From 12620ad82cc6a8ad27c977c80321a714d1750a0a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Aug 2023 22:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/11xxx/CVE-2018-11314.json | 5 + 2022/27xxx/CVE-2022-27152.json | 5 + 2023/38xxx/CVE-2023-38971.json | 61 +++++++++-- 2023/38xxx/CVE-2023-38975.json | 61 +++++++++-- 2023/38xxx/CVE-2023-38976.json | 5 + 2023/39xxx/CVE-2023-39578.json | 5 + 2023/41xxx/CVE-2023-41153.json | 56 ++++++++-- 2023/41xxx/CVE-2023-41382.json | 18 ++++ 2023/41xxx/CVE-2023-41383.json | 18 ++++ 2023/41xxx/CVE-2023-41384.json | 18 ++++ 2023/41xxx/CVE-2023-41385.json | 18 ++++ 2023/41xxx/CVE-2023-41386.json | 18 ++++ 2023/4xxx/CVE-2023-4296.json | 128 +++++++++++++++++++++- 2023/4xxx/CVE-2023-4611.json | 192 ++++++++++++++++++++++++++++++++- 14 files changed, 582 insertions(+), 26 deletions(-) create mode 100644 2023/41xxx/CVE-2023-41382.json create mode 100644 2023/41xxx/CVE-2023-41383.json create mode 100644 2023/41xxx/CVE-2023-41384.json create mode 100644 2023/41xxx/CVE-2023-41385.json create mode 100644 2023/41xxx/CVE-2023-41386.json diff --git a/2018/11xxx/CVE-2018-11314.json b/2018/11xxx/CVE-2018-11314.json index 4dd9250939c..aae2cfab9ac 100644 --- a/2018/11xxx/CVE-2018-11314.json +++ b/2018/11xxx/CVE-2018-11314.json @@ -61,6 +61,11 @@ "name": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325", "refsource": "MISC", "url": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325" + }, + { + "refsource": "MISC", + "name": "https://support.roku.com/article/12554388937879", + "url": "https://support.roku.com/article/12554388937879" } ] } diff --git a/2022/27xxx/CVE-2022-27152.json b/2022/27xxx/CVE-2022-27152.json index b3bc7070541..29b4615ec73 100644 --- a/2022/27xxx/CVE-2022-27152.json +++ b/2022/27xxx/CVE-2022-27152.json @@ -56,6 +56,11 @@ "url": "https://github.com/llamasoft/RootMyRoku", "refsource": "MISC", "name": "https://github.com/llamasoft/RootMyRoku" + }, + { + "refsource": "MISC", + "name": "https://support.roku.com/article/12554388937879", + "url": "https://support.roku.com/article/12554388937879" } ] } diff --git a/2023/38xxx/CVE-2023-38971.json b/2023/38xxx/CVE-2023-38971.json index da06cc5453f..bdeed17c3f5 100644 --- a/2023/38xxx/CVE-2023-38971.json +++ b/2023/38xxx/CVE-2023-38971.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38971", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38971", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md", + "refsource": "MISC", + "name": "https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS3.md" + }, + { + "refsource": "MISC", + "name": "https://panda002.hashnode.dev/badaso-version-297-has-xss-vulnerability-in-add-ranks", + "url": "https://panda002.hashnode.dev/badaso-version-297-has-xss-vulnerability-in-add-ranks" } ] } diff --git a/2023/38xxx/CVE-2023-38975.json b/2023/38xxx/CVE-2023-38975.json index 92d1a8fca0c..db1c2f1ab42 100644 --- a/2023/38xxx/CVE-2023-38975.json +++ b/2023/38xxx/CVE-2023-38975.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38975", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38975", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/qdrant/qdrant/issues/2268", + "refsource": "MISC", + "name": "https://github.com/qdrant/qdrant/issues/2268" + }, + { + "refsource": "MISC", + "name": "https://aisec.today/Qdrant-56dd05e12ca94d75a5e798b3fee80fa3", + "url": "https://aisec.today/Qdrant-56dd05e12ca94d75a5e798b3fee80fa3" } ] } diff --git a/2023/38xxx/CVE-2023-38976.json b/2023/38xxx/CVE-2023-38976.json index 80ffdbd499e..023924f2cb9 100644 --- a/2023/38xxx/CVE-2023-38976.json +++ b/2023/38xxx/CVE-2023-38976.json @@ -56,6 +56,11 @@ "url": "https://github.com/weaviate/weaviate/issues/3258", "refsource": "MISC", "name": "https://github.com/weaviate/weaviate/issues/3258" + }, + { + "refsource": "MISC", + "name": "https://aisec.today/Weaviate-26981c6c5f794077bd51d24c88cebf7a", + "url": "https://aisec.today/Weaviate-26981c6c5f794077bd51d24c88cebf7a" } ] } diff --git a/2023/39xxx/CVE-2023-39578.json b/2023/39xxx/CVE-2023-39578.json index 1fe8be089a5..18c73c3dec4 100644 --- a/2023/39xxx/CVE-2023-39578.json +++ b/2023/39xxx/CVE-2023-39578.json @@ -56,6 +56,11 @@ "url": "https://github.com/anh91/Zenario-xss/issues/1", "refsource": "MISC", "name": "https://github.com/anh91/Zenario-xss/issues/1" + }, + { + "refsource": "MISC", + "name": "https://panda002.hashnode.dev/a-stored-cross-site-scripting-xss-vulnerability-in-the-create-the-function-of-zenario-cms-v94", + "url": "https://panda002.hashnode.dev/a-stored-cross-site-scripting-xss-vulnerability-in-the-create-the-function-of-zenario-cms-v94" } ] } diff --git a/2023/41xxx/CVE-2023-41153.json b/2023/41xxx/CVE-2023-41153.json index 8c4203490b1..cabc02950ae 100644 --- a/2023/41xxx/CVE-2023-41153.json +++ b/2023/41xxx/CVE-2023-41153.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41153", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41153", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://webmin.com/tags/webmin-changelog/", + "refsource": "MISC", + "name": "https://webmin.com/tags/webmin-changelog/" } ] } diff --git a/2023/41xxx/CVE-2023-41382.json b/2023/41xxx/CVE-2023-41382.json new file mode 100644 index 00000000000..65e3bbff565 --- /dev/null +++ b/2023/41xxx/CVE-2023-41382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41383.json b/2023/41xxx/CVE-2023-41383.json new file mode 100644 index 00000000000..bc5987eaf1d --- /dev/null +++ b/2023/41xxx/CVE-2023-41383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41384.json b/2023/41xxx/CVE-2023-41384.json new file mode 100644 index 00000000000..a725ccdafe0 --- /dev/null +++ b/2023/41xxx/CVE-2023-41384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41385.json b/2023/41xxx/CVE-2023-41385.json new file mode 100644 index 00000000000..d496814949b --- /dev/null +++ b/2023/41xxx/CVE-2023-41385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41386.json b/2023/41xxx/CVE-2023-41386.json new file mode 100644 index 00000000000..38845a2735a --- /dev/null +++ b/2023/41xxx/CVE-2023-41386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4296.json b/2023/4xxx/CVE-2023-4296.json index 81ce79cfff5..1b824f4a73c 100644 --- a/2023/4xxx/CVE-2023-4296.json +++ b/2023/4xxx/CVE-2023-4296.json @@ -1,17 +1,137 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4296", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTC", + "product": { + "product_data": [ + { + "product_name": "Codebeamer", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "v22.10-SP6", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "lessThanOrEqual": "v22.04-SP2", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "lessThanOrEqual": "v21.09-SP13", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "2.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01" + }, + { + "url": "https://codebeamer.com/cb/wiki/31346480", + "refsource": "MISC", + "name": "https://codebeamer.com/cb/wiki/31346480" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

