From 047537ab064ea206cf15972e11cd08a74f1ce21a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 31 Aug 2023 19:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/40xxx/CVE-2022-40214.json | 8 ++-- 2023/1xxx/CVE-2023-1386.json | 5 ++ 2023/26xxx/CVE-2023-26045.json | 5 ++ 2023/29xxx/CVE-2023-29407.json | 5 ++ 2023/29xxx/CVE-2023-29408.json | 5 ++ 2023/29xxx/CVE-2023-29409.json | 5 ++ 2023/35xxx/CVE-2023-35009.json | 5 ++ 2023/36xxx/CVE-2023-36119.json | 68 +++------------------------ 2023/37xxx/CVE-2023-37466.json | 5 ++ 2023/37xxx/CVE-2023-37903.json | 5 ++ 2023/38xxx/CVE-2023-38428.json | 5 ++ 2023/38xxx/CVE-2023-38430.json | 5 ++ 2023/38xxx/CVE-2023-38432.json | 5 ++ 2023/38xxx/CVE-2023-38633.json | 5 ++ 2023/3xxx/CVE-2023-3019.json | 5 ++ 2023/3xxx/CVE-2023-3180.json | 5 ++ 2023/3xxx/CVE-2023-3494.json | 5 ++ 2023/3xxx/CVE-2023-3896.json | 5 ++ 2023/40xxx/CVE-2023-40589.json | 85 ++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4009.json | 5 ++ 20 files changed, 177 insertions(+), 69 deletions(-) diff --git a/2022/40xxx/CVE-2022-40214.json b/2022/40xxx/CVE-2022-40214.json index 20757d1b4ce..07d265a008a 100644 --- a/2022/40xxx/CVE-2022-40214.json +++ b/2022/40xxx/CVE-2022-40214.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2022. Notes: none." } ] } diff --git a/2023/1xxx/CVE-2023-1386.json b/2023/1xxx/CVE-2023-1386.json index e03bf20ff0f..539477936cd 100644 --- a/2023/1xxx/CVE-2023-1386.json +++ b/2023/1xxx/CVE-2023-1386.json @@ -176,6 +176,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0005/" } ] }, diff --git a/2023/26xxx/CVE-2023-26045.json b/2023/26xxx/CVE-2023-26045.json index c999d834ce0..d7af3e14b77 100644 --- a/2023/26xxx/CVE-2023-26045.json +++ b/2023/26xxx/CVE-2023-26045.json @@ -63,6 +63,11 @@ "url": "https://github.com/NodeBB/NodeBB/commit/ec58700f6dff8e5b4af1544f6205ec362b593092", "refsource": "MISC", "name": "https://github.com/NodeBB/NodeBB/commit/ec58700f6dff8e5b4af1544f6205ec362b593092" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0004/" } ] }, diff --git a/2023/29xxx/CVE-2023-29407.json b/2023/29xxx/CVE-2023-29407.json index 8fe7c8c2ab7..ff9b888f836 100644 --- a/2023/29xxx/CVE-2023-29407.json +++ b/2023/29xxx/CVE-2023-29407.json @@ -68,6 +68,11 @@ "url": "https://pkg.go.dev/vuln/GO-2023-1990", "refsource": "MISC", "name": "https://pkg.go.dev/vuln/GO-2023-1990" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0009/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0009/" } ] }, diff --git a/2023/29xxx/CVE-2023-29408.json b/2023/29xxx/CVE-2023-29408.json index 5fa0ec79a2b..2842b2aa671 100644 --- a/2023/29xxx/CVE-2023-29408.json +++ b/2023/29xxx/CVE-2023-29408.json @@ -68,6 +68,11 @@ "url": "https://pkg.go.dev/vuln/GO-2023-1989", "refsource": "MISC", "name": "https://pkg.go.dev/vuln/GO-2023-1989" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0009/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0009/" } ] }, diff --git a/2023/29xxx/CVE-2023-29409.json b/2023/29xxx/CVE-2023-29409.json index 2398e646d26..9e43997d5ee 100644 --- a/2023/29xxx/CVE-2023-29409.json +++ b/2023/29xxx/CVE-2023-29409.json @@ -83,6 +83,11 @@ "url": "https://pkg.go.dev/vuln/GO-2023-1987", "refsource": "MISC", "name": "https://pkg.go.dev/vuln/GO-2023-1987" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0010/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0010/" } ] }, diff --git a/2023/35xxx/CVE-2023-35009.json b/2023/35xxx/CVE-2023-35009.json index d609c1e24bc..5c12cbaa141 100644 --- a/2023/35xxx/CVE-2023-35009.json +++ b/2023/35xxx/CVE-2023-35009.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257703", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257703" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0014/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0014/" } ] }, diff --git a/2023/36xxx/CVE-2023-36119.json b/2023/36xxx/CVE-2023-36119.json index f4751e74335..e1bb935f7e7 100644 --- a/2023/36xxx/CVE-2023-36119.json +++ b/2023/36xxx/CVE-2023-36119.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2023-36119", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-36119", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "File upload vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 allows a remote attacker to execute arbitrary code via a crafted php file to the \\osghs\\admin\\images file." