From 0a3fae60e600078bf7897005b6c97258e257b290 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Sep 2023 19:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/19xxx/CVE-2020-19319.json | 56 +++++++++++++-- 2020/19xxx/CVE-2020-19320.json | 61 ++++++++++++++-- 2020/19xxx/CVE-2020-19323.json | 61 ++++++++++++++-- 2020/19xxx/CVE-2020-19559.json | 56 +++++++++++++-- 2022/31xxx/CVE-2022-31704.json | 5 ++ 2022/31xxx/CVE-2022-31706.json | 5 ++ 2022/31xxx/CVE-2022-31711.json | 5 ++ 2023/31xxx/CVE-2023-31067.json | 61 ++++++++++++++-- 2023/31xxx/CVE-2023-31068.json | 61 ++++++++++++++-- 2023/31xxx/CVE-2023-31069.json | 61 ++++++++++++++-- 2023/31xxx/CVE-2023-31248.json | 5 ++ 2023/31xxx/CVE-2023-31468.json | 61 ++++++++++++++-- 2023/32xxx/CVE-2023-32629.json | 5 ++ 2023/32xxx/CVE-2023-32707.json | 5 ++ 2023/35xxx/CVE-2023-35001.json | 5 ++ 2023/35xxx/CVE-2023-35785.json | 2 +- 2023/35xxx/CVE-2023-35788.json | 5 ++ 2023/38xxx/CVE-2023-38743.json | 56 +++++++++++++-- 2023/38xxx/CVE-2023-38829.json | 56 +++++++++++++-- 2023/39xxx/CVE-2023-39063.json | 56 +++++++++++++-- 2023/39xxx/CVE-2023-39068.json | 56 +++++++++++++-- 2023/39xxx/CVE-2023-39070.json | 56 +++++++++++++-- 2023/39xxx/CVE-2023-39780.json | 81 +++++++++++++++++++-- 2023/3xxx/CVE-2023-3090.json | 5 ++ 2023/3xxx/CVE-2023-3389.json | 5 ++ 2023/3xxx/CVE-2023-3390.json | 5 ++ 2023/40xxx/CVE-2023-40032.json | 86 +++++++++++++++++++++-- 2023/41xxx/CVE-2023-41064.json | 15 ++++ 2023/41xxx/CVE-2023-41103.json | 61 ++++++++++++++-- 2023/41xxx/CVE-2023-41256.json | 125 +++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4597.json | 5 ++ 2023/4xxx/CVE-2023-4807.json | 5 ++ 2023/4xxx/CVE-2023-4896.json | 18 +++++ 33 files changed, 1112 insertions(+), 99 deletions(-) create mode 100644 2023/4xxx/CVE-2023-4896.json diff --git a/2020/19xxx/CVE-2020-19319.json b/2020/19xxx/CVE-2020-19319.json index 918e5a2c1f2..b2820833341 100644 --- a/2020/19xxx/CVE-2020-19319.json +++ b/2020/19xxx/CVE-2020-19319.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19319", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19319", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hhhhu8045759/dir_619l-buffer-overflow", + "refsource": "MISC", + "name": "https://github.com/hhhhu8045759/dir_619l-buffer-overflow" } ] } diff --git a/2020/19xxx/CVE-2020-19320.json b/2020/19xxx/CVE-2020-19320.json index c6b6eb132a6..85653c7d971 100644 --- a/2020/19xxx/CVE-2020-19320.json +++ b/2020/19xxx/CVE-2020-19320.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19320", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19320", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/hhhhu8045759/dlink-619l-buffer_overflow", + "refsource": "MISC", + "name": "https://github.com/hhhhu8045759/dlink-619l-buffer_overflow" } ] } diff --git a/2020/19xxx/CVE-2020-19323.json b/2020/19xxx/CVE-2020-19323.json index 81424110602..89ed260d874 100644 --- a/2020/19xxx/CVE-2020-19323.json +++ b/2020/19xxx/CVE-2020-19323.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19323", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19323", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/hhhhu8045759/619L_upnpd_heapoverflow", + "refsource": "MISC", + "name": "https://github.com/hhhhu8045759/619L_upnpd_heapoverflow" } ] } diff --git a/2020/19xxx/CVE-2020-19559.json b/2020/19xxx/CVE-2020-19559.json index 026dbd975fe..1ba7e99d627 100644 --- a/2020/19xxx/CVE-2020-19559.json +++ b/2020/19xxx/CVE-2020-19559.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19559", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19559", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9", + "refsource": "MISC", + "name": "https://medium.com/nightst0rm/t%E1%BA%A3n-m%E1%BA%A1n-v%E1%BB%81-l%E1%BB%97-h%E1%BB%95ng-trong-atm-diebold-f1040a70f2c9" } ] } diff --git a/2022/31xxx/CVE-2022-31704.json b/2022/31xxx/CVE-2022-31704.json index 9e3f4d2b18c..b3f9604c8d4 100644 --- a/2022/31xxx/CVE-2022-31704.json +++ b/2022/31xxx/CVE-2022-31704.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", "url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html" } ] }, diff --git a/2022/31xxx/CVE-2022-31706.json b/2022/31xxx/CVE-2022-31706.json index b12c1289d1c..e6e325c38af 100644 --- a/2022/31xxx/CVE-2022-31706.json +++ b/2022/31xxx/CVE-2022-31706.