diff --git a/2022/26xxx/CVE-2022-26838.json b/2022/26xxx/CVE-2022-26838.json
index d1f9192aaca..38746363f93 100644
--- a/2022/26xxx/CVE-2022-26838.json
+++ b/2022/26xxx/CVE-2022-26838.json
@@ -1,17 +1,67 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26838",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Path traversal"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Cybozu, Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cybozu Remote Service",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://jvn.jp/en/jp/JVN52694228/",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/jp/JVN52694228/"
+ },
+ {
+ "url": "https://kb.cybozu.support/article/37653/",
+ "refsource": "MISC",
+ "name": "https://kb.cybozu.support/article/37653/"
}
]
}
diff --git a/2023/22xxx/CVE-2023-22277.json b/2023/22xxx/CVE-2023-22277.json
index 73e40d3a403..fda4dfb9762 100644
--- a/2023/22xxx/CVE-2023-22277.json
+++ b/2023/22xxx/CVE-2023-22277.json
@@ -1,17 +1,62 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22277",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Use after free"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OMRON Corporation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CX-Programmer",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Ver.9.79 and earlier"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://jvn.jp/en/vu/JVNVU92877622/",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/vu/JVNVU92877622/"
}
]
}
diff --git a/2023/22xxx/CVE-2023-22314.json b/2023/22xxx/CVE-2023-22314.json
index 95689c6a76b..0920dd14806 100644
--- a/2023/22xxx/CVE-2023-22314.json
+++ b/2023/22xxx/CVE-2023-22314.json
@@ -57,11 +57,6 @@
"url": "https://jvn.jp/en/vu/JVNVU92877622/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU92877622/"
- },
- {
- "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-04",
- "refsource": "MISC",
- "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-04"
}
]
}
diff --git a/2023/22xxx/CVE-2023-22317.json b/2023/22xxx/CVE-2023-22317.json
index b04ae8c91b9..c8683e7f087 100644
--- a/2023/22xxx/CVE-2023-22317.json
+++ b/2023/22xxx/CVE-2023-22317.json
@@ -57,11 +57,6 @@
"url": "https://jvn.jp/en/vu/JVNVU92877622/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU92877622/"
- },
- {
- "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-04",
- "refsource": "MISC",
- "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-04"
}
]
}
diff --git a/2023/25xxx/CVE-2023-25600.json b/2023/25xxx/CVE-2023-25600.json
index 940929210cd..5b0d3150c48 100644
--- a/2023/25xxx/CVE-2023-25600.json
+++ b/2023/25xxx/CVE-2023-25600.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-25600",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-25600",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.insyde.com/security-pledge",
+ "refsource": "MISC",
+ "name": "https://www.insyde.com/security-pledge"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.insyde.com/security-pledge/SA-2023028",
+ "url": "https://www.insyde.com/security-pledge/SA-2023028"
}
]
}
diff --git a/2023/28xxx/CVE-2023-28468.json b/2023/28xxx/CVE-2023-28468.json
index 9af7b7dfc5b..618ee06e7ee 100644
--- a/2023/28xxx/CVE-2023-28468.json
+++ b/2023/28xxx/CVE-2023-28468.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-28468",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-28468",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.insyde.com/security-pledge",
+ "refsource": "MISC",
+ "name": "https://www.insyde.com/security-pledge"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.insyde.com/security-pledge/SA-2023039",
+ "url": "https://www.insyde.com/security-pledge/SA-2023039"
}
]
}
diff --git a/2023/2xxx/CVE-2023-2754.json b/2023/2xxx/CVE-2023-2754.json
index eb5ad6ea9c1..5e3eb5ce0e9 100644
--- a/2023/2xxx/CVE-2023-2754.json
+++ b/2023/2xxx/CVE-2023-2754.json
@@ -1,17 +1,158 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2754",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cloudflare.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.\n\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-319 Cleartext Transmission of Sensitive Information",
+ "cweId": "CWE-319"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Cloudflare",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WARP",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "2023.7.160.0",
+ "status": "unaffected"
+ }
+ ],
+ "lessThan": "2023.7.160.0",
+ "status": "affected",
+ "version": "0",
+ "versionType": "release"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release",
+ "refsource": "MISC",
+ "name": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release"
+ },
+ {
+ "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w",
+ "refsource": "MISC",
+ "name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w"
+ },
+ {
+ "url": "https://developers.cloudflare.com/warp-client/",
+ "refsource": "MISC",
+ "name": "https://developers.cloudflare.com/warp-client/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The victim's device would need to be connected to a rogue Wi-Fi network, that announces support for IPv6, and assigns itself the same IPv6 address that WARP Client sets the IPv6 DNS server as.
