diff --git a/2023/22xxx/CVE-2023-22308.json b/2023/22xxx/CVE-2023-22308.json index 09fc66755b2..02d65246eaf 100644 --- a/2023/22xxx/CVE-2023-22308.json +++ b/2023/22xxx/CVE-2023-22308.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191: Integer Underflow (Wrap or Wraparound)", + "cweId": "CWE-191" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.01.9674" + }, + { + "version_affected": "=", + "version_value": "5.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1737", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1737" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/22xxx/CVE-2023-22325.json b/2023/22xxx/CVE-2023-22325.json index e8d5374059f..f8b33183e79 100644 --- a/2023/22xxx/CVE-2023-22325.json +++ b/2023/22xxx/CVE-2023-22325.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22325", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.41-9782-beta" + }, + { + "version_affected": "=", + "version_value": "5.01.9674" + }, + { + "version_affected": "=", + "version_value": "5.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736" + }, + { + "url": "https://www.softether.org/9-about/News/904-SEVPN202301", + "refsource": "MISC", + "name": "https://www.softether.org/9-about/News/904-SEVPN202301" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/23xxx/CVE-2023-23581.json b/2023/23xxx/CVE-2023-23581.json index 11e0a78a5e6..42e0cdb4396 100644 --- a/2023/23xxx/CVE-2023-23581.json +++ b/2023/23xxx/CVE-2023-23581.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.01.9674" + }, + { + "version_affected": "=", + "version_value": "5.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/25xxx/CVE-2023-25774.json b/2023/25xxx/CVE-2023-25774.json index 77340dca318..d87814b996b 100644 --- a/2023/25xxx/CVE-2023-25774.json +++ b/2023/25xxx/CVE-2023-25774.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25774", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.01.9674" + }, + { + "version_affected": "=", + "version_value": "5.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1743", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1743" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/27xxx/CVE-2023-27395.json b/2023/27xxx/CVE-2023-27395.json index 6fbdb476f73..e7b3a3cec34 100644 --- a/2023/27xxx/CVE-2023-27395.json +++ b/2023/27xxx/CVE-2023-27395.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.41-9782-beta" + }, + { + "version_affected": "=", + "version_value": "5.01.9674" + }, + { + "version_affected": "=", + "version_value": "5.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735" + }, + { + "url": "https://www.softether.org/9-about/News/904-SEVPN202301", + "refsource": "MISC", + "name": "https://www.softether.org/9-about/News/904-SEVPN202301" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/27xxx/CVE-2023-27516.json b/2023/27xxx/CVE-2023-27516.json index 709d4f05c77..45f573399fa 100644 --- a/2023/27xxx/CVE-2023-27516.json +++ b/2023/27xxx/CVE-2023-27516.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-453: Insecure Default Variable Initialization", + "cweId": "CWE-453" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.41-9782-beta" + }, + { + "version_affected": "=", + "version_value": "5.01.9674" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1754", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1754" + }, + { + "url": "https://www.softether.org/9-about/News/904-SEVPN202301", + "refsource": "MISC", + "name": "https://www.softether.org/9-about/News/904-SEVPN202301" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2023/31xxx/CVE-2023-31192.json b/2023/31xxx/CVE-2023-31192.json index e62a365a184..1fc2cf3071a 100644 --- a/2023/31xxx/CVE-2023-31192.json +++ b/2023/31xxx/CVE-2023-31192.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-457: Use of Uninitialized Variable", + "cweId": "CWE-457" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.01.9674" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768" + }, + { + "url": "https://www.softether.org/9-about/News/904-SEVPN202301", + "refsource": "MISC", + "name": "https://www.softether.org/9-about/News/904-SEVPN202301" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/32xxx/CVE-2023-32275.json b/2023/32xxx/CVE-2023-32275.json index 05a50b1594f..c655a6bbda4 100644 --- a/2023/32xxx/CVE-2023-32275.json +++ b/2023/32xxx/CVE-2023-32275.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32275", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-201: Information Exposure Through Sent Data", + "cweId": "CWE-201" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.41-9782-beta" + }, + { + "version_affected": "=", + "version_value": "5.01.9674" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753" + }, + { + "url": "https://www.softether.org/9-about/News/904-SEVPN202301", + "refsource": "MISC", + "name": "https://www.softether.org/9-about/News/904-SEVPN202301" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/32xxx/CVE-2023-32634.json b/2023/32xxx/CVE-2023-32634.json index 2e057a107cc..5de5c1d605b 100644 --- a/2023/32xxx/CVE-2023-32634.json +++ b/2023/32xxx/CVE-2023-32634.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + "cweId": "CWE-300" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SoftEther VPN", + "product": { + "product_data": [ + { + "product_name": "SoftEther VPN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.41-9782-beta" + }, + { + "version_affected": "=", + "version_value": "5.01.9674" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755" + }, + { + "url": "https://www.softether.org/9-about/News/904-SEVPN202301", + "refsource": "MISC", + "name": "https://www.softether.org/9-about/News/904-SEVPN202301" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Lilith >_> of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/33xxx/CVE-2023-33297.json b/2023/33xxx/CVE-2023-33297.json index cccc1697fe4..188adf59596 100644 --- a/2023/33xxx/CVE-2023-33297.json +++ b/2023/33xxx/CVE-2023-33297.