-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2023-12-17T00:55:25.398649+00:00
- Loading branch information
1 parent
2e0f89e
commit 7aa34e0
Showing
4 changed files
with
125 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,12 +2,12 @@ | |
| "id": "CVE-2023-45853", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-10-14T02:15:09.323", | ||
| "lastModified": "2023-11-30T22:15:08.250", | ||
| "lastModified": "2023-12-16T23:15:40.647", | ||
| "vulnStatus": "Modified", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product." | ||
| "value": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
|
|
@@ -108,6 +108,10 @@ | |
| "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://pypi.org/project/pyminizip/#history", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://security.netapp.com/advisory/ntap-20231130-0009/", | ||
| "source": "[email protected]" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "id": "CVE-2023-50784", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-16T23:15:40.770", | ||
| "lastModified": "2023-12-16T23:15:40.770", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://forums.unrealircd.org/viewtopic.php?t=9340", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://www.unrealircd.org/index/news", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| { | ||
| "id": "CVE-2023-6885", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-16T23:15:40.830", | ||
| "lastModified": "2023-12-16T23:15:40.830", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
| "attackVector": "ADJACENT_NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "LOW", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 5.5, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 2.1, | ||
| "impactScore": 3.4 | ||
| } | ||
| ], | ||
| "cvssMetricV2": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "2.0", | ||
| "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", | ||
| "accessVector": "ADJACENT_NETWORK", | ||
| "accessComplexity": "LOW", | ||
| "authentication": "SINGLE", | ||
| "confidentialityImpact": "PARTIAL", | ||
| "integrityImpact": "PARTIAL", | ||
| "availabilityImpact": "PARTIAL", | ||
| "baseScore": 5.2 | ||
| }, | ||
| "baseSeverity": "MEDIUM", | ||
| "exploitabilityScore": 5.1, | ||
| "impactScore": 6.4, | ||
| "acInsufInfo": false, | ||
| "obtainAllPrivilege": false, | ||
| "obtainUserPrivilege": false, | ||
| "obtainOtherPrivilege": false, | ||
| "userInteractionRequired": false | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-89" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/Martinzb/cve/blob/main/sql.md", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.248245", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?id.248245", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters