diff --git a/2023/39xxx/CVE-2023-39202.json b/2023/39xxx/CVE-2023-39202.json index 5b6d54e9b94..dacaeb4c9b3 100644 --- a/2023/39xxx/CVE-2023-39202.json +++ b/2023/39xxx/CVE-2023-39202.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426 Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Rooms Client for Windows and Zoom VDI Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39203.json b/2023/39xxx/CVE-2023-39203.json index cbd3f9e2583..db617e0a919 100644 --- a/2023/39xxx/CVE-2023-39203.json +++ b/2023/39xxx/CVE-2023-39203.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Rooms Client for Windows and Zoom VDI Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39204.json b/2023/39xxx/CVE-2023-39204.json index acffc88e331..426210672d4 100644 --- a/2023/39xxx/CVE-2023-39204.json +++ b/2023/39xxx/CVE-2023-39204.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Clients", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39205.json b/2023/39xxx/CVE-2023-39205.json index 4b1a8a46d15..d5797d5d4ad 100644 --- a/2023/39xxx/CVE-2023-39205.json +++ b/2023/39xxx/CVE-2023-39205.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Clients", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3889.json b/2023/3xxx/CVE-2023-3889.json index 710314d2e30..934fa3bd34f 100644 --- a/2023/3xxx/CVE-2023-3889.json +++ b/2023/3xxx/CVE-2023-3889.json @@ -49,9 +49,28 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "r38p0", - "version_value": "r44p0" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "r44p1", + "status": "unaffected" + }, + { + "at": "r45p0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "r44p0", + "status": "affected", + "version": "r38p0", + "versionType": "patch" + } + ], + "defaultStatus": "unaffected" + } } ] } diff --git a/2023/41xxx/CVE-2023-41570.json b/2023/41xxx/CVE-2023-41570.json index 5d74ebb3f47..6031d3822aa 100644 --- a/2023/41xxx/CVE-2023-41570.json +++ b/2023/41xxx/CVE-2023-41570.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41570", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41570", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/", + "url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/" } ] } diff --git a/2023/45xxx/CVE-2023-45614.json b/2023/45xxx/CVE-2023-45614.json index 2cac338ad2d..a93dc6c3568 100644 --- a/2023/45xxx/CVE-2023-45614.json +++ b/2023/45xxx/CVE-2023-45614.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45615.json b/2023/45xxx/CVE-2023-45615.json index e2c66e2e7d7..e0f1a7d3235 100644 --- a/2023/45xxx/CVE-2023-45615.json +++ b/2023/45xxx/CVE-2023-45615.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Chancen" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45616.json b/2023/45xxx/CVE-2023-45616.json index 2080582d2f6..07efc246321 100644 --- a/2023/45xxx/CVE-2023-45616.json +++ b/2023/45xxx/CVE-2023-45616.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45617.json b/2023/45xxx/CVE-2023-45617.json index c879085ca04..353b5f0bd9d 100644 --- a/2023/45xxx/CVE-2023-45617.json +++ b/2023/45xxx/CVE-2023-45617.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45618.json b/2023/45xxx/CVE-2023-45618.json index 4c4a24fa4d9..98484a7b81a 100644 --- a/2023/45xxx/CVE-2023-45618.json +++ b/2023/45xxx/CVE-2023-45618.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45619.json b/2023/45xxx/CVE-2023-45619.json index a353db4225d..5fab6f864f4 100644 --- a/2023/45xxx/CVE-2023-45619.json +++ b/2023/45xxx/CVE-2023-45619.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Chancen" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45620.json b/2023/45xxx/CVE-2023-45620.json index 654d5f2afd8..53e5b000b3e 100644 --- a/2023/45xxx/CVE-2023-45620.json +++ b/2023/45xxx/CVE-2023-45620.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45621.json b/2023/45xxx/CVE-2023-45621.json index 0f5e988754e..f07f693a390 100644 --- a/2023/45xxx/CVE-2023-45621.json +++ b/2023/45xxx/CVE-2023-45621.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Chancen" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45622.json b/2023/45xxx/CVE-2023-45622.json index 4ee2d287bc3..fdebd4db1e3 100644 --- a/2023/45xxx/CVE-2023-45622.json +++ b/2023/45xxx/CVE-2023-45622.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45623.json b/2023/45xxx/CVE-2023-45623.json index 92e33849743..c3fd80fb112 100644 --- a/2023/45xxx/CVE-2023-45623.json +++ b/2023/45xxx/CVE-2023-45623.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45624.json b/2023/45xxx/CVE-2023-45624.json index 9180c0e7bcb..0d39b93faa2 100644 --- a/2023/45xxx/CVE-2023-45624.json +++ b/2023/45xxx/CVE-2023-45624.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "XiaoC from Moonlight Bug Hunter" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45625.json b/2023/45xxx/CVE-2023-45625.json index ebc31876244..ae2ca347965 100644 --- a/2023/45xxx/CVE-2023-45625.json +++ b/2023/45xxx/CVE-2023-45625.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Chancen" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45626.json b/2023/45xxx/CVE-2023-45626.json index 53bc5c8c0bb..8783ee4e538 100644 --- a/2023/45xxx/CVE-2023-45626.json +++ b/2023/45xxx/CVE-2023-45626.