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md", - "refsource": "MISC", - "name": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md" - }, - { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0527", - "refsource": "MISC", - "name": "https://nvd.nist.gov/vuln/detail/CVE-2023-0527" - }, - { - "refsource": "CONFIRM", - "name": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md", - "url": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md" + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/37xxx/CVE-2023-37466.json b/2023/37xxx/CVE-2023-37466.json index 59590bf051f..0cf80fe3117 100644 --- a/2023/37xxx/CVE-2023-37466.json +++ b/2023/37xxx/CVE-2023-37466.json @@ -58,6 +58,11 @@ "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5", "refsource": "MISC", "name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0007/" } ] }, diff --git a/2023/37xxx/CVE-2023-37903.json b/2023/37xxx/CVE-2023-37903.json index 9a85f636d5d..9ca88fd0c6f 100644 --- a/2023/37xxx/CVE-2023-37903.json +++ b/2023/37xxx/CVE-2023-37903.json @@ -58,6 +58,11 @@ "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4", "refsource": "MISC", "name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0007/" } ] }, diff --git a/2023/38xxx/CVE-2023-38428.json b/2023/38xxx/CVE-2023-38428.json index e0d12645dab..b14ec7f6033 100644 --- a/2023/38xxx/CVE-2023-38428.json +++ b/2023/38xxx/CVE-2023-38428.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230831-0001/", + "url": "https://security.netapp.com/advisory/ntap-20230831-0001/" } ] } diff --git a/2023/38xxx/CVE-2023-38430.json b/2023/38xxx/CVE-2023-38430.json index 81c6e2ca24f..6a9c08073ca 100644 --- a/2023/38xxx/CVE-2023-38430.json +++ b/2023/38xxx/CVE-2023-38430.json @@ -61,6 +61,11 @@ "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9", "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230831-0003/", + "url": "https://security.netapp.com/advisory/ntap-20230831-0003/" } ] } diff --git a/2023/38xxx/CVE-2023-38432.json b/2023/38xxx/CVE-2023-38432.json index 7c06196bc74..534f36ffb13 100644 --- a/2023/38xxx/CVE-2023-38432.json +++ b/2023/38xxx/CVE-2023-38432.json @@ -61,6 +61,11 @@ "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10", "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230831-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230831-0002/" } ] } diff --git a/2023/38xxx/CVE-2023-38633.json b/2023/38xxx/CVE-2023-38633.json index 4d8a521d4ec..0ef69153912 100644 --- a/2023/38xxx/CVE-2023-38633.json +++ b/2023/38xxx/CVE-2023-38633.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-5484", "url": "https://www.debian.org/security/2023/dsa-5484" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230831-0011/", + "url": "https://security.netapp.com/advisory/ntap-20230831-0011/" } ] } diff --git a/2023/3xxx/CVE-2023-3019.json b/2023/3xxx/CVE-2023-3019.json index 134546b5b2f..07d42beaf32 100644 --- a/2023/3xxx/CVE-2023-3019.json +++ b/2023/3xxx/CVE-2023-3019.json @@ -176,6 +176,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0005/" } ] }, diff --git a/2023/3xxx/CVE-2023-3180.json b/2023/3xxx/CVE-2023-3180.json index 9546efaa193..0ab9d14f2cf 100644 --- a/2023/3xxx/CVE-2023-3180.json +++ b/2023/3xxx/CVE-2023-3180.json @@ -181,6 +181,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0008/" } ] }, diff --git a/2023/3xxx/CVE-2023-3494.json b/2023/3xxx/CVE-2023-3494.json index b09065b7712..6a591165e5e 100644 --- a/2023/3xxx/CVE-2023-3494.json +++ b/2023/3xxx/CVE-2023-3494.json @@ -64,6 +64,11 @@ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc", "refsource": "MISC", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0006/" } ] }, diff --git a/2023/3xxx/CVE-2023-3896.json b/2023/3xxx/CVE-2023-3896.json index b5b83eb3544..a6124464f62 100644 --- a/2023/3xxx/CVE-2023-3896.json +++ b/2023/3xxx/CVE-2023-3896.json @@ -64,6 +64,11 @@ "url": "https://github.com/vim/vim/pull/12540", "refsource": "MISC", "name": "https://github.com/vim/vim/pull/12540" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0012/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0012/" } ] }, diff --git a/2023/40xxx/CVE-2023-40589.json b/2023/40xxx/CVE-2023-40589.json index a94a3af5497..5b1aab656fb 100644 --- a/2023/40xxx/CVE-2023-40589.json +++ b/2023/40xxx/CVE-2023-40589.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeRDP", + "product": { + "product_data": [ + { + "product_name": "FreeRDP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.11.0" + }, + { + "version_affected": "=", + "version_value": ">= 3.0.0-beta1, < 3.0.0-beta3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x" + }, + { + "url": "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416", + "refsource": "MISC", + "name": "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416" + } + ] + }, + "source": { + "advisory": "GHSA-gc34-mw6m-g42x", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4009.json b/2023/4xxx/CVE-2023-4009.json index 71e8891a8f7..b95d9b11635 100644 --- a/2023/4xxx/CVE-2023-4009.json +++ b/2023/4xxx/CVE-2023-4009.json @@ -69,6 +69,11 @@ "url": "https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22", "refsource": "MISC", "name": "https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230831-0013/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230831-0013/" } ] },