diff --git a/2019/19xxx/CVE-2019-19907.json b/2019/19xxx/CVE-2019-19907.json index c29ca39a1fa..b232a3d0121 100644 --- a/2019/19xxx/CVE-2019-19907.json +++ b/2019/19xxx/CVE-2019-19907.json @@ -61,6 +61,11 @@ "url": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/RELNOTES.txt", "refsource": "MISC", "name": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/RELNOTES.txt" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230306 [SECURITY] [DLA 3354-1] kopanocore security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00006.html" } ] } diff --git a/2022/26xxx/CVE-2022-26562.json b/2022/26xxx/CVE-2022-26562.json index ebe11a3d372..c8f514cbfe3 100644 --- a/2022/26xxx/CVE-2022-26562.json +++ b/2022/26xxx/CVE-2022-26562.json @@ -61,6 +61,11 @@ "url": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/provider/libserver/ECKrbAuth.cpp#137", "refsource": "MISC", "name": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/provider/libserver/ECKrbAuth.cpp#137" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230306 [SECURITY] [DLA 3354-1] kopanocore security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00006.html" } ] } diff --git a/2023/1xxx/CVE-2023-1204.json b/2023/1xxx/CVE-2023-1204.json new file mode 100644 index 00000000000..491b5b68b36 --- /dev/null +++ b/2023/1xxx/CVE-2023-1204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1205.json b/2023/1xxx/CVE-2023-1205.json new file mode 100644 index 00000000000..8b31ae3c724 --- /dev/null +++ b/2023/1xxx/CVE-2023-1205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20937.json b/2023/20xxx/CVE-2023-20937.json index 6fb4ca880b1..48bb9a9f1de 100644 --- a/2023/20xxx/CVE-2023-20937.json +++ b/2023/20xxx/CVE-2023-20937.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2023-02-01", "url": "https://source.android.com/security/bulletin/2023-02-01" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/171239/Android-GKI-Kernels-Contain-Broken-Non-Upstream-Speculative-Page-Faults-MM-Code.html", + "url": "http://packetstormsecurity.com/files/171239/Android-GKI-Kernels-Contain-Broken-Non-Upstream-Speculative-Page-Faults-MM-Code.html" } ] }, diff --git a/2023/25xxx/CVE-2023-25304.json b/2023/25xxx/CVE-2023-25304.json index 4cb4dddd05c..fd9ae7ee779 100644 --- a/2023/25xxx/CVE-2023-25304.json +++ b/2023/25xxx/CVE-2023-25304.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-25304", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-25304", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prism Launcher <= 6.1 is vulnerable to Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/PrismLauncher/PrismLauncher/security/advisories/GHSA-wxgx-8v36-mj2m", + "refsource": "MISC", + "name": "https://github.com/PrismLauncher/PrismLauncher/security/advisories/GHSA-wxgx-8v36-mj2m" } ] } diff --git a/2023/27xxx/CVE-2023-27474.json b/2023/27xxx/CVE-2023-27474.json index fe51e005628..3747c04913d 100644 --- a/2023/27xxx/CVE-2023-27474.json +++ b/2023/27xxx/CVE-2023-27474.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "directus", + "product": { + "product_data": [ + { + "product_name": "directus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 9.23.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6", + "refsource": "MISC", + "name": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6" + }, + { + "url": "https://github.com/directus/directus/issues/17119", + "refsource": "MISC", + "name": "https://github.com/directus/directus/issues/17119" + }, + { + "url": "https://github.com/directus/directus/pull/17120", + "refsource": "MISC", + "name": "https://github.com/directus/directus/pull/17120" + } + ] + }, + "source": { + "advisory": "GHSA-4hmq-ggrm-qfc6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } ] }