diff --git a/2023/36xxx/CVE-2023-36119.json b/2023/36xxx/CVE-2023-36119.json
index a76a7522771..f4751e74335 100644
--- a/2023/36xxx/CVE-2023-36119.json
+++ b/2023/36xxx/CVE-2023-36119.json
@@ -1,17 +1,71 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-36119",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-36119",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "File upload vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 allows a remote attacker to execute arbitrary code via a crafted php file to the \\osghs\\admin\\images file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md",
+ "refsource": "MISC",
+ "name": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0527",
+ "refsource": "MISC",
+ "name": "https://nvd.nist.gov/vuln/detail/CVE-2023-0527"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md",
+ "url": "https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md"
}
]
}
diff --git a/2023/36xxx/CVE-2023-36831.json b/2023/36xxx/CVE-2023-36831.json
index f2099786f0c..f3f1a6e4d6b 100644
--- a/2023/36xxx/CVE-2023-36831.json
+++ b/2023/36xxx/CVE-2023-36831.json
@@ -1,17 +1,178 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36831",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "sirt@juniper.net",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.\n\nThe jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-703 Improper Check or Handling of Exceptional Conditions",
+ "cweId": "CWE-703"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Denial of Service (DoS)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Juniper Networks",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Junos OS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "22.2R3",
+ "status": "affected",
+ "version": "22.2",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "22.3R2-S1, 22.3R3",
+ "status": "affected",
+ "version": "22.3",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "22.4R1-S2, 22.4R2",
+ "status": "affected",
+ "version": "22.4",
+ "versionType": "custom"
+ },
+ {
+ "lessThan": "22.2R2",
+ "status": "unaffected",
+ "version": "unspecified",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://supportportal.juniper.net/JSA71636",
+ "refsource": "MISC",
+ "name": "https://supportportal.juniper.net/JSA71636"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "defect": [
+ "1709031"
+ ],
+ "discovery": "USER"
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The following sample configuration options highlight the features required to be affected by this issue:
set services ssl proxy profile SSL-PROXY protocol-version tls12-and-lower
set services ssl proxy profile SSL-PROXY trusted-ca all
set services ssl proxy profile SSL-PROXY root-ca ssl-proxy-ecdsa1
set security pki ca-profile SECURITY-CA-GROUP_1 ca-identity SECURITY-CA-GROUP_1
...
set security utm default-configuration web-filtering juniper-enhanced default log-and-permit
set security utm feature-profile web-filtering juniper-enhanced profile 2 category ... action block
...
set security utm utm-policy 1 web-filtering http-profile 2
...
set security policies from-zone private to-zone internet policy 1 then permit application-services ssl-proxy profile-name SSL-PROXY
set security policies from-zone private to-zone internet policy 1 then permit application-services utm-policy 1
"
+ }
+ ],
+ "value": "The following sample configuration options highlight the features required to be affected by this issue:\n\u00a0 set services ssl proxy profile SSL-PROXY protocol-version tls12-and-lower\n\u00a0 set services ssl proxy profile SSL-PROXY trusted-ca all\n\u00a0 set services ssl proxy profile SSL-PROXY root-ca ssl-proxy-ecdsa1\n\u00a0 set security pki ca-profile SECURITY-CA-GROUP_1 ca-identity SECURITY-CA-GROUP_1\n...\n\u00a0 set security utm default-configuration web-filtering juniper-enhanced default log-and-permit\n\u00a0 set security utm feature-profile web-filtering juniper-enhanced profile 2 category ... action block\n...\n\u00a0 set security utm utm-policy 1 web-filtering http-profile 2\n...\n\u00a0 set security policies from-zone private to-zone internet policy 1 then permit application-services ssl-proxy profile-name SSL-PROXY\n\u00a0 set security policies from-zone private to-zone internet policy 1 then permit application-services utm-policy 1\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "There are no known workarounds for this issue.
"
+ }
+ ],
+ "value": "There are no known workarounds for this issue.\n"
+ }
+ ],
+ "exploit": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
"
+ }
+ ],
+ "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The following software releases have been updated to resolve this specific issue: Junos OS 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.1R1, and all subsequent releases.
"
+ }
+ ],
+ "value": "The following software releases have been updated to resolve this specific issue: Junos OS 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.1R1, and all subsequent releases.\n"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/38xxx/CVE-2023-38290.json b/2023/38xxx/CVE-2023-38290.json
new file mode 100644
index 00000000000..b458fee0440
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38290.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38290",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38291.json b/2023/38xxx/CVE-2023-38291.json
new file mode 100644
index 00000000000..7056b879227
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38291.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38291",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38292.json b/2023/38xxx/CVE-2023-38292.json
new file mode 100644
index 00000000000..bf35eb5d770
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38292.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38292",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38293.json b/2023/38xxx/CVE-2023-38293.json
new file mode 100644
index 00000000000..b5f33189c0f
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38293.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38293",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38294.json b/2023/38xxx/CVE-2023-38294.json
new file mode 100644
index 00000000000..44734acd376
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38294.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38294",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38295.json b/2023/38xxx/CVE-2023-38295.json
new file mode 100644
index 00000000000..8a9f0d08028
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38295.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38295",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38296.json b/2023/38xxx/CVE-2023-38296.json
new file mode 100644
index 00000000000..df4ef2f27d1
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38296.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38296",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38297.json b/2023/38xxx/CVE-2023-38297.json
new file mode 100644
index 00000000000..0611b9d01b0
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38297.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38297",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38298.json b/2023/38xxx/CVE-2023-38298.json
new file mode 100644
index 00000000000..665a8249fe2
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38298.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38298",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38299.json b/2023/38xxx/CVE-2023-38299.json
new file mode 100644
index 00000000000..fa7b69cb1e7
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38299.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38299",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38300.json b/2023/38xxx/CVE-2023-38300.json
new file mode 100644
index 00000000000..113da1ed89c
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38300.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38300",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38301.json b/2023/38xxx/CVE-2023-38301.json
new file mode 100644
index 00000000000..8d5f539d74a
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38301.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38301",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38302.json b/2023/38xxx/CVE-2023-38302.json
new file mode 100644
index 00000000000..be1a59d4c10
--- /dev/null
+++ b/2023/38xxx/CVE-2023-38302.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-38302",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file