "Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\n\n"
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}
@ -67,6 +67,9 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "aac0627e-e59d-476e-9385-edb7ff53758c",
"discovery": "EXTERNAL"
@ -74,18 +77,18 @@
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/6xxx/CVE-2023-6184.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6184",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}