From 20cfa7dc2698231a74a439fde6ac7d3e00d80b4d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 28 Jul 2023 16:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10108.json | 5 ++ 2018/17xxx/CVE-2018-17153.json | 5 ++ 2023/37xxx/CVE-2023-37904.json | 85 ++++++++++++++++++++++++++++-- 2023/37xxx/CVE-2023-37906.json | 85 ++++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38498.json | 94 ++++++++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38684.json | 85 ++++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38685.json | 85 ++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3488.json | 84 ++++++++++++++++++++++++++++-- 8 files changed, 504 insertions(+), 24 deletions(-) diff --git a/2016/10xxx/CVE-2016-10108.json b/2016/10xxx/CVE-2016-10108.json index ca182dfbc7b..8aa85ccc832 100644 --- a/2016/10xxx/CVE-2016-10108.json +++ b/2016/10xxx/CVE-2016-10108.json @@ -61,6 +61,11 @@ "name": "95200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95200" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html" } ] } diff --git a/2018/17xxx/CVE-2018-17153.json b/2018/17xxx/CVE-2018-17153.json index bffd368f51a..5238902579e 100644 --- a/2018/17xxx/CVE-2018-17153.json +++ b/2018/17xxx/CVE-2018-17153.json @@ -66,6 +66,11 @@ "name": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952", "refsource": "MISC", "url": "https://support.wdc.com/knowledgebase/answer.aspx?ID=25952" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html" } ] } diff --git a/2023/37xxx/CVE-2023-37904.json b/2023/37xxx/CVE-2023-37904.json index d9279b0d0cd..18115e3ef84 100644 --- a/2023/37xxx/CVE-2023-37904.json +++ b/2023/37xxx/CVE-2023-37904.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta7" + }, + { + "version_affected": "=", + "version_value": "< 3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg" + }, + { + "url": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b" + } + ] + }, + "source": { + "advisory": "GHSA-6wj5-4ph2-c7qg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/37xxx/CVE-2023-37906.json b/2023/37xxx/CVE-2023-37906.json index b7cbc1d26e8..a9e11d1d60b 100644 --- a/2023/37xxx/CVE-2023-37906.json +++ b/2023/37xxx/CVE-2023-37906.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37906", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta7" + }, + { + "version_affected": "=", + "version_value": "< 3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-pjv6-47x6-mx7c" + }, + { + "url": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/commit/dcc825bda505a344eda403a1b8733f30e784034a" + } + ] + }, + "source": { + "advisory": "GHSA-pjv6-47x6-mx7c", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38498.json b/2023/38xxx/CVE-2023-38498.json index b99b54bb928..c9e1aecd31b 100644 --- a/2023/38xxx/CVE-2023-38498.json +++ b/2023/38xxx/CVE-2023-38498.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta7" + }, + { + "version_affected": "=", + "version_value": "< 3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-wv29-rm3f-4g2j" + }, + { + "url": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/commit/26e267478d785e2f32ee7da4613e2cf4a65ff182" + } + ] + }, + "source": { + "advisory": "GHSA-wv29-rm3f-4g2j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38684.json b/2023/38xxx/CVE-2023-38684.json index 978288bc167..d101a9909aa 100644 --- a/2023/38xxx/CVE-2023-38684.json +++ b/2023/38xxx/CVE-2023-38684.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta7" + }, + { + "version_affected": "=", + "version_value": "< 3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-ff7g-xv79-hgmf" + }, + { + "url": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/commit/bfc3132bb22bd5b7e86f428746b89c4d3d7f5a70" + } + ] + }, + "source": { + "advisory": "GHSA-ff7g-xv79-hgmf", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38685.json b/2023/38xxx/CVE-2023-38685.json index 98bd332a45d..0cae4af99d7 100644 --- a/2023/38xxx/CVE-2023-38685.json +++ b/2023/38xxx/CVE-2023-38685.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta7" + }, + { + "version_affected": "=", + "version_value": "< 3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-wx6x-q4gp-mgv5" + }, + { + "url": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/commit/073661142369a0a66c25775cc3870582a679ef8b" + } + ] + }, + "source": { + "advisory": "GHSA-wx6x-q4gp-mgv5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3488.json b/2023/3xxx/CVE-2023-3488.json index e667782aa69..87e01f6282d 100644 --- a/2023/3xxx/CVE-2023-3488.json +++ b/2023/3xxx/CVE-2023-3488.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@silabs.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908 Use of Uninitialized Resource", + "cweId": "CWE-908" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "silabs.com", + "product": { + "product_data": [ + { + "product_name": "Gecko Bootloader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SiliconLabs/gecko_sdk/releases", + "refsource": "MISC", + "name": "https://github.com/SiliconLabs/gecko_sdk/releases" + }, + { + "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1", + "refsource": "MISC", + "name": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] }