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", "url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html" } ] }, diff --git a/2022/31xxx/CVE-2022-31711.json b/2022/31xxx/CVE-2022-31711.json index f958ed20ec4..cfdf3add6da 100644 --- a/2022/31xxx/CVE-2022-31711.json +++ b/2022/31xxx/CVE-2022-31711.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html", "url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html" } ] }, diff --git a/2023/31xxx/CVE-2023-31067.json b/2023/31xxx/CVE-2023-31067.json index ec6031ac948..c4e295f6e37 100644 --- a/2023/31xxx/CVE-2023-31067.json +++ b/2023/31xxx/CVE-2023-31067.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31067", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\Clients\\www." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html", + "url": "http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51679", + "url": "https://www.exploit-db.com/exploits/51679" } ] } diff --git a/2023/31xxx/CVE-2023-31068.json b/2023/31xxx/CVE-2023-31068.json index dbe68b8ddf8..e9afad5aaea 100644 --- a/2023/31xxx/CVE-2023-31068.json +++ b/2023/31xxx/CVE-2023-31068.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31068", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\UserDesktop\\themes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html", + "url": "http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51680", + "url": "https://www.exploit-db.com/exploits/51680" } ] } diff --git a/2023/31xxx/CVE-2023-31069.json b/2023/31xxx/CVE-2023-31069.json index 6a851aeebfc..cae4a198bd1 100644 --- a/2023/31xxx/CVE-2023-31069.json +++ b/2023/31xxx/CVE-2023-31069.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174271/TSPlus-16.0.0.0-Insecure-Credential-Storage.html", + "url": "http://packetstormsecurity.com/files/174271/TSPlus-16.0.0.0-Insecure-Credential-Storage.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51681", + "url": "https://www.exploit-db.com/exploits/51681" } ] } diff --git a/2023/31xxx/CVE-2023-31248.json b/2023/31xxx/CVE-2023-31248.json index c4f28dfd082..7edfdf57348 100644 --- a/2023/31xxx/CVE-2023-31248.json +++ b/2023/31xxx/CVE-2023-31248.json @@ -93,6 +93,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" + }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" } ] }, diff --git a/2023/31xxx/CVE-2023-31468.json b/2023/31xxx/CVE-2023-31468.json index b871f79139f..d6c994cbbdb 100644 --- a/2023/31xxx/CVE-2023-31468.json +++ b/2023/31xxx/CVE-2023-31468.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31468", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31468", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The \"%PROGRAMFILES(X86)%\\INOSOFT GmbH\" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51682", + "url": "https://www.exploit-db.com/exploits/51682" } ] } diff --git a/2023/32xxx/CVE-2023-32629.json b/2023/32xxx/CVE-2023-32629.json index 801b4036018..4b95383cc27 100644 --- a/2023/32xxx/CVE-2023-32629.json +++ b/2023/32xxx/CVE-2023-32629.json @@ -95,6 +95,11 @@ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629", "refsource": "MISC", "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629" + }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" } ] }, diff --git a/2023/32xxx/CVE-2023-32707.json b/2023/32xxx/CVE-2023-32707.json index b4a19ad0031..90536339c1b 100644 --- a/2023/32xxx/CVE-2023-32707.json +++ b/2023/32xxx/CVE-2023-32707.json @@ -86,6 +86,11 @@ "url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", "refsource": "MISC", "name": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/" + }, + { + "url": "http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html" } ] }, diff --git a/2023/35xxx/CVE-2023-35001.json b/2023/35xxx/CVE-2023-35001.json index 9f015d3d5fc..2aa994da658 100644 --- a/2023/35xxx/CVE-2023-35001.json +++ b/2023/35xxx/CVE-2023-35001.json @@ -98,6 +98,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230824-0007/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230824-0007/" + }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" } ] }, diff --git a/2023/35xxx/CVE-2023-35785.json b/2023/35xxx/CVE-2023-35785.json index 7a70ba6c49e..d4b49356782 100644 --- a/2023/35xxx/CVE-2023-35785.json +++ b/2023/35xxx/CVE-2023-35785.