From 0b75e53ae00b13517c3a24e740e8ee289ed9748b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Jul 2023 15:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/40xxx/CVE-2022-40896.json | 66 ++++++++++++++++++++--- 2022/4xxx/CVE-2022-4953.json | 18 +++++++ 2023/27xxx/CVE-2023-27379.json | 5 ++ 2023/28xxx/CVE-2023-28744.json | 5 ++ 2023/28xxx/CVE-2023-28754.json | 5 ++ 2023/2xxx/CVE-2023-2975.json | 5 ++ 2023/30xxx/CVE-2023-30799.json | 84 +++++++++++++++++++++++++++-- 2023/32xxx/CVE-2023-32664.json | 5 ++ 2023/33xxx/CVE-2023-33866.json | 5 ++ 2023/33xxx/CVE-2023-33876.json | 5 ++ 2023/34xxx/CVE-2023-34034.json | 98 ++++++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3446.json | 10 ++++ 2023/3xxx/CVE-2023-3638.json | 91 +++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3774.json | 18 +++++++ 2023/3xxx/CVE-2023-3775.json | 18 +++++++ 15 files changed, 420 insertions(+), 18 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4953.json create mode 100644 2023/3xxx/CVE-2023-3774.json create mode 100644 2023/3xxx/CVE-2023-3775.json diff --git a/2022/40xxx/CVE-2022-40896.json b/2022/40xxx/CVE-2022-40896.json index a16e0e60799..272a350b69c 100644 --- a/2022/40xxx/CVE-2022-40896.json +++ b/2022/40xxx/CVE-2022-40896.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40896", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40896", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pypi.org/project/Pygments/", + "refsource": "MISC", + "name": "https://pypi.org/project/Pygments/" + }, + { + "url": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61", + "refsource": "MISC", + "name": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61" + }, + { + "refsource": "MISC", + "name": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/", + "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/" } ] } diff --git a/2022/4xxx/CVE-2022-4953.json b/2022/4xxx/CVE-2022-4953.json new file mode 100644 index 00000000000..65e689fee68 --- /dev/null +++ b/2022/4xxx/CVE-2022-4953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/27xxx/CVE-2023-27379.json b/2023/27xxx/CVE-2023-27379.json index 35cd5d43eb8..a2286b86425 100644 --- a/2023/27xxx/CVE-2023-27379.json +++ b/2023/27xxx/CVE-2023-27379.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1756", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1756" } ] }, diff --git a/2023/28xxx/CVE-2023-28744.json b/2023/28xxx/CVE-2023-28744.json index e4199599990..166e8fcd458 100644 --- a/2023/28xxx/CVE-2023-28744.json +++ b/2023/28xxx/CVE-2023-28744.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1739", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1739" } ] }, diff --git a/2023/28xxx/CVE-2023-28754.json b/2023/28xxx/CVE-2023-28754.json index 7049e4a1eea..e4879336275 100644 --- a/2023/28xxx/CVE-2023-28754.json +++ b/2023/28xxx/CVE-2023-28754.json @@ -59,6 +59,11 @@ "url": "https://lists.apache.org/thread/p8onhqox5kkwow9lc6gs03z28wtyp1cg", "refsource": "MISC", "name": "https://lists.apache.org/thread/p8onhqox5kkwow9lc6gs03z28wtyp1cg" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/19/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/19/3" } ] }, diff --git a/2023/2xxx/CVE-2023-2975.json b/2023/2xxx/CVE-2023-2975.json index 9944b310f45..120f2061e74 100644 --- a/2023/2xxx/CVE-2023-2975.json +++ b/2023/2xxx/CVE-2023-2975.json @@ -78,6 +78,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/07/15/1", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/07/15/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/19/5" } ] }, diff --git a/2023/30xxx/CVE-2023-30799.json b/2023/30xxx/CVE-2023-30799.json index 5a4079b04f0..edb71b7b7aa 100644 --- a/2023/30xxx/CVE-2023-30799.json +++ b/2023/30xxx/CVE-2023-30799.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@vulncheck.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MikroTik", + "product": { + "product_data": [ + { + "product_name": "RouterOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.49.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vulncheck.com/advisories/mikrotik-foisted", + "refsource": "MISC", + "name": "https://vulncheck.com/advisories/mikrotik-foisted" + }, + { + "url": "https://github.com/MarginResearch/FOISted", + "refsource": "MISC", + "name": "https://github.com/MarginResearch/FOISted" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32664.json b/2023/32xxx/CVE-2023-32664.json index cc03ef8afe0..9800dc0a7f8 100644 --- a/2023/32xxx/CVE-2023-32664.json +++ b/2023/32xxx/CVE-2023-32664.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1795", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1795" } ] }, diff --git a/2023/33xxx/CVE-2023-33866.json b/2023/33xxx/CVE-2023-33866.json index 32be4e12f4b..45a1279684d 100644 --- a/2023/33xxx/CVE-2023-33866.json +++ b/2023/33xxx/CVE-2023-33866.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1757", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1757" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1757", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1757" } ] }, diff --git a/2023/33xxx/CVE-2023-33876.json b/2023/33xxx/CVE-2023-33876.json index cacc910240d..4e851de10b7 100644 --- a/2023/33xxx/CVE-2023-33876.json +++ b/2023/33xxx/CVE-2023-33876.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1796", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1796" } ] }, diff --git a/2023/34xxx/CVE-2023-34034.json b/2023/34xxx/CVE-2023-34034.json index ab01e4d8207..2b8ad5c591a 100644 --- a/2023/34xxx/CVE-2023-34034.json +++ b/2023/34xxx/CVE-2023-34034.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34034", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using \"**\" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "potential for a security bypass" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Security", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Spring Security 6.1.0", + "version_value": "6.1.1" + }, + { + "version_affected": "<=", + "version_name": "Spring Security 6.0.0 ", + "version_value": "6.0.4" + }, + { + "version_affected": "<=", + "version_name": "Spring Security 5.8.0", + "version_value": "5.8.4" + }, + { + "version_affected": "<=", + "version_name": "Spring Security 5.7.0 ", + "version_value": "5.7.9 " + }, + { + "version_affected": "<=", + "version_name": "Spring Security 5.6.0", + "version_value": "5.6.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://spring.io/security/cve-2023-34034", + "refsource": "MISC", + "name": "https://spring.io/security/cve-2023-34034" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3446.json b/2023/3xxx/CVE-2023-3446.json index 68374c5edc6..1bcfa7cd234 100644 --- a/2023/3xxx/CVE-2023-3446.json +++ b/2023/3xxx/CVE-2023-3446.json @@ -93,6 +93,16 @@ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", "refsource": "MISC", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/19/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/19/5" } ] }, diff --git a/2023/3xxx/CVE-2023-3638.json b/2023/3xxx/CVE-2023-3638.json index 470857acc95..ce4cc11b9c3 100644 --- a/2023/3xxx/CVE-2023-3638.json +++ b/2023/3xxx/CVE-2023-3638.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GeoVision ", + "product": { + "product_data": [ + { + "product_name": "GV-ADR2701", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.00_2017_12_15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nGeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n
" + } + ], + "value": "GeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3774.json b/2023/3xxx/CVE-2023-3774.json new file mode 100644 index 00000000000..05a5c9c0291 --- /dev/null +++ b/2023/3xxx/CVE-2023-3774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3775.json b/2023/3xxx/CVE-2023-3775.json new file mode 100644 index 00000000000..56733a3bd4a --- /dev/null +++ b/2023/3xxx/CVE-2023-3775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file