From 072b58d7cb5871c7c4e7ba32b9e78aabca26090c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 20 Apr 2023 21:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/36xxx/CVE-2021-36436.json | 56 +++++++++++++++++++++--- 2023/1xxx/CVE-2023-1255.json | 5 +++ 2023/20xxx/CVE-2023-20864.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20865.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20873.json | 50 +++++++++++++++++++-- 2023/28xxx/CVE-2023-28458.json | 71 +++++++++++++++++++++++++++--- 2023/28xxx/CVE-2023-28459.json | 71 +++++++++++++++++++++++++++--- 2023/2xxx/CVE-2023-2131.json | 80 ++++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2176.json | 50 +++++++++++++++++++-- 2023/2xxx/CVE-2023-2177.json | 50 +++++++++++++++++++-- 2023/2xxx/CVE-2023-2194.json | 55 +++++++++++++++++++++-- 2023/2xxx/CVE-2023-2198.json | 18 ++++++++ 2023/2xxx/CVE-2023-2199.json | 18 ++++++++ 13 files changed, 584 insertions(+), 40 deletions(-) create mode 100644 2023/2xxx/CVE-2023-2198.json create mode 100644 2023/2xxx/CVE-2023-2199.json diff --git a/2021/36xxx/CVE-2021-36436.json b/2021/36xxx/CVE-2021-36436.json index 942ae35d837..424ee9a41d0 100644 --- a/2021/36xxx/CVE-2021-36436.json +++ b/2021/36xxx/CVE-2021-36436.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36436", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36436", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Laransec/Mobicint", + "refsource": "MISC", + "name": "https://github.com/Laransec/Mobicint" } ] } diff --git a/2023/1xxx/CVE-2023-1255.json b/2023/1xxx/CVE-2023-1255.json index 4a264f192a6..ab576c2972f 100644 --- a/2023/1xxx/CVE-2023-1255.json +++ b/2023/1xxx/CVE-2023-1255.json @@ -73,6 +73,11 @@ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", "refsource": "MISC", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/04/20/13", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/04/20/13" } ] }, diff --git a/2023/20xxx/CVE-2023-20864.json b/2023/20xxx/CVE-2023-20864.json index 0d8c14edd72..482a393575c 100644 --- a/2023/20xxx/CVE-2023-20864.json +++ b/2023/20xxx/CVE-2023-20864.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Aria Operations for Logs (formerly vRealize Log Insight)", + "version": { + "version_data": [ + { + "version_value": "VMware Aria Operations for Logs (formerly vRealize Log Insight) 8.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware Aria Operations for Logs contains a deserialization vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0007.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0007.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root." } ] } diff --git a/2023/20xxx/CVE-2023-20865.json b/2023/20xxx/CVE-2023-20865.json index 9c4db901a1e..0f2c74ba795 100644 --- a/2023/20xxx/CVE-2023-20865.json +++ b/2023/20xxx/CVE-2023-20865.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Aria Operations for Logs (formerly vRealize Log Insight)", + "version": { + "version_data": [ + { + "version_value": "VMware Aria Operations for Logs (formerly vRealize Log Insight) prior to 8.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware Aria Operations for Logs contains a command injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0007.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0007.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root." } ] } diff --git a/2023/20xxx/CVE-2023-20873.json b/2023/20xxx/CVE-2023-20873.json index 7f32df27e1f..9194d196a40 100644 --- a/2023/20xxx/CVE-2023-20873.json +++ b/2023/20xxx/CVE-2023-20873.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Boot", + "version": { + "version_data": [ + { + "version_value": "Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass with Spring Boot when deployed to Cloud Foundry" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://spring.io/security/cve-2023-20873", + "url": "https://spring.io/security/cve-2023-20873" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+." } ] } diff --git a/2023/28xxx/CVE-2023-28458.json b/2023/28xxx/CVE-2023-28458.json index 477225c6f44..f2328b8e60a 100644 --- a/2023/28xxx/CVE-2023-28458.json +++ b/2023/28xxx/CVE-2023-28458.