PTC recommends the following:

\u200bDocker Image download: https://hub.docker.com/r/intland/codebeamer/tags

\u200bCodebeamer installers: https://intland.com/codebeamer-download/

\u200bHosted customers may request an upgrade through the support channel.

\u200bNote that version 2.0 is not impacted by this vulnerability.

\u200bFor more information refer to PTC Security Advisory and Resolution.

\n\n
" + } + ], + "value": "\nPTC recommends the following:\n\n * \u200bVersion 22.10.X: upgrade to 22.10-SP7 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 22.04.X: upgrade to 22.04-SP3 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 21.09.X: upgrade to 21.09-SP14 https://intland.com/codebeamer-download/ \u00a0or newer version\n\n\n\u200bDocker Image download: https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags \n\n\u200bCodebeamer installers: https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ \n\n\u200bHosted customers may request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 .\n\n\u200bNote that version 2.0 is not impacted by this vulnerability.\n\n\u200bFor more information refer to PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 .\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4611.json b/2023/4xxx/CVE-2023-4611.json index db90453f9ad..d5a6909af81 100644 --- a/2023/4xxx/CVE-2023-4611.json +++ b/2023/4xxx/CVE-2023-4611.json @@ -1,17 +1,201 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5-rc4", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4611", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4611" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227244", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2227244" + }, + { + "url": "https://www.spinics.net/lists/stable-commits/msg310136.html", + "refsource": "MISC", + "name": "https://www.spinics.net/lists/stable-commits/msg310136.html" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] }