From 29885602011d1953ef3b3cd9c5ddae5832757e17 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Oct 2023 20:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/35xxx/CVE-2023-35656.json | 53 +++++++++++++++++++++-- 2023/35xxx/CVE-2023-35663.json | 53 +++++++++++++++++++++-- 2023/45xxx/CVE-2023-45572.json | 2 +- 2023/45xxx/CVE-2023-45574.json | 2 +- 2023/45xxx/CVE-2023-45576.json | 2 +- 2023/45xxx/CVE-2023-45578.json | 2 +- 2023/45xxx/CVE-2023-45579.json | 2 +- 2023/4xxx/CVE-2023-4601.json | 79 ++++++++++++++++++++++++++++++++-- 8 files changed, 178 insertions(+), 17 deletions(-) diff --git a/2023/35xxx/CVE-2023-35656.json b/2023/35xxx/CVE-2023-35656.json index 015f574bde6..92a2bee6f91 100644 --- a/2023/35xxx/CVE-2023-35656.json +++ b/2023/35xxx/CVE-2023-35656.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": " In multiple functions of protocolembmsadapter.cpp, there is a possible out\n of bounds read due to a missing bounds check. This could lead to remote\n information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-10-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-10-01" } ] } diff --git a/2023/35xxx/CVE-2023-35663.json b/2023/35xxx/CVE-2023-35663.json index 902bb970555..2acbba0d968 100644 --- a/2023/35xxx/CVE-2023-35663.json +++ b/2023/35xxx/CVE-2023-35663.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": " In Init of protocolnetadapter.cpp, there is a possible out of bounds read\n due to a missing bounds check. This could lead to remote information\n disclosure with no additional execution privileges needed. User interaction\n is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-10-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-10-01" } ] } diff --git a/2023/45xxx/CVE-2023-45572.json b/2023/45xxx/CVE-2023-45572.json index 0943cfa9f02..503a21bb4b2 100644 --- a/2023/45xxx/CVE-2023-45572.json +++ b/2023/45xxx/CVE-2023-45572.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function." + "value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function." } ] }, diff --git a/2023/45xxx/CVE-2023-45574.json b/2023/45xxx/CVE-2023-45574.json index 944bb2cc16f..17cee68a434 100644 --- a/2023/45xxx/CVE-2023-45574.json +++ b/2023/45xxx/CVE-2023-45574.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function." + "value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function." } ] }, diff --git a/2023/45xxx/CVE-2023-45576.json b/2023/45xxx/CVE-2023-45576.json index 6206a0d394a..d3858f57cbb 100644 --- a/2023/45xxx/CVE-2023-45576.json +++ b/2023/45xxx/CVE-2023-45576.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function." + "value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function." } ] }, diff --git a/2023/45xxx/CVE-2023-45578.json b/2023/45xxx/CVE-2023-45578.json index debb2da093d..d79cf8a91a2 100644 --- a/2023/45xxx/CVE-2023-45578.json +++ b/2023/45xxx/CVE-2023-45578.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function." + "value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function." } ] }, diff --git a/2023/45xxx/CVE-2023-45579.json b/2023/45xxx/CVE-2023-45579.json index cbf04edd3d6..82afa29f51a 100644 --- a/2023/45xxx/CVE-2023-45579.json +++ b/2023/45xxx/CVE-2023-45579.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function." + "value": "Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function." } ] }, diff --git a/2023/4xxx/CVE-2023-4601.json b/2023/4xxx/CVE-2023-4601.json index 98f9cc213be..ca2c87525f9 100644 --- a/2023/4xxx/CVE-2023-4601.json +++ b/2023/4xxx/CVE-2023-4601.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ni.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NI", + "product": { + "product_data": [ + { + "product_name": "System Configuration", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "23.5.*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html", + "refsource": "MISC", + "name": "https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] }