diff --git a/2023/32xxx/CVE-2023-32062.json b/2023/32xxx/CVE-2023-32062.json
index fabd8556b2c..375e7d918c3 100644
--- a/2023/32xxx/CVE-2023-32062.json
+++ b/2023/32xxx/CVE-2023-32062.json
@@ -1,17 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32062",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-284: Improper Access Control",
+ "cweId": "CWE-284"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "oroinc",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "crm",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": ">= 4.2.0, <= 4.2.6"
+ },
+ {
+ "version_affected": "=",
+ "version_value": ">= 5.0.0, <= 5.0.6"
+ },
+ {
+ "version_affected": "=",
+ "version_value": ">= 5.1.0, < 5.1.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g",
+ "refsource": "MISC",
+ "name": "https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g"
+ },
+ {
+ "url": "https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b",
+ "refsource": "MISC",
+ "name": "https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b"
+ },
+ {
+ "url": "https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531",
+ "refsource": "MISC",
+ "name": "https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-x2xm-p6vq-482g",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42363.json b/2023/42xxx/CVE-2023-42363.json
index dc5491d6d1f..f95666e09c6 100644
--- a/2023/42xxx/CVE-2023-42363.json
+++ b/2023/42xxx/CVE-2023-42363.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-42363",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-42363",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://bugs.busybox.net/show_bug.cgi?id=15865",
+ "url": "https://bugs.busybox.net/show_bug.cgi?id=15865"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5773.json b/2023/5xxx/CVE-2023-5773.json
index 8cfbe1ab58a..b650f639c67 100644
--- a/2023/5xxx/CVE-2023-5773.json
+++ b/2023/5xxx/CVE-2023-5773.json
@@ -1,17 +1,17 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5773",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-6136. Reason: This record is a reservation duplicate of CVE-20nn-nnnn. Notes: All CVE users should reference CVE-2023-6136 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
}
diff --git a/2023/5xxx/CVE-2023-5885.json b/2023/5xxx/CVE-2023-5885.json
index 5ff1707d8bf..424f61ef186 100644
--- a/2023/5xxx/CVE-2023-5885.json
+++ b/2023/5xxx/CVE-2023-5885.json
@@ -1,17 +1,116 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5885",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-35 Path Traversal",
+ "cweId": "CWE-35"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Franklin Electric Fueling Systems",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Colibri",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02"
+ },
+ {
+ "url": "https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/",
+ "refsource": "MISC",
+ "name": "https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/"
+ },
+ {
+ "url": "https://www.franklinfueling.com/en/contact-us/",
+ "refsource": "MISC",
+ "name": "https://www.franklinfueling.com/en/contact-us/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Franklin Electric Fueling Systems determined that the vulnerability only affects the Colibri product which has not been sold since 2020 and does not affect the current EVO product lines. They created a firmware update for Colibri to address the issue. Users can download the update at from the Franklin Electric website. Franklin Electric is working with distributors to make sure all known users are aware that the update is available for installation.
For further information, please contact Franklin Electric Fueling Systems.
"
+ }
+ ],
+ "value": "Franklin Electric Fueling Systems determined that the vulnerability only affects the Colibri product which has not been sold since 2020 and does not affect the current EVO product lines. They created a firmware update for Colibri to address the issue. Users can download the update at from the Franklin Electric website. Franklin Electric is working with distributors to make sure all known users are aware that the update is available for installation.\nFor further information, please contact Franklin Electric Fueling Systems.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Momen Eldawakhly Samurai Digital Security Ltd. reported this vulnerability to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}