-
Notifications
You must be signed in to change notification settings - Fork 320
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f3d9ba9
commit f276ec9
Showing
34 changed files
with
1,303 additions
and
18 deletions.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2023/05/GHSA-23pf-hqh5-742m/GHSA-23pf-hqh5-742m.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-23pf-hqh5-742m", | ||
"modified": "2023-05-10T06:30:28Z", | ||
"published": "2023-05-10T06:30:28Z", | ||
"aliases": [ | ||
"CVE-2023-27385" | ||
], | ||
"details": "Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27385" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://jvn.jp/en/vu/JVNVU97372625/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-004_en.pdf" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": null | ||
} | ||
} |
50 changes: 50 additions & 0 deletions
50
advisories/unreviewed/2023/05/GHSA-3r96-chfr-mwjp/GHSA-3r96-chfr-mwjp.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-3r96-chfr-mwjp", | ||
"modified": "2023-05-10T06:30:29Z", | ||
"published": "2023-05-10T06:30:29Z", | ||
"aliases": [ | ||
"CVE-2023-2617" | ||
], | ||
"details": "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2617" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/opencv/opencv_contrib/pull/3480" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://vuldb.com/?ctiid.228547" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://vuldb.com/?id.228547" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-476" | ||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": null | ||
} | ||
} |
55 changes: 55 additions & 0 deletions
55
advisories/unreviewed/2023/05/GHSA-4qvj-3p36-qxpv/GHSA-4qvj-3p36-qxpv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-4qvj-3p36-qxpv", | ||
"modified": "2023-05-10T06:30:28Z", | ||
"published": "2023-05-10T06:30:28Z", | ||
"aliases": [ | ||
"CVE-2023-25072" | ||
], | ||
"details": "Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25072" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://jvn.jp/en/jp/JVN40604023/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/archives/73969/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": null | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2023/05/GHSA-6gp6-xj27-g89q/GHSA-6gp6-xj27-g89q.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-6gp6-xj27-g89q", | ||
"modified": "2023-05-10T06:30:29Z", | ||
"published": "2023-05-10T06:30:29Z", | ||
"aliases": [ | ||
"CVE-2023-2614" | ||
], | ||
"details": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" | ||
} | ||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-79" | ||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": null | ||
} | ||
} |
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2023/05/GHSA-6q7w-3rwf-fh47/GHSA-6q7w-3rwf-fh47.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-6q7w-3rwf-fh47", | ||
"modified": "2023-05-10T06:30:28Z", | ||
"published": "2023-05-10T06:30:28Z", | ||
"aliases": [ | ||
"CVE-2023-32570" | ||
], | ||
"details": "VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32570" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://code.videolan.org/videolan/dav1d/-/tags/1.2.0" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": null | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
advisories/unreviewed/2023/05/GHSA-8crc-hv97-gjhh/GHSA-8crc-hv97-gjhh.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-8crc-hv97-gjhh", | ||
"modified": "2023-05-10T06:30:29Z", | ||
"published": "2023-05-10T06:30:29Z", | ||
"aliases": [ | ||
"CVE-2023-27888" | ||
], | ||
"details": "Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27888" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://joruri-pwm.jp/org/docs/2022093000017/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://jvn.jp/en/jp/JVN87559956/" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": null | ||
} | ||
} |
55 changes: 55 additions & 0 deletions
55
advisories/unreviewed/2023/05/GHSA-8ffh-r455-9955/GHSA-8ffh-r455-9955.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-8ffh-r455-9955", | ||
"modified": "2023-05-10T06:30:28Z", | ||
"published": "2023-05-10T06:30:28Z", | ||
"aliases": [ | ||
"CVE-2023-22361" | ||
], | ||
"details": "Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.", | ||
"severity": [ | ||
|
||
], | ||
"affected": [ | ||
|
||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22361" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://jvn.jp/en/jp/JVN40604023/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/archives/73969/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
|
||
], | ||
"severity": null, | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": null | ||
} | ||
} |
Oops, something went wrong.