From 07d8878f21a79d8fb3f54504249ee615c69bd39e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 May 2023 14:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0459.json | 84 +++++++++++++++++++++++-- 2023/22xxx/CVE-2023-22504.json | 110 +++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2480.json | 105 +++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2798.json | 88 ++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2851.json | 101 ++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2889.json | 18 ++++++ 2023/33xxx/CVE-2023-33355.json | 56 +++++++++++++++-- 2023/33xxx/CVE-2023-33356.json | 56 +++++++++++++++-- 8 files changed, 586 insertions(+), 32 deletions(-) create mode 100644 2023/2xxx/CVE-2023-2889.json diff --git a/2023/0xxx/CVE-2023-0459.json b/2023/0xxx/CVE-2023-0459.json index 43e9c41e619..8c2883cdd64 100644 --- a/2023/0xxx/CVE-2023-0459.json +++ b/2023/0xxx/CVE-2023-0459.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0459", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-763 Release of Invalid Pointer or Reference", + "cweId": "CWE-763" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux Kernel", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4b842e4e25b12951fa10dedb4bc16bc47e3b850c", + "version_value": "74e19ef0ff8061ef55957c3abd71614ef0f42f47" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c" + }, + { + "url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/22xxx/CVE-2023-22504.json b/2023/22xxx/CVE-2023-22504.json index c1abfc39dc6..54613aceaef 100644 --- a/2023/22xxx/CVE-2023-22504.json +++ b/2023/22xxx/CVE-2023-22504.json @@ -1,17 +1,119 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@atlassian.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.\n\nThe affected versions are before version 7.19.9.\n\nThis vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlassian", + "product": { + "product_data": [ + { + "product_name": "Confluence Data Center", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "< 7.19.8", + "status": "unaffected" + }, + { + "version": ">= 7.19.8", + "status": "affected" + }, + { + "version": ">= 7.19.9", + "status": "unaffected" + } + ] + } + } + ] + } + }, + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "< 7.19.8", + "status": "unaffected" + }, + { + "version": ">= 7.19.8", + "status": "affected" + }, + { + "version": ">= 7.19.9", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-83218", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CONFSERVER-83218" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team." + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/2xxx/CVE-2023-2480.json b/2023/2xxx/CVE-2023-2480.json index 671eb077b2a..dde91f7fd5a 100644 --- a/2023/2xxx/CVE-2023-2480.json +++ b/2023/2xxx/CVE-2023-2480.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2480", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@m-files.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "M-Files", + "product": { + "product_data": [ + { + "product_name": "M-Files Client", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "23.5.12598.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480/", + "refsource": "MISC", + "name": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Not exploited" + } + ], + "value": "Not exploited" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to patched versions." + } + ], + "value": "Upgrade to patched versions." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2798.json b/2023/2xxx/CVE-2023-2798.json index bce52c31d40..d8455f83850 100644 --- a/2023/2xxx/CVE-2023-2798.json +++ b/2023/2xxx/CVE-2023-2798.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd", + "refsource": "MISC", + "name": "https://github.com/HtmlUnit/htmlunit/commit/940dc7fd" + }, + { + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "OSS-Fuzz" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2851.json b/2023/2xxx/CVE-2023-2851.json index 08fbaca9428..13fd983ad95 100644 --- a/2023/2xxx/CVE-2023-2851.json +++ b/2023/2xxx/CVE-2023-2851.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AGT Tech", + "product": { + "product_data": [ + { + "product_name": "Ceppatron", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0294", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0294" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0294", + "defect": [ + "TR-23-0294" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The software is End-of-Support. \u0131t is recommended not to use Ceppatron." + } + ], + "value": "The software is End-of-Support. \u0131t is recommended not to use Ceppatron." + } + ], + "credits": [ + { + "lang": "en", + "value": "Omer Fatih YEGIN" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2889.json b/2023/2xxx/CVE-2023-2889.json new file mode 100644 index 00000000000..f60b03726e0 --- /dev/null +++ b/2023/2xxx/CVE-2023-2889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/33xxx/CVE-2023-33355.json b/2023/33xxx/CVE-2023-33355.json index 5d285a83221..709ec67e9bd 100644 --- a/2023/33xxx/CVE-2023-33355.json +++ b/2023/33xxx/CVE-2023-33355.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33355", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33355", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Thecosy/IceCMS/issues/7", + "refsource": "MISC", + "name": "https://github.com/Thecosy/IceCMS/issues/7" } ] } diff --git a/2023/33xxx/CVE-2023-33356.json b/2023/33xxx/CVE-2023-33356.json index cd493b6dc46..ac9c488ab9b 100644 --- a/2023/33xxx/CVE-2023-33356.json +++ b/2023/33xxx/CVE-2023-33356.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33356", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33356", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Thecosy/IceCMS/issues/8", + "refsource": "MISC", + "name": "https://github.com/Thecosy/IceCMS/issues/8" } ] }