From 1cbdfc3cd3e4dfc90a39ff69a95ba18f9b868043 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 8 Dec 2023 18:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/36xxx/CVE-2023-36404.json | 5 + 2023/46xxx/CVE-2023-46818.json | 5 + 2023/4xxx/CVE-2023-4295.json | 5 + 2023/6xxx/CVE-2023-6579.json | 5 + 2023/6xxx/CVE-2023-6617.json | 95 +++++++++++++++- 2023/6xxx/CVE-2023-6618.json | 95 +++++++++++++++- 2023/6xxx/CVE-2023-6619.json | 95 +++++++++++++++- 2023/6xxx/CVE-2023-6622.json | 193 ++++++++++++++++++++++++++++++++- 2023/6xxx/CVE-2023-6631.json | 18 +++ 9 files changed, 500 insertions(+), 16 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6631.json diff --git a/2023/36xxx/CVE-2023-36404.json b/2023/36xxx/CVE-2023-36404.json index 04f8f268e50..d3e3b806aad 100644 --- a/2023/36xxx/CVE-2023-36404.json +++ b/2023/36xxx/CVE-2023-36404.json @@ -214,6 +214,11 @@ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36404", "refsource": "MISC", "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36404" + }, + { + "url": "http://packetstormsecurity.com/files/176110/Windows-Kernel-Information-Disclosure.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176110/Windows-Kernel-Information-Disclosure.html" } ] }, diff --git a/2023/46xxx/CVE-2023-46818.json b/2023/46xxx/CVE-2023-46818.json index 734618000e4..03514802cea 100644 --- a/2023/46xxx/CVE-2023-46818.json +++ b/2023/46xxx/CVE-2023-46818.json @@ -56,6 +56,11 @@ "url": "https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/", "refsource": "MISC", "name": "https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html", + "url": "http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html" } ] } diff --git a/2023/4xxx/CVE-2023-4295.json b/2023/4xxx/CVE-2023-4295.json index dfe3e263449..87f106d1735 100644 --- a/2023/4xxx/CVE-2023-4295.json +++ b/2023/4xxx/CVE-2023-4295.json @@ -110,6 +110,11 @@ "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "refsource": "MISC", "name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities" + }, + { + "url": "http://packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6579.json b/2023/6xxx/CVE-2023-6579.json index 0c5e77a2bc4..b95f626b014 100644 --- a/2023/6xxx/CVE-2023-6579.json +++ b/2023/6xxx/CVE-2023-6579.json @@ -67,6 +67,11 @@ "url": "https://vuldb.com/?ctiid.247160", "refsource": "MISC", "name": "https://vuldb.com/?ctiid.247160" + }, + { + "url": "http://packetstormsecurity.com/files/176124/osCommerce-4-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176124/osCommerce-4-SQL-Injection.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6617.json b/2023/6xxx/CVE-2023-6617.json index e108869c4ad..1e5ea0a2ee0 100644 --- a/2023/6xxx/CVE-2023-6617.json +++ b/2023/6xxx/CVE-2023-6617.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Simple Student Attendance System 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei attendance.php. Durch das Manipulieren des Arguments class_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Student Attendance System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247254", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247254" + }, + { + "url": "https://vuldb.com/?ctiid.247254", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247254" + }, + { + "url": "https://www.yuque.com/u39339523/el4dxs/gcsvdc5oohx6v38c", + "refsource": "MISC", + "name": "https://www.yuque.com/u39339523/el4dxs/gcsvdc5oohx6v38c" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "whs123 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/6xxx/CVE-2023-6618.json b/2023/6xxx/CVE-2023-6618.json index e3e586f7548..19161e68e0c 100644 --- a/2023/6xxx/CVE-2023-6618.json +++ b/2023/6xxx/CVE-2023-6618.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255." + }, + { + "lang": "deu", + "value": "In SourceCodester Simple Student Attendance System 1.0 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei index.php. Durch Manipulieren des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73 File Inclusion", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Student Attendance System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247255", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247255" + }, + { + "url": "https://vuldb.com/?ctiid.247255", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247255" + }, + { + "url": "https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc", + "refsource": "MISC", + "name": "https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "whs123 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/6xxx/CVE-2023-6619.json b/2023/6xxx/CVE-2023-6619.json index e91a0ddff26..3af08a81cbf 100644 --- a/2023/6xxx/CVE-2023-6619.json +++ b/2023/6xxx/CVE-2023-6619.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Simple Student Attendance System 1.0 ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /modals/class_form.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Student Attendance System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247256", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247256" + }, + { + "url": "https://vuldb.com/?ctiid.247256", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247256" + }, + { + "url": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/class_form.php_SQL-injection.md", + "refsource": "MISC", + "name": "https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/class_form.php_SQL-injection.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "daylightqc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/6xxx/CVE-2023-6622.json b/2023/6xxx/CVE-2023-6622.json index c12e6784e30..0316cd21358 100644 --- a/2023/6xxx/CVE-2023-6622.json +++ b/2023/6xxx/CVE-2023-6622.json @@ -1,17 +1,202 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6622", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-6622" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253632", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2253632" + }, + { + "url": "https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is to skip loading the affected module \"netfilter\" onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278" + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Xingyuan Mo ((IceSword Lab)) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6631.json b/2023/6xxx/CVE-2023-6631.json new file mode 100644 index 00000000000..630e903f16f --- /dev/null +++ b/2023/6xxx/CVE-2023-6631.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6631", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file