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below and Support Center Plus 14300 and below are vulnerable to the authentication bypass vulnerability via a few authenticators." + "value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability." } ] }, diff --git a/2023/35xxx/CVE-2023-35788.json b/2023/35xxx/CVE-2023-35788.json index babc16901ca..45e49efbc7f 100644 --- a/2023/35xxx/CVE-2023-35788.json +++ b/2023/35xxx/CVE-2023-35788.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-5480", "url": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" } ] } diff --git a/2023/38xxx/CVE-2023-38743.json b/2023/38xxx/CVE-2023-38743.json index d6a2b717af6..58d910ee7fe 100644 --- a/2023/38xxx/CVE-2023-38743.json +++ b/2023/38xxx/CVE-2023-38743.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38743", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38743", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html", + "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-38743.html" } ] } diff --git a/2023/38xxx/CVE-2023-38829.json b/2023/38xxx/CVE-2023-38829.json index 62c4d22bf1a..8c73b2ce05d 100644 --- a/2023/38xxx/CVE-2023-38829.json +++ b/2023/38xxx/CVE-2023-38829.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38829", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38829", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E", + "url": "https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E" } ] } diff --git a/2023/39xxx/CVE-2023-39063.json b/2023/39xxx/CVE-2023-39063.json index 6e220e67d60..4736da554cf 100644 --- a/2023/39xxx/CVE-2023-39063.json +++ b/2023/39xxx/CVE-2023-39063.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39063", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39063", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/AndreGNogueira/CVE-2023-39063", + "url": "https://github.com/AndreGNogueira/CVE-2023-39063" } ] } diff --git a/2023/39xxx/CVE-2023-39068.json b/2023/39xxx/CVE-2023-39068.json index 5614586e406..f3425a1aa6f 100644 --- a/2023/39xxx/CVE-2023-39068.json +++ b/2023/39xxx/CVE-2023-39068.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39068", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3", + "refsource": "MISC", + "name": "https://www.xiongmaitech.com/en/index.php/service/notice_info/51/3" } ] } diff --git a/2023/39xxx/CVE-2023-39070.json b/2023/39xxx/CVE-2023-39070.json index 8d01f508c49..fe1c647d7c2 100644 --- a/2023/39xxx/CVE-2023-39070.json +++ b/2023/39xxx/CVE-2023-39070.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/" } ] } diff --git a/2023/39xxx/CVE-2023-39780.json b/2023/39xxx/CVE-2023-39780.json index 780dd3b8b65..772f06c5761 100644 --- a/2023/39xxx/CVE-2023-39780.json +++ b/2023/39xxx/CVE-2023-39780.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39780", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39780", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md", + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.md", + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.md", + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.md", + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.md", + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.md", + "url": "https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.md" } ] } diff --git a/2023/3xxx/CVE-2023-3090.json b/2023/3xxx/CVE-2023-3090.json index 2471c2ef84b..02edc592324 100644 --- a/2023/3xxx/CVE-2023-3090.json +++ b/2023/3xxx/CVE-2023-3090.json @@ -84,6 +84,11 @@ "url": "https://www.debian.org/security/2023/dsa-5480", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3389.json b/2023/3xxx/CVE-2023-3389.json index 8f0a3d6ae95..6d024a727f2 100644 --- a/2023/3xxx/CVE-2023-3389.json +++ b/2023/3xxx/CVE-2023-3389.json @@ -99,6 +99,11 @@ "url": "https://www.debian.org/security/2023/dsa-5480", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3390.json b/2023/3xxx/CVE-2023-3390.json index fe1ef857935..9b91fb80bb1 100644 --- a/2023/3xxx/CVE-2023-3390.json +++ b/2023/3xxx/CVE-2023-3390.json @@ -84,6 +84,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230818-0004/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230818-0004/" + }, + { + "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" } ] }, diff --git a/2023/40xxx/CVE-2023-40032.json b/2023/40xxx/CVE-2023-40032.json index a9f2ed45825..4e93e4e1f4c 100644 --- a/2023/40xxx/CVE-2023-40032.json +++ b/2023/40xxx/CVE-2023-40032.