chore: generate CVEs metadata 🤖
parent
1b49085093
commit
3ce477f761
|
@ -2326,6 +2326,7 @@
|
||||||
{"ID":"CVE-2023-47218","Info":{"Name":"QNAP QTS and QuTS Hero - OS Command Injection","Severity":"medium","Description":"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2023/CVE-2023-47218.yaml"}
|
{"ID":"CVE-2023-47218","Info":{"Name":"QNAP QTS and QuTS Hero - OS Command Injection","Severity":"medium","Description":"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2023/CVE-2023-47218.yaml"}
|
||||||
{"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"}
|
{"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"}
|
||||||
{"ID":"CVE-2023-47643","Info":{"Name":"SuiteCRM Unauthenticated Graphql Introspection","Severity":"medium","Description":"Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-47643.yaml"}
|
{"ID":"CVE-2023-47643","Info":{"Name":"SuiteCRM Unauthenticated Graphql Introspection","Severity":"medium","Description":"Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-47643.yaml"}
|
||||||
|
{"ID":"CVE-2023-47684","Info":{"Name":"Essential Grid \u003c= 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin \u003c= 3.1.0 versions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-47684.yaml"}
|
||||||
{"ID":"CVE-2023-48023","Info":{"Name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","Severity":"critical","Description":"The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-48023.yaml"}
|
{"ID":"CVE-2023-48023","Info":{"Name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","Severity":"critical","Description":"The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-48023.yaml"}
|
||||||
{"ID":"CVE-2023-48084","Info":{"Name":"Nagios XI \u003c 5.11.3 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-48084.yaml"}
|
{"ID":"CVE-2023-48084","Info":{"Name":"Nagios XI \u003c 5.11.3 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-48084.yaml"}
|
||||||
{"ID":"CVE-2023-48241","Info":{"Name":"XWiki \u003c 4.10.15 - Information Disclosure","Severity":"high","Description":"The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This can be reproduced by opening \u003cxwiki-server\u003e/xwiki/bin/get/XWiki/SuggestSolrService?outputSyntax=plain\u0026media=json\u0026nb=1000\u0026query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__\u0026input=+ where \u003cxwiki-server\u003e is the URL of the XWiki installation. If this displays any results, the wiki is vulnerable.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-48241.yaml"}
|
{"ID":"CVE-2023-48241","Info":{"Name":"XWiki \u003c 4.10.15 - Information Disclosure","Severity":"high","Description":"The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This can be reproduced by opening \u003cxwiki-server\u003e/xwiki/bin/get/XWiki/SuggestSolrService?outputSyntax=plain\u0026media=json\u0026nb=1000\u0026query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__\u0026input=+ where \u003cxwiki-server\u003e is the URL of the XWiki installation. If this displays any results, the wiki is vulnerable.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-48241.yaml"}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
726970f054c86e6c01c06b453414a818
|
93e69f62c57dac9cbbc021fbc5ab3e98
|
||||||
|
|
Loading…
Reference in New Issue