diff --git a/2022/41xxx/CVE-2022-41677.json b/2022/41xxx/CVE-2022-41677.json index 61ed64dbb62..d29c4898210 100644 --- a/2022/41xxx/CVE-2022-41677.json +++ b/2022/41xxx/CVE-2022-41677.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "Camera Firmware", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "8.80" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html", + "refsource": "MISC", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/45xxx/CVE-2022-45611.json b/2022/45xxx/CVE-2022-45611.json index aadbd38e2d7..c56689a2cfb 100644 --- a/2022/45xxx/CVE-2022-45611.json +++ b/2022/45xxx/CVE-2022-45611.json @@ -56,6 +56,11 @@ "url": "https://www.fresenius-kabi.com/de-at/produkte/pharmahelp-compounder", "refsource": "MISC", "name": "https://www.fresenius-kabi.com/de-at/produkte/pharmahelp-compounder" + }, + { + "refsource": "MISC", + "name": "https://www.fresenius.com/sites/default/files/2023-11/Fresenius%20-%20CVE-2022-45611.pdf", + "url": "https://www.fresenius.com/sites/default/files/2023-11/Fresenius%20-%20CVE-2022-45611.pdf" } ] } diff --git a/2023/3xxx/CVE-2023-3430.json b/2023/3xxx/CVE-2023-3430.json index 2c878116288..166241d11fc 100644 --- a/2023/3xxx/CVE-2023-3430.json +++ b/2023/3xxx/CVE-2023-3430.json @@ -1,17 +1,121 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenImageIO", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.4.12.0", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Extra Packages for Enterprise Linux", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218380", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218380" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3628.json b/2023/3xxx/CVE-2023-3628.json index ab6f1de287e..820c146371c 100644 --- a/2023/3xxx/CVE-2023-3628.json +++ b/2023/3xxx/CVE-2023-3628.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Critical Step in Authentication", + "cweId": "CWE-304" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "infinispan", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Data Grid 8.4.4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:5396", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:5396" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3628", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-3628" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217924", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2217924" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3629.json b/2023/3xxx/CVE-2023-3629.json index 9826690401c..6ff3e2f7075 100644 --- a/2023/3xxx/CVE-2023-3629.json +++ b/2023/3xxx/CVE-2023-3629.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Critical Step in Authentication", + "cweId": "CWE-304" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "infinispan", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Data Grid 8.4.4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:5396", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:5396" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3629", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-3629" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217926", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2217926" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47038.json b/2023/47xxx/CVE-2023-47038.json index 51e6b1d7d38..22ae6fca776 100644 --- a/2023/47xxx/CVE-2023-47038.json +++ b/2023/47xxx/CVE-2023-47038.json @@ -1,17 +1,213 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "perl", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.32.1", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-47038", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-47038" + }, + { + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4320.json b/2023/4xxx/CVE-2023-4320.json index 58ff00558ae..c7a3a0eb639 100644 --- a/2023/4xxx/CVE-2023-4320.json +++ b/2023/4xxx/CVE-2023-4320.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4320", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "satellite", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.13", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Satellite 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4320", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4320" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231814", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2231814" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5056.json b/2023/5xxx/CVE-2023-5056.json index 9bbc07891bd..797d7e0a1b8 100644 --- a/2023/5xxx/CVE-2023-5056.json +++ b/2023/5xxx/CVE-2023-5056.json @@ -1,17 +1,191 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "skupper-operator", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Service Interconnect 1 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.4.3-5", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.4.3-5", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.4.3-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.4.3-3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.4.3-4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.4.3-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:6219", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:6219" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-5056", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-5056" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239517", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2239517" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5115.json b/2023/5xxx/CVE-2023-5115.json index 83edd2eea3c..985549b82e3 100644 --- a/2023/5xxx/CVE-2023-5115.json +++ b/2023/5xxx/CVE-2023-5115.json @@ -1,17 +1,212 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ansible", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.14.11", + "status": "unaffected" + } + ] + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Ansible Automation Platform 2.3 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.14.11-1.el8ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Ansible Automation Platform 2.3 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.14.11-1.el9ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.15.5-1.el8ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:2.15.5-1.el9ap", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Ansible Automation Platform 1.2", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:5701", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:5701" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5758", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:5758" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-5115", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-5115" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5236.json b/2023/5xxx/CVE-2023-5236.json index 00d114dfd42..69d2f85fecc 100644 --- a/2023/5xxx/CVE-2023-5236.json +++ b/2023/5xxx/CVE-2023-5236.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Modules with Circular Dependencies", + "cweId": "CWE-1047" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "infinispan-server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Data Grid 8.4.4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Data Grid 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:5396", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:5396" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-5236", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-5236" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240999", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2240999" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5384.json b/2023/5xxx/CVE-2023-5384.json index e2d6d6cf1af..f0995d50913 100644 --- a/2023/5xxx/CVE-2023-5384.json +++ b/2023/5xxx/CVE-2023-5384.json @@ -1,17 +1,119 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5384", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "infinispan", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Data Grid 8.4.6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7676", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:7676" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-5384", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-5384" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "The issue's impact is limited because only users with administrator permissions can retrieve the cache configurations, and the recommended approach for connecting via JDBC is using the `datasource` configuration, which does not expose the database credentials." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6228.json b/2023/6xxx/CVE-2023-6228.json index e0679ba5483..160532f6888 100644 --- a/2023/6xxx/CVE-2023-6228.json +++ b/2023/6xxx/CVE-2023-6228.json @@ -1,17 +1,191 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6228", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libtiff", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6228", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-6228" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240995", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2240995" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6919.json b/2023/6xxx/CVE-2023-6919.json new file mode 100644 index 00000000000..5a25e00feaa --- /dev/null +++ b/2023/6xxx/CVE-2023-6919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file