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libvips", + "product": { + "product_data": [ + { + "product_name": "libvips", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 8.14.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584", + "refsource": "MISC", + "name": "https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584" + }, + { + "url": "https://github.com/libvips/libvips/pull/3604", + "refsource": "MISC", + "name": "https://github.com/libvips/libvips/pull/3604" + }, + { + "url": "https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b", + "refsource": "MISC", + "name": "https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b" + } + ] + }, + "source": { + "advisory": "GHSA-33qp-9pq7-9584", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41064.json b/2023/41xxx/CVE-2023-41064.json index 12bdf3197a0..c1da8da2ead 100644 --- a/2023/41xxx/CVE-2023-41064.json +++ b/2023/41xxx/CVE-2023-41064.json @@ -95,6 +95,21 @@ "url": "http://seclists.org/fulldisclosure/2023/Sep/4", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2023/Sep/4" + }, + { + "url": "https://support.apple.com/kb/HT213915", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT213915" + }, + { + "url": "https://support.apple.com/kb/HT213914", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT213914" + }, + { + "url": "https://support.apple.com/kb/HT213913", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT213913" } ] } diff --git a/2023/41xxx/CVE-2023-41103.json b/2023/41xxx/CVE-2023-41103.json index 3b47c17d184..61e9d3984ec 100644 --- a/2023/41xxx/CVE-2023-41103.json +++ b/2023/41xxx/CVE-2023-41103.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41103", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41103", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.interactsoftware.com/", + "refsource": "MISC", + "name": "https://www.interactsoftware.com/" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-41103", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-41103" } ] } diff --git a/2023/41xxx/CVE-2023-41256.json b/2023/41xxx/CVE-2023-41256.json index 4f0db850a54..390add12824 100644 --- a/2023/41xxx/CVE-2023-41256.json +++ b/2023/41xxx/CVE-2023-41256.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41256", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dover Fueling Solutions", + "product": { + "product_data": [ + { + "product_name": "MAGLINK LX Web Console Configuration", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.5.1" + }, + { + "version_affected": "=", + "version_value": "2.5.2" + }, + { + "version_affected": "=", + "version_value": "2.5.3" + }, + { + "version_affected": "=", + "version_value": "2.6.1" + }, + { + "version_affected": "=", + "version_value": "2.11" + }, + { + "version_affected": "=", + "version_value": "3.0" + }, + { + "version_affected": "=", + "version_value": "3.2" + }, + { + "version_affected": "=", + "version_value": "3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n\n
" + } + ], + "value": "\nIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4597.json b/2023/4xxx/CVE-2023-4597.json index 2fa88bb70dd..499711e6f3d 100644 --- a/2023/4xxx/CVE-2023-4597.json +++ b/2023/4xxx/CVE-2023-4597.json @@ -68,6 +68,11 @@ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=", "refsource": "MISC", "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=" + }, + { + "url": "http://packetstormsecurity.com/files/174604/WordPress-Slimstat-Analytics-5.0.9-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174604/WordPress-Slimstat-Analytics-5.0.9-Cross-Site-Scripting-SQL-Injection.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4807.json b/2023/4xxx/CVE-2023-4807.json index 424024619bf..7a3c548adbf 100644 --- a/2023/4xxx/CVE-2023-4807.json +++ b/2023/4xxx/CVE-2023-4807.json @@ -93,6 +93,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/09/08/3", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/09/08/3" + }, + { + "url": "http://packetstormsecurity.com/files/174593/OpenSSL-Security-Advisory-20230908.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174593/OpenSSL-Security-Advisory-20230908.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4896.json b/2023/4xxx/CVE-2023-4896.json new file mode 100644 index 00000000000..bf9037d1e0e --- /dev/null +++ b/2023/4xxx/CVE-2023-4896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file