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023." + "value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023." } ] }, @@ -86,6 +86,21 @@ "refsource": "FEDORA", "name": "FEDORA-2023-3317c9b824", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/" + }, + { + "refsource": "MISC", + "name": "https://github.com/visualbasic6/drain", + "url": "https://github.com/visualbasic6/drain" + }, + { + "refsource": "MISC", + "name": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544", + "url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544" + }, + { + "refsource": "MISC", + "name": "https://x.com/123456/status/1711601593399828530", + "url": "https://x.com/123456/status/1711601593399828530" } ] } diff --git a/2023/43xxx/CVE-2023-43147.json b/2023/43xxx/CVE-2023-43147.json index 5a0180f4e5d..79a8eb232c8 100644 --- a/2023/43xxx/CVE-2023-43147.json +++ b/2023/43xxx/CVE-2023-43147.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/MinoTauro2020/CVE-2023-43148", + "url": "https://github.com/MinoTauro2020/CVE-2023-43148" } ] } diff --git a/2023/45xxx/CVE-2023-45282.json b/2023/45xxx/CVE-2023-45282.json index 4cf1f7a6ec0..675e2e1a6ad 100644 --- a/2023/45xxx/CVE-2023-45282.json +++ b/2023/45xxx/CVE-2023-45282.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52", "url": "https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52" + }, + { + "refsource": "MISC", + "name": "https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282", + "url": "https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282" } ] } diff --git a/2023/45xxx/CVE-2023-45773.json b/2023/45xxx/CVE-2023-45773.json new file mode 100644 index 00000000000..a1793e6785d --- /dev/null +++ b/2023/45xxx/CVE-2023-45773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45774.json b/2023/45xxx/CVE-2023-45774.json new file mode 100644 index 00000000000..1231ff43bb0 --- /dev/null +++ b/2023/45xxx/CVE-2023-45774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45775.json b/2023/45xxx/CVE-2023-45775.json new file mode 100644 index 00000000000..516f6d3f830 --- /dev/null +++ b/2023/45xxx/CVE-2023-45775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45776.json b/2023/45xxx/CVE-2023-45776.json new file mode 100644 index 00000000000..2d03ccad8e3 --- /dev/null +++ b/2023/45xxx/CVE-2023-45776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45777.json b/2023/45xxx/CVE-2023-45777.json new file mode 100644 index 00000000000..602470697d3 --- /dev/null +++ b/2023/45xxx/CVE-2023-45777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45778.json b/2023/45xxx/CVE-2023-45778.json new file mode 100644 index 00000000000..e8f87544ba9 --- /dev/null +++ b/2023/45xxx/CVE-2023-45778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45779.json b/2023/45xxx/CVE-2023-45779.json new file mode 100644 index 00000000000..fba1dffa0ad --- /dev/null +++ b/2023/45xxx/CVE-2023-45779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45780.json b/2023/45xxx/CVE-2023-45780.json new file mode 100644 index 00000000000..db5d172c72e --- /dev/null +++ b/2023/45xxx/CVE-2023-45780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45781.json b/2023/45xxx/CVE-2023-45781.json new file mode 100644 index 00000000000..9e4785562dc --- /dev/null +++ b/2023/45xxx/CVE-2023-45781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45782.json b/2023/45xxx/CVE-2023-45782.json new file mode 100644 index 00000000000..703b6a9dcb1 --- /dev/null +++ b/2023/45xxx/CVE-2023-45782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45783.json b/2023/45xxx/CVE-2023-45783.json new file mode 100644 index 00000000000..84469015bf8 --- /dev/null +++ b/2023/45xxx/CVE-2023-45783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45784.json b/2023/45xxx/CVE-2023-45784.json new file mode 100644 index 00000000000..272775d1435 --- /dev/null +++ b/2023/45xxx/CVE-2023-45784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45785.json b/2023/45xxx/CVE-2023-45785.json new file mode 100644 index 00000000000..1715b6cefb5 --- /dev/null +++ b/2023/45xxx/CVE-2023-45785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45786.json b/2023/45xxx/CVE-2023-45786.json new file mode 100644 index 00000000000..24a0306155b --- /dev/null +++ b/2023/45xxx/CVE-2023-45786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45787.json b/2023/45xxx/CVE-2023-45787.json new file mode 100644 index 00000000000..2112e367a3c --- /dev/null +++ b/2023/45xxx/CVE-2023-45787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45788.json b/2023/45xxx/CVE-2023-45788.json new file mode 100644 index 00000000000..37d20521c1b --- /dev/null +++ b/2023/45xxx/CVE-2023-45788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45789.json b/2023/45xxx/CVE-2023-45789.json new file mode 100644 index 00000000000..fbd6bfca083 --- /dev/null +++ b/2023/45xxx/CVE-2023-45789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45790.json b/2023/45xxx/CVE-2023-45790.json new file mode 100644 index 00000000000..4510c5841bd --- /dev/null +++ b/2023/45xxx/CVE-2023-45790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45791.json b/2023/45xxx/CVE-2023-45791.json new file mode 100644 index 00000000000..52a7a43279e --- /dev/null +++ b/2023/45xxx/CVE-2023-45791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45792.json b/2023/45xxx/CVE-2023-45792.json new file mode 100644 index 00000000000..a0f10f95948 --- /dev/null +++ b/2023/45xxx/CVE-2023-45792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5560.json b/2023/5xxx/CVE-2023-5560.json new file mode 100644 index 00000000000..49106973172 --- /dev/null +++ b/2023/5xxx/CVE-2023-5560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file