diff --git a/2023/20xxx/CVE-2023-20569.json b/2023/20xxx/CVE-2023-20569.json index e84e8ad98d5..bdb9c591a49 100644 --- a/2023/20xxx/CVE-2023-20569.json +++ b/2023/20xxx/CVE-2023-20569.json @@ -554,6 +554,11 @@ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005", "refsource": "MISC", "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005" + }, + { + "url": "http://xenbits.xen.org/xsa/advisory-434.html", + "refsource": "MISC", + "name": "http://xenbits.xen.org/xsa/advisory-434.html" } ] }, diff --git a/2023/35xxx/CVE-2023-35391.json b/2023/35xxx/CVE-2023-35391.json index 3a20c0c82be..35252dc02dc 100644 --- a/2023/35xxx/CVE-2023-35391.json +++ b/2023/35xxx/CVE-2023-35391.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2022 version 17.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.2.0", + "version_value": "17.2.18" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.4.0", + "version_value": "17.4.10" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.6.0", + "version_value": "17.6.6" + } + ] + } + }, + { + "product_name": "ASP.NET Core 2.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0", + "version_value": "2.1.40" + } + ] + } + }, + { + "product_name": ".NET 6.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.21" + } + ] + } + }, + { + "product_name": ".NET 7.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.0.0", + "version_value": "7.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36873.json b/2023/36xxx/CVE-2023-36873.json index fd925e71401..aef9e2f98cb 100644 --- a/2023/36xxx/CVE-2023-36873.json +++ b/2023/36xxx/CVE-2023-36873.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ".NET Framework Spoofing Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework 4.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.8.0", + "version_value": "4.8.4654.06" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.8.0", + "version_value": "3.5.4654.08" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.7.0", + "version_value": "3.5.04057.05" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.7.0", + "version_value": "4.7.04057.05" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.8.1", + "version_value": "3.5.09176.01" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.7.0", + "version_value": "4.7.04057.05" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.4, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36884.json b/2023/36xxx/CVE-2023-36884.json index deb49134055..5a2392b0cec 100644 --- a/2023/36xxx/CVE-2023-36884.json +++ b/2023/36xxx/CVE-2023-36884.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Windows Search Security Feature Bypass Vulnerability" + "value": "Windows Search Remote Code Execution Vulnerability" } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Information Disclosure" + "value": "Remote Code Execution" } ] } @@ -312,7 +312,7 @@ "version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C" + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C" } ] } diff --git a/2023/36xxx/CVE-2023-36899.json b/2023/36xxx/CVE-2023-36899.json index 67da99f6cc5..6caeb63248d 100644 --- a/2023/36xxx/CVE-2023-36899.json +++ b/2023/36xxx/CVE-2023-36899.json @@ -1,17 +1,145 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ASP.NET Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework 4.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.8.0", + "version_value": "4.8.4654.06" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.8.0", + "version_value": "4.8.04654.06" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.7.0", + "version_value": "4.7.04057.05" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.8.1", + "version_value": "4.8.09176.01" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.7.0", + "version_value": "4.7.4057.05" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.7.0", + "version_value": "4.7.04057.05" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 2.0 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.0", + "version_value": "2.0.50727.8974" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C" } ] } diff --git a/2023/38xxx/CVE-2023-38180.json b/2023/38xxx/CVE-2023-38180.json index bbf2b4414e0..2530a1c764c 100644 --- a/2023/38xxx/CVE-2023-38180.json +++ b/2023/38xxx/CVE-2023-38180.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ".NET and Visual Studio Denial of Service Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core 2.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0", + "version_value": "2.1.40" + } + ] + } + }, + { + "product_name": ".