Advisory Database Sync

github · May 10, 2023 · f276ec9 · f276ec9
1 parent f3d9ba9
commit f276ec9
Show file tree

Hide file tree

Showing 34 changed files with 1,303 additions and 18 deletions.
diff --git a/advisories/unreviewed/2023/05/GHSA-23pf-hqh5-742m/GHSA-23pf-hqh5-742m.json b/advisories/unreviewed/2023/05/GHSA-23pf-hqh5-742m/GHSA-23pf-hqh5-742m.json
@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23pf-hqh5-742m",
+  "modified": "2023-05-10T06:30:28Z",
+  "published": "2023-05-10T06:30:28Z",
+  "aliases": [
+    "CVE-2023-27385"
+  ],
+  "details": "Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27385"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/vu/JVNVU97372625/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-004_en.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2023/05/GHSA-3r96-chfr-mwjp/GHSA-3r96-chfr-mwjp.json b/advisories/unreviewed/2023/05/GHSA-3r96-chfr-mwjp/GHSA-3r96-chfr-mwjp.json
@@ -0,0 +1,50 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r96-chfr-mwjp",
+  "modified": "2023-05-10T06:30:29Z",
+  "published": "2023-05-10T06:30:29Z",
+  "aliases": [
+    "CVE-2023-2617"
+  ],
+  "details": "A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2617"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/opencv/opencv_contrib/pull/3480"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/GZTimeWalker/3ca70a8af2f5830711e9cccc73fb5270"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.228547"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.228547"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2023/05/GHSA-4qvj-3p36-qxpv/GHSA-4qvj-3p36-qxpv.json b/advisories/unreviewed/2023/05/GHSA-4qvj-3p36-qxpv/GHSA-4qvj-3p36-qxpv.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4qvj-3p36-qxpv",
+  "modified": "2023-05-10T06:30:28Z",
+  "published": "2023-05-10T06:30:28Z",
+  "aliases": [
+    "CVE-2023-25072"
+  ],
+  "details": "Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25072"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN40604023/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/archives/73969/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2023/05/GHSA-5fv5-gvx6-w9hh/GHSA-5fv5-gvx6-w9hh.json b/advisories/unreviewed/2023/05/GHSA-5fv5-gvx6-w9hh/GHSA-5fv5-gvx6-w9hh.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5fv5-gvx6-w9hh",
-  "modified": "2023-05-02T21:31:48Z",
+  "modified": "2023-05-10T06:30:26Z",
   "published": "2023-05-02T21:31:48Z",
   "aliases": [
     "CVE-2023-31434"
   ],
   "details": "The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
   ],
   "affected": [
 
@@ -25,7 +28,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-79"
     ],
     "severity": null,
     "github_reviewed": false,

diff --git a/advisories/unreviewed/2023/05/GHSA-6gp6-xj27-g89q/GHSA-6gp6-xj27-g89q.json b/advisories/unreviewed/2023/05/GHSA-6gp6-xj27-g89q/GHSA-6gp6-xj27-g89q.json
@@ -0,0 +1,42 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6gp6-xj27-g89q",
+  "modified": "2023-05-10T06:30:29Z",
+  "published": "2023-05-10T06:30:29Z",
+  "aliases": [
+    "CVE-2023-2614"
+  ],
+  "details": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2023/05/GHSA-6q7w-3rwf-fh47/GHSA-6q7w-3rwf-fh47.json b/advisories/unreviewed/2023/05/GHSA-6q7w-3rwf-fh47/GHSA-6q7w-3rwf-fh47.json
@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6q7w-3rwf-fh47",
+  "modified": "2023-05-10T06:30:28Z",
+  "published": "2023-05-10T06:30:28Z",
+  "aliases": [
+    "CVE-2023-32570"
+  ],
+  "details": "VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32570"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code.videolan.org/videolan/dav1d/-/tags/1.2.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2023/05/GHSA-6vqj-7hpc-pvfj/GHSA-6vqj-7hpc-pvfj.json b/advisories/unreviewed/2023/05/GHSA-6vqj-7hpc-pvfj/GHSA-6vqj-7hpc-pvfj.json
@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6vqj-7hpc-pvfj",
-  "modified": "2023-05-03T21:30:18Z",
+  "modified": "2023-05-10T06:30:27Z",
   "published": "2023-05-03T21:30:18Z",
   "aliases": [
     "CVE-2020-22429"
   ],
   "details": "redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 
@@ -29,7 +32,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-416"
     ],
     "severity": null,
     "github_reviewed": false,

diff --git a/advisories/unreviewed/2023/05/GHSA-8crc-hv97-gjhh/GHSA-8crc-hv97-gjhh.json b/advisories/unreviewed/2023/05/GHSA-8crc-hv97-gjhh/GHSA-8crc-hv97-gjhh.json
@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8crc-hv97-gjhh",
+  "modified": "2023-05-10T06:30:29Z",
+  "published": "2023-05-10T06:30:29Z",
+  "aliases": [
+    "CVE-2023-27888"
+  ],
+  "details": "Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27888"
+    },
+    {
+      "type": "WEB",
+      "url": "https://joruri-pwm.jp/org/docs/2022093000017/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN87559956/"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/unreviewed/2023/05/GHSA-8ffh-r455-9955/GHSA-8ffh-r455-9955.json b/advisories/unreviewed/2023/05/GHSA-8ffh-r455-9955/GHSA-8ffh-r455-9955.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8ffh-r455-9955",
+  "modified": "2023-05-10T06:30:28Z",
+  "published": "2023-05-10T06:30:28Z",
+  "aliases": [
+    "CVE-2023-22361"
+  ],
+  "details": "Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22361"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN40604023/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/archives/73969/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}