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-28458", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-28458", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pretalx.com/p/news/security-release-232/", + "refsource": "MISC", + "name": "https://pretalx.com/p/news/security-release-232/" + }, + { + "url": "https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890", + "refsource": "MISC", + "name": "https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890" + }, + { + "url": "https://github.com/pretalx/pretalx/releases/tag/v2.3.2", + "refsource": "MISC", + "name": "https://github.com/pretalx/pretalx/releases/tag/v2.3.2" + }, + { + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/", + "url": "https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/" } ] } diff --git a/2023/28xxx/CVE-2023-28459.json b/2023/28xxx/CVE-2023-28459.json index 2d18aab8744..b371a188d82 100644 --- a/2023/28xxx/CVE-2023-28459.json +++ b/2023/28xxx/CVE-2023-28459.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-28459", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-28459", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pretalx.com/p/news/security-release-232/", + "refsource": "MISC", + "name": "https://pretalx.com/p/news/security-release-232/" + }, + { + "url": "https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890", + "refsource": "MISC", + "name": "https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890" + }, + { + "url": "https://github.com/pretalx/pretalx/releases/tag/v2.3.2", + "refsource": "MISC", + "name": "https://github.com/pretalx/pretalx/releases/tag/v2.3.2" + }, + { + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/", + "url": "https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/" } ] } diff --git a/2023/2xxx/CVE-2023-2131.json b/2023/2xxx/CVE-2023-2131.json index 4b52986ec53..7b99d0b9efa 100644 --- a/2023/2xxx/CVE-2023-2131.json +++ b/2023/2xxx/CVE-2023-2131.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "INEA", + "product": { + "product_data": [ + { + "product_name": "ME RTU", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.36" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-110-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-110-01" + } + ] + }, + "generator": { + "engine": "VINCE 2.0.7", + "env": "prod", + "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-2131" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/2xxx/CVE-2023-2176.json b/2023/2xxx/CVE-2023-2176.json index 63b46d0b5c4..54afc415cb7 100644 --- a/2023/2xxx/CVE-2023-2176.json +++ b/2023/2xxx/CVE-2023-2176.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux 6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.spinics.net/lists/linux-rdma/msg114749.html", + "url": "https://www.spinics.net/lists/linux-rdma/msg114749.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege." } ] } diff --git a/2023/2xxx/CVE-2023-2177.json b/2023/2xxx/CVE-2023-2177.json index 76127d1e2a3..df56a916add 100644 --- a/2023/2xxx/CVE-2023-2177.json +++ b/2023/2xxx/CVE-2023-2177.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_value": "Linux Kernel prior to Kernel 5.19 RC17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service." } ] } diff --git a/2023/2xxx/CVE-2023-2194.json b/2023/2xxx/CVE-2023-2194.json index 40f23d52d00..f292f9ae1c3 100644 --- a/2023/2xxx/CVE-2023-2194.json +++ b/2023/2xxx/CVE-2023-2194.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Linux kernel: i2c: xgene-slimpro", + "version": { + "version_data": [ + { + "version_value": "Fixed in kernel v6.3-rc4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2188396", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188396" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/92fbb6d1296f", + "url": "https://github.com/torvalds/linux/commit/92fbb6d1296f" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace \"data->block[0]\" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution." } ] } diff --git a/2023/2xxx/CVE-2023-2198.json b/2023/2xxx/CVE-2023-2198.json new file mode 100644 index 00000000000..2c8a80d2d5b --- /dev/null +++ b/2023/2xxx/CVE-2023-2198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2199.json b/2023/2xxx/CVE-2023-2199.json new file mode 100644 index 00000000000..b16ca5c6fc2 --- /dev/null +++ b/2023/2xxx/CVE-2023-2199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file