From 120f35e9411abce10bf64a6ef82ef75a687823d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 6 Oct 2023 19:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/21xxx/CVE-2023-21244.json | 80 +++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21252.json | 75 +++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21253.json | 80 +++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21266.json | 70 +++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21291.json | 70 +++++++++++++++++++++++++++-- 2023/45xxx/CVE-2023-45282.json | 61 ++++++++++++++++++++++--- 2023/45xxx/CVE-2023-45293.json | 18 ++++++++ 2023/45xxx/CVE-2023-45294.json | 18 ++++++++ 2023/45xxx/CVE-2023-45295.json | 18 ++++++++ 2023/45xxx/CVE-2023-45296.json | 18 ++++++++ 2023/45xxx/CVE-2023-45297.json | 18 ++++++++ 2023/45xxx/CVE-2023-45298.json | 18 ++++++++ 2023/45xxx/CVE-2023-45299.json | 18 ++++++++ 2023/45xxx/CVE-2023-45300.json | 18 ++++++++ 2023/45xxx/CVE-2023-45301.json | 18 ++++++++ 2023/45xxx/CVE-2023-45302.json | 18 ++++++++ 2023/45xxx/CVE-2023-45303.json | 81 ++++++++++++++++++++++++++++++++++ 2023/45xxx/CVE-2023-45304.json | 18 ++++++++ 2023/45xxx/CVE-2023-45305.json | 18 ++++++++ 2023/45xxx/CVE-2023-45306.json | 18 ++++++++ 2023/45xxx/CVE-2023-45307.json | 18 ++++++++ 2023/45xxx/CVE-2023-45308.json | 18 ++++++++ 2023/45xxx/CVE-2023-45309.json | 18 ++++++++ 2023/45xxx/CVE-2023-45310.json | 18 ++++++++ 24 files changed, 797 insertions(+), 26 deletions(-) create mode 100644 2023/45xxx/CVE-2023-45293.json create mode 100644 2023/45xxx/CVE-2023-45294.json create mode 100644 2023/45xxx/CVE-2023-45295.json create mode 100644 2023/45xxx/CVE-2023-45296.json create mode 100644 2023/45xxx/CVE-2023-45297.json create mode 100644 2023/45xxx/CVE-2023-45298.json create mode 100644 2023/45xxx/CVE-2023-45299.json create mode 100644 2023/45xxx/CVE-2023-45300.json create mode 100644 2023/45xxx/CVE-2023-45301.json create mode 100644 2023/45xxx/CVE-2023-45302.json create mode 100644 2023/45xxx/CVE-2023-45303.json create mode 100644 2023/45xxx/CVE-2023-45304.json create mode 100644 2023/45xxx/CVE-2023-45305.json create mode 100644 2023/45xxx/CVE-2023-45306.json create mode 100644 2023/45xxx/CVE-2023-45307.json create mode 100644 2023/45xxx/CVE-2023-45308.json create mode 100644 2023/45xxx/CVE-2023-45309.json create mode 100644 2023/45xxx/CVE-2023-45310.json diff --git a/2023/21xxx/CVE-2023-21244.json b/2023/21xxx/CVE-2023-21244.json index de08a9564e4..2c157da4e00 100644 --- a/2023/21xxx/CVE-2023-21244.json +++ b/2023/21xxx/CVE-2023-21244.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21244", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13" + }, + { + "version_affected": "=", + "version_value": "12L" + }, + { + "version_affected": "=", + "version_value": "12" + }, + { + "version_affected": "=", + "version_value": "11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3" + }, + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef" + }, + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad" + }, + { + "url": "https://source.android.com/security/bulletin/2023-10-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-10-01" } ] } diff --git a/2023/21xxx/CVE-2023-21252.json b/2023/21xxx/CVE-2023-21252.json index 9418345ddad..26863091cea 100644 --- a/2023/21xxx/CVE-2023-21252.json +++ b/2023/21xxx/CVE-2023-21252.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13" + }, + { + "version_affected": "=", + "version_value": "12L" + }, + { + "version_affected": "=", + "version_value": "12" + }, + { + "version_affected": "=", + "version_value": "11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/044ab0684153c4effb9f4fda47df43ccdc77bda8", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/packages/modules/Wifi/+/044ab0684153c4effb9f4fda47df43ccdc77bda8" + }, + { + "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e04d185e5ae97a5f717d436fd5a90f3", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e04d185e5ae97a5f717d436fd5a90f3" + }, + { + "url": "https://source.android.com/security/bulletin/2023-10-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-10-01" } ] } diff --git a/2023/21xxx/CVE-2023-21253.json b/2023/21xxx/CVE-2023-21253.json index c8e3348a5a7..c206134c1bd 100644 --- a/2023/21xxx/CVE-2023-21253.json +++ b/2023/21xxx/CVE-2023-21253.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13" + }, + { + "version_affected": "=", + "version_value": "12L" + }, + { + "version_affected": "=", + "version_value": "12" + }, + { + "version_affected": "=", + "version_value": "11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529" + }, + { + "url": "https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e" + }, + { + "url": "https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7" + }, + { + "url": "https://source.android.com/security/bulletin/2023-10-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-10-01" } ] } diff --git a/2023/21xxx/CVE-2023-21266.json b/2023/21xxx/CVE-2023-21266.json index 47a4cdd3322..dffe898c8e5 100644 --- a/2023/21xxx/CVE-2023-21266.json +++ b/2023/21xxx/CVE-2023-21266.json @@ -1,17 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13" + }, + { + "version_affected": "=", + "version_value": "12L" + }, + { + "version_affected": "=", + "version_value": "12" + }, + { + "version_affected": "=", + "version_value": "11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/5b7edbf2ba076b04000eb5d27101927eeb609c26", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/base/+/5b7edbf2ba076b04000eb5d27101927eeb609c26" + }, + { + "url": "https://source.android.com/security/bulletin/2023-10-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-10-01" } ] } diff --git a/2023/21xxx/CVE-2023-21291.json b/2023/21xxx/CVE-2023-21291.json index e687c277e84..4523e3c40c9 100644 --- a/2023/21xxx/CVE-2023-21291.json +++ b/2023/21xxx/CVE-2023-21291.json @@ -1,17 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13" + }, + { + "version_affected": "=", + "version_value": "12L" + }, + { + "version_affected": "=", + "version_value": "12" + }, + { + "version_affected": "=", + "version_value": "11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db5497889699e68fb2038566e", + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db5497889699e68fb2038566e" + }, + { + "url": "https://source.android.com/security/bulletin/2023-10-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-10-01" } ] } diff --git a/2023/45xxx/CVE-2023-45282.json b/2023/45xxx/CVE-2023-45282.json index c5e86d1413f..4cf1f7a6ec0 100644 --- a/2023/45xxx/CVE-2023-45282.json +++ b/2023/45xxx/CVE-2023-45282.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45282", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45282", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nasa.github.io/openmct/", + "refsource": "MISC", + "name": "https://nasa.github.io/openmct/" + }, + { + "refsource": "MISC", + "name": "https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52", + "url": "https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52" } ] } diff --git a/2023/45xxx/CVE-2023-45293.json b/2023/45xxx/CVE-2023-45293.json new file mode 100644 index 00000000000..0010d29bef2 --- /dev/null +++ b/2023/45xxx/CVE-2023-45293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45294.json b/2023/45xxx/CVE-2023-45294.json new file mode 100644 index 00000000000..b0643d34909 --- /dev/null +++ b/2023/45xxx/CVE-2023-45294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45295.json b/2023/45xxx/CVE-2023-45295.json new file mode 100644 index 00000000000..d5046c03dc0 --- /dev/null +++ b/2023/45xxx/CVE-2023-45295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45296.json b/2023/45xxx/CVE-2023-45296.json new file mode 100644 index 00000000000..e6b8598fed7 --- /dev/null +++ b/2023/45xxx/CVE-2023-45296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45297.json b/2023/45xxx/CVE-2023-45297.json new file mode 100644 index 00000000000..e6943af0b5c --- /dev/null +++ b/2023/45xxx/CVE-2023-45297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45298.json b/2023/45xxx/CVE-2023-45298.json new file mode 100644 index 00000000000..c849c0f7b3d --- /dev/null +++ b/2023/45xxx/CVE-2023-45298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45299.json b/2023/45xxx/CVE-2023-45299.json new file mode 100644 index 00000000000..87d625e1e79 --- /dev/null +++ b/2023/45xxx/CVE-2023-45299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45300.json b/2023/45xxx/CVE-2023-45300.json new file mode 100644 index 00000000000..087244de22a --- /dev/null +++ b/2023/45xxx/CVE-2023-45300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45301.json b/2023/45xxx/CVE-2023-45301.json new file mode 100644 index 00000000000..91951d8e17d --- /dev/null +++ b/2023/45xxx/CVE-2023-45301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45302.json b/2023/45xxx/CVE-2023-45302.json new file mode 100644 index 00000000000..fe1ff52fad1 --- /dev/null +++ b/2023/45xxx/CVE-2023-45302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45303.json b/2023/45xxx/CVE-2023-45303.json new file mode 100644 index 00000000000..03e91f09ed1 --- /dev/null +++ b/2023/45xxx/CVE-2023-45303.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-45303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://herolab.usd.de/security-advisories/usd-2023-0010/", + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/usd-2023-0010/" + }, + { + "url": "https://freemarker.apache.org/docs/api/freemarker/template/utility/Execute.html", + "refsource": "MISC", + "name": "https://freemarker.apache.org/docs/api/freemarker/template/utility/Execute.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:R", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45304.json b/2023/45xxx/CVE-2023-45304.json new file mode 100644 index 00000000000..af14cea6b11 --- /dev/null +++ b/2023/45xxx/CVE-2023-45304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45305.json b/2023/45xxx/CVE-2023-45305.json new file mode 100644 index 00000000000..8922dcb2814 --- /dev/null +++ b/2023/45xxx/CVE-2023-45305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45306.json b/2023/45xxx/CVE-2023-45306.json new file mode 100644 index 00000000000..a233d654cc1 --- /dev/null +++ b/2023/45xxx/CVE-2023-45306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45307.json b/2023/45xxx/CVE-2023-45307.json new file mode 100644 index 00000000000..6e7555e5d99 --- /dev/null +++ b/2023/45xxx/CVE-2023-45307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45308.json b/2023/45xxx/CVE-2023-45308.json new file mode 100644 index 00000000000..6c00d604dc0 --- /dev/null +++ b/2023/45xxx/CVE-2023-45308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45309.json b/2023/45xxx/CVE-2023-45309.json new file mode 100644 index 00000000000..1cb79925a11 --- /dev/null +++ b/2023/45xxx/CVE-2023-45309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45310.json b/2023/45xxx/CVE-2023-45310.json new file mode 100644 index 00000000000..987dee0f8c7 --- /dev/null +++ b/2023/45xxx/CVE-2023-45310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file