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Nicholas Starke of Aruba Threat Labs" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45627.json b/2023/45xxx/CVE-2023-45627.json index 528dac91a60..3386f960031 100644 --- a/2023/45xxx/CVE-2023-45627.json +++ b/2023/45xxx/CVE-2023-45627.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\n\noperation of the affected access point.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS 10.5.x.x: 10.5.0.0 and below" + }, + { + "status": "affected", + "version": "ArubaOS 10.4.x.x: 10.4.0.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.11.x.x: 8.11.1.2 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.10.x.x: 8.10.0.8 and below" + }, + { + "status": "affected", + "version": "InstantOS 8.6.x.x: 8.6.0.22 and below" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Chancen" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46582.json b/2023/46xxx/CVE-2023-46582.json index 11cc03c6786..8c268499ed6 100644 --- a/2023/46xxx/CVE-2023-46582.json +++ b/2023/46xxx/CVE-2023-46582.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46582", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46582", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md", + "url": "https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md" } ] } diff --git a/2023/47xxx/CVE-2023-47517.json b/2023/47xxx/CVE-2023-47517.json index 37e18c7a7ec..718ea308281 100644 --- a/2023/47xxx/CVE-2023-47517.json +++ b/2023/47xxx/CVE-2023-47517.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <=\u00a01.23.11.6 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SendPress", + "product": { + "product_data": [ + { + "product_name": "SendPress Newsletters", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.23.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47518.json b/2023/47xxx/CVE-2023-47518.json index ccd541bdf38..3637da2fef5 100644 --- a/2023/47xxx/CVE-2023-47518.json +++ b/2023/47xxx/CVE-2023-47518.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <=\u00a02.6.4 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Matthew Muro", + "product": { + "product_data": [ + { + "product_name": "Restrict Categories", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/restrict-categories/wordpress-restrict-categories-plugin-2-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/restrict-categories/wordpress-restrict-categories-plugin-2-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4272.json b/2023/4xxx/CVE-2023-4272.json index ac77e996d69..b5c360c5c2e 100644 --- a/2023/4xxx/CVE-2023-4272.json +++ b/2023/4xxx/CVE-2023-4272.json @@ -49,24 +49,9 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "r33p0", - "status": "unaffected" - } - ], - "lessThan": "r33p0", - "status": "affected", - "version": "r8p0", - "versionType": "patch" - } - ], - "defaultStatus": "unaffected" - } + "version_affected": "<=", + "version_name": "r8p0", + "version_value": "r32p0" } ] } diff --git a/2023/4xxx/CVE-2023-4295.json b/2023/4xxx/CVE-2023-4295.json index 0816d16b61f..dfe3e263449 100644 --- a/2023/4xxx/CVE-2023-4295.json +++ b/2023/4xxx/CVE-2023-4295.json @@ -137,23 +137,5 @@ "lang": "en", "value": "Jann Horn at Google" } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 9.3, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - ] - } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5189.json b/2023/5xxx/CVE-2023-5189.json index 3913e365b96..026477e01ee 100644 --- a/2023/5xxx/CVE-2023-5189.json +++ b/2023/5xxx/CVE-2023-5189.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5189", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "automation_hub", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Ansible Automation Platform 2", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Satellite 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-5189", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-5189" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6136.json b/2023/6xxx/CVE-2023-6136.json new file mode 100644 index 00000000000..adaa6b48f15 --- /dev/null +++ b/2023/6xxx/CVE-2023-6136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6137.json b/2023/6xxx/CVE-2023-6137.json new file mode 100644 index 00000000000..aef1c3d593f --- /dev/null +++ b/2023/6xxx/CVE-2023-6137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6138.json b/2023/6xxx/CVE-2023-6138.json new file mode 100644 index 00000000000..dd77b6146ce --- /dev/null +++ b/2023/6xxx/CVE-2023-6138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6139.json b/2023/6xxx/CVE-2023-6139.json new file mode 100644 index 00000000000..aba0e07e865 --- /dev/null +++ b/2023/6xxx/CVE-2023-6139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6140.json b/2023/6xxx/CVE-2023-6140.json new file mode 100644 index 00000000000..020fc108515 --- /dev/null +++ b/2023/6xxx/CVE-2023-6140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6141.json b/2023/6xxx/CVE-2023-6141.json new file mode 100644 index 00000000000..b7224d25111 --- /dev/null +++ b/2023/6xxx/CVE-2023-6141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file