diff --git a/2023/2xxx/CVE-2023-2602.json b/2023/2xxx/CVE-2023-2602.json index e7966bb882e..f7754f48abb 100644 --- a/2023/2xxx/CVE-2023-2602.json +++ b/2023/2xxx/CVE-2023-2602.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-ad944c2d34", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2023-5911638116", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ] }, diff --git a/2023/2xxx/CVE-2023-2603.json b/2023/2xxx/CVE-2023-2603.json index 7581e055adf..d94691c5e6f 100644 --- a/2023/2xxx/CVE-2023-2603.json +++ b/2023/2xxx/CVE-2023-2603.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-ad944c2d34", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2023-5911638116", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ] }, diff --git a/2023/41xxx/CVE-2023-41963.json b/2023/41xxx/CVE-2023-41963.json new file mode 100644 index 00000000000..72dfa7a9949 --- /dev/null +++ b/2023/41xxx/CVE-2023-41963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47418.json b/2023/47xxx/CVE-2023-47418.json index 51c4e5ca718..1d1afc9ea91 100644 --- a/2023/47xxx/CVE-2023-47418.json +++ b/2023/47xxx/CVE-2023-47418.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47418", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47418", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Onlyning/O2OA", + "refsource": "MISC", + "name": "https://github.com/Onlyning/O2OA" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/Onlyning/0cf7b1c597a36dd3a2e9ec948b881ac8", + "url": "https://gist.github.com/Onlyning/0cf7b1c597a36dd3a2e9ec948b881ac8" } ] } diff --git a/2023/49xxx/CVE-2023-49076.json b/2023/49xxx/CVE-2023-49076.json index e1a654d038b..d5f6cc09c41 100644 --- a/2023/49xxx/CVE-2023-49076.json +++ b/2023/49xxx/CVE-2023-49076.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49076", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pimcore", + "product": { + "product_data": [ + { + "product_name": "customer-data-framework", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-xx63-4jr8-9ghc", + "refsource": "MISC", + "name": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-xx63-4jr8-9ghc" + }, + { + "url": "https://github.com/pimcore/customer-data-framework/commit/ef7414415cfa64189b8433eff0aa2a9b537a89f7.patch", + "refsource": "MISC", + "name": "https://github.com/pimcore/customer-data-framework/commit/ef7414415cfa64189b8433eff0aa2a9b537a89f7.patch" + } + ] + }, + "source": { + "advisory": "GHSA-xx63-4jr8-9ghc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49087.json b/2023/49xxx/CVE-2023-49087.json index b05c3fe12d2..32217b26010 100644 --- a/2023/49xxx/CVE-2023-49087.json +++ b/2023/49xxx/CVE-2023-49087.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49087", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "simplesamlphp", + "product": { + "product_data": [ + { + "product_name": "xml-security", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "= 1.6.11" + }, + { + "version_affected": "=", + "version_value": "= 5.0.0-alpha.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r", + "refsource": "MISC", + "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r" + }, + { + "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581", + "refsource": "MISC", + "name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581" + } + ] + }, + "source": { + "advisory": "GHSA-ww7x-3gxh-qm6r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49140.json b/2023/49xxx/CVE-2023-49140.json new file mode 100644 index 00000000000..1ad344b043d --- /dev/null +++ b/2023/49xxx/CVE-2023-49140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-49140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/49xxx/CVE-2023-49143.json b/2023/49xxx/CVE-2023-49143.json new file mode 100644 index 00000000000..1cdddb03dd3 --- /dev/null +++ b/2023/49xxx/CVE-2023-49143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-49143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/49xxx/CVE-2023-49713.json b/2023/49xxx/CVE-2023-49713.json new file mode 100644 index 00000000000..8ff2a83f441 --- /dev/null +++ b/2023/49xxx/CVE-2023-49713.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-49713", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6345.json b/2023/6xxx/CVE-2023-6345.json index bdd60889009..9dbbba0b941 100644 --- a/2023/6xxx/CVE-2023-6345.json +++ b/2023/6xxx/CVE-2023-6345.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/" } ] } diff --git a/2023/6xxx/CVE-2023-6346.json b/2023/6xxx/CVE-2023-6346.json index 7b4ea09383a..2b61c6e80e7 100644 --- a/2023/6xxx/CVE-2023-6346.json +++ b/2023/6xxx/CVE-2023-6346.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/" } ] } diff --git a/2023/6xxx/CVE-2023-6347.json b/2023/6xxx/CVE-2023-6347.json index 7b119d7b19d..a20aeea859e 100644 --- a/2023/6xxx/CVE-2023-6347.json +++ b/2023/6xxx/CVE-2023-6347.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/" } ] } diff --git a/2023/6xxx/CVE-2023-6350.json b/2023/6xxx/CVE-2023-6350.json index d0729724dd6..21c9ba8a5c8 100644 --- a/2023/6xxx/CVE-2023-6350.json +++ b/2023/6xxx/CVE-2023-6350.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/" } ] } diff --git a/2023/6xxx/CVE-2023-6351.json b/2023/6xxx/CVE-2023-6351.json index f93d0dad1b2..04c30e110a7 100644 --- a/2023/6xxx/CVE-2023-6351.json +++ b/2023/6xxx/CVE-2023-6351.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/" } ] } diff --git a/2023/6xxx/CVE-2023-6395.json b/2023/6xxx/CVE-2023-6395.json new file mode 100644 index 00000000000..4472a41f6e1 --- /dev/null +++ b/2023/6xxx/CVE-2023-6395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file