From 25ee38b5f89f1f12a4839ddf22f9660d4c6c488d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Apr 2023 01:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/25xxx/CVE-2023-25292.json | 66 ++++++++++++++++++++++++++++++---- 2023/26xxx/CVE-2023-26243.json | 66 ++++++++++++++++++++++++++++++---- 2023/26xxx/CVE-2023-26244.json | 66 ++++++++++++++++++++++++++++++---- 2023/26xxx/CVE-2023-26245.json | 66 ++++++++++++++++++++++++++++++---- 2023/26xxx/CVE-2023-26246.json | 66 ++++++++++++++++++++++++++++++---- 5 files changed, 300 insertions(+), 30 deletions(-) diff --git a/2023/25xxx/CVE-2023-25292.json b/2023/25xxx/CVE-2023-25292.json index 420dd4f1e38..de0400148f7 100644 --- a/2023/25xxx/CVE-2023-25292.json +++ b/2023/25xxx/CVE-2023-25292.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-25292", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-25292", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://group-office.com", + "refsource": "MISC", + "name": "http://group-office.com" + }, + { + "url": "http://intermesh.com", + "refsource": "MISC", + "name": "http://intermesh.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/brainkok/CVE-2023-25292", + "url": "https://github.com/brainkok/CVE-2023-25292" } ] } diff --git a/2023/26xxx/CVE-2023-26243.json b/2023/26xxx/CVE-2023-26243.json index 9734a1175ae..6216d81a19b 100644 --- a/2023/26xxx/CVE-2023-26243.json +++ b/2023/26xxx/CVE-2023-26243.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26243", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26243", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sowhat.iit.cnr.it", + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera" } ] } diff --git a/2023/26xxx/CVE-2023-26244.json b/2023/26xxx/CVE-2023-26244.json index 4d5b3d986ca..a1dd870143f 100644 --- a/2023/26xxx/CVE-2023-26244.json +++ b/2023/26xxx/CVE-2023-26244.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26244", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26244", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sowhat.iit.cnr.it", + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera" } ] } diff --git a/2023/26xxx/CVE-2023-26245.json b/2023/26xxx/CVE-2023-26245.json index 35f7735fd88..aa82a8cb68c 100644 --- a/2023/26xxx/CVE-2023-26245.json +++ b/2023/26xxx/CVE-2023-26245.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26245", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26245", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sowhat.iit.cnr.it", + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera" } ] } diff --git a/2023/26xxx/CVE-2023-26246.json b/2023/26xxx/CVE-2023-26246.json index 62f4b0f72f4..ae5e2bf72f9 100644 --- a/2023/26xxx/CVE-2023-26246.json +++ b/2023/26xxx/CVE-2023-26246.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26246", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26246", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sowhat.iit.cnr.it", + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf" + }, + { + "refsource": "MISC", + "name": "https://sowhat.iit.cnr.it:8443/can-work/chimaera", + "url": "https://sowhat.iit.cnr.it:8443/can-work/chimaera" } ] }