"
+ }
+ ],
+ "value": "The victim's device would need to be connected to a rogue Wi-Fi network, that announces support for IPv6, and assigns itself the same IPv6 address that WARP Client sets the IPv6 DNS server as.\n\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Disabling IPv6 support in local devices
"
+ }
+ ],
+ "value": "Disabling IPv6 support in local devices\n"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Users are encouraged to update to the latest WARP Client (Windows) version available: 2023.7.160.0"
+ }
+ ],
+ "value": "Users are encouraged to update to the latest WARP Client (Windows) version available:\u00a02023.7.160.0"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "vanhoefm"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/38xxx/CVE-2023-38812.json b/2023/38xxx/CVE-2023-38812.json
index 4de713958d0..e6f3d438007 100644
--- a/2023/38xxx/CVE-2023-38812.json
+++ b/2023/38xxx/CVE-2023-38812.json
@@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2023-38812",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
diff --git a/2023/3xxx/CVE-2023-3348.json b/2023/3xxx/CVE-2023-3348.json
index d6e916066e7..caf2202feab 100644
--- a/2023/3xxx/CVE-2023-3348.json
+++ b/2023/3xxx/CVE-2023-3348.json
@@ -1,17 +1,132 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3348",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cloudflare.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.\n\n\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Cloudflare",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wrangler",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "3.1.1",
+ "status": "unaffected"
+ }
+ ],
+ "lessThan": "3.1.1",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp",
+ "refsource": "MISC",
+ "name": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp"
+ },
+ {
+ "url": "https://github.com/cloudflare/workers-sdk",
+ "refsource": "MISC",
+ "name": "https://github.com/cloudflare/workers-sdk"
+ },
+ {
+ "url": "https://developers.cloudflare.com/workers/wrangler/",
+ "refsource": "MISC",
+ "name": "https://developers.cloudflare.com/workers/wrangler/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Upgrade to wrangler@3.1.1 or higher"
+ }
+ ],
+ "value": "Upgrade to wrangler@3.1.1 or higher"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "robocap42 (HackerOne researcher)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/3xxx/CVE-2023-3766.json b/2023/3xxx/CVE-2023-3766.json
index 770fcff4895..f06add3a8a0 100644
--- a/2023/3xxx/CVE-2023-3766.json
+++ b/2023/3xxx/CVE-2023-3766.json
@@ -1,17 +1,114 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3766",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@cloudflare.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker\u00a0with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Cloudflare",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "odoh-rs",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "1.0.2",
+ "status": "unaffected"
+ }
+ ],
+ "lessThan": "1.0.2",
+ "status": "affected",
+ "version": "0",
+ "versionType": "patch"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/cloudflare/odoh-rs/security/advisories/GHSA-gpcv-p28p-fv2p",
+ "refsource": "MISC",
+ "name": "https://github.com/cloudflare/odoh-rs/security/advisories/GHSA-gpcv-p28p-fv2p"
+ },
+ {
+ "url": "https://github.com/cloudflare/odoh-rs/pull/28",
+ "refsource": "MISC",
+ "name": "https://github.com/cloudflare/odoh-rs/pull/28"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "00xc"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4136.json b/2023/4xxx/CVE-2023-4136.json
new file mode 100644
index 00000000000..8fe117083b7
--- /dev/null
+++ b/2023/4xxx/CVE-2023-4136.json
@@ -0,0 +1,113 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-4136",
+ "ASSIGNER": "security@craftersoftware.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "CrafterCMS",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CrafterCMS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "4.0.0",
+ "version_value": "4.0.2"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "3.1.0",
+ "version_value": "3.1.27"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301",
+ "refsource": "MISC",
+ "name": "https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "- Add a WAF to inspect and filter these types of attacks
- Disable external access to these APIs if not in active use by the rendering application
"
+ }
+ ],
+ "value": " * Add a WAF to inspect and filter these types of attacks\n * Disable external access to these APIs if not in active use by the rendering application\n\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Egidio Romano "
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
+ "version": "3.1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4137.json b/2023/4xxx/CVE-2023-4137.json
new file mode 100644
index 00000000000..237050d806a
--- /dev/null
+++ b/2023/4xxx/CVE-2023-4137.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-4137",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4138.json b/2023/4xxx/CVE-2023-4138.json
new file mode 100644
index 00000000000..130637797b4
--- /dev/null
+++ b/2023/4xxx/CVE-2023-4138.json
@@ -0,0 +1,92 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-4138",
+ "ASSIGNER": "security@huntr.dev",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-770 Allocation of Resources Without Limits or Throttling",
+ "cweId": "CWE-770"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ikus060",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ikus060/rdiffweb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "unspecified",
+ "version_value": "2.8.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://huntr.dev/bounties/1b1fa915-d588-4bb1-9e82-6a6be79befed",
+ "refsource": "MISC",
+ "name": "https://huntr.dev/bounties/1b1fa915-d588-4bb1-9e82-6a6be79befed"
+ },
+ {
+ "url": "https://github.com/ikus060/rdiffweb/commit/feef0d7b11d86aed29bf98c21526088117964d85",
+ "refsource": "MISC",
+ "name": "https://github.com/ikus060/rdiffweb/commit/feef0d7b11d86aed29bf98c21526088117964d85"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "1b1fa915-d588-4bb1-9e82-6a6be79befed",
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+ "baseScore": 4.2,
+ "baseSeverity": "MEDIUM"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4139.json b/2023/4xxx/CVE-2023-4139.json
new file mode 100644
index 00000000000..013ccb6e419
--- /dev/null
+++ b/2023/4xxx/CVE-2023-4139.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-4139",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4140.json b/2023/4xxx/CVE-2023-4140.json
new file mode 100644
index 00000000000..67df562ee3d
--- /dev/null
+++ b/2023/4xxx/CVE-2023-4140.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-4140",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4141.json b/2023/4xxx/CVE-2023-4141.json
new file mode 100644
index 00000000000..40b2163c315
--- /dev/null
+++ b/2023/4xxx/CVE-2023-4141.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-4141",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4142.json b/2023/4xxx/CVE-2023-4142.json
new file mode 100644
index 00000000000..7de04d8185d
--- /dev/null
+++ b/2023/4xxx/CVE-2023-4142.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-4142",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file