-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2023-12-14T19:00:25.136410+00:00
- Loading branch information
1 parent
23111ae
commit d16e351
Showing
75 changed files
with
2,704 additions
and
201 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,8 +2,8 @@ | |
| "id": "CVE-2023-41118", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-12T07:15:45.220", | ||
| "lastModified": "2023-12-12T13:43:48.853", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "lastModified": "2023-12-14T17:54:25.937", | ||
| "vulnStatus": "Analyzed", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
|
|
@@ -14,11 +14,95 @@ | |
| "value": "Se descubri\u00f3 un problema en EnterpriseDB Postgres Advanced Server (EPAS) antes de 11.21.32, 12.x antes de 12.16.20, 13.x antes de 13.12.16, 14.x antes de 14.9.0 y 15.x antes de 15.4.0. Puede permitir que un usuario autenticado omita los requisitos de autorizaci\u00f3n y acceda a funciones de implementaci\u00f3n subyacentes. Cuando un superusuario ha configurado ubicaciones de archivos usando CREATE DIRECTORY, estas funciones permiten a los usuarios realizar una amplia gama de acciones, incluidas leer, escribir, copiar, cambiar nombre y eliminar." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 8.8, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 5.9 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "NVD-CWE-noinfo" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", | ||
| "versionEndExcluding": "11.21.32", | ||
| "matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", | ||
| "versionStartIncluding": "12.0.0", | ||
| "versionEndExcluding": "12.16.20", | ||
| "matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", | ||
| "versionStartIncluding": "13.0.0", | ||
| "versionEndExcluding": "13.12.17", | ||
| "matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", | ||
| "versionStartIncluding": "14.0.0", | ||
| "versionEndExcluding": "14.9.0", | ||
| "matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F" | ||
| }, | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*", | ||
| "versionStartIncluding": "15.0.0", | ||
| "versionEndExcluding": "15.4.0", | ||
| "matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://www.enterprisedb.com/docs/security/advisories/cve202341118/", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Vendor Advisory" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,19 +2,79 @@ | |
| "id": "CVE-2023-41623", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-12T09:15:07.520", | ||
| "lastModified": "2023-12-12T13:43:48.853", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "lastModified": "2023-12-14T18:01:27.260", | ||
| "vulnStatus": "Analyzed", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
| "value": "Se descubri\u00f3 que la versi\u00f3n pro2.1.14 de Emlog conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro uid en /admin/media.php." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "HIGH", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 7.2, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 1.2, | ||
| "impactScore": 5.9 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-89" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*", | ||
| "matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41623", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Exploit", | ||
| "Third Party Advisory" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| { | ||
| "id": "CVE-2023-42799", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-14T17:15:07.257", | ||
| "lastModified": "2023-12-14T17:17:50.580", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "REQUIRED", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 8.8, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 5.9 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-120" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/02b7742f4d19631024bd766bd2bb76715780004e", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-r8cf-45f4-vf8m", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| { | ||
| "id": "CVE-2023-42800", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-14T17:15:07.463", | ||
| "lastModified": "2023-12-14T17:17:50.580", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "REQUIRED", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "HIGH", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 8.8, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 5.9 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-120" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/blob/2bb026c763fc18807d7e4a93f918054c488f84e1/src/RtspConnection.c#L796", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/24750d4b748fefa03d09fcfd6d45056faca354e0", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/50c0a51b10ecc5b3415ea78c21d96d679e2288f9", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| { | ||
| "id": "CVE-2023-42801", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2023-12-14T17:15:07.657", | ||
| "lastModified": "2023-12-14T17:17:50.580", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "REQUIRED", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "LOW", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 7.6, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 4.7 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-120" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/blob/c1744de06938b5a5c8897a705be1bc6508dc7580/src/Misc.c#L82-L88", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/b2497a3918a6d79808d9fd0c04734786e70d5954", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/commit/f57bd745b4cbed577ea654fad4701bea4d38b44c", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-f3h8-j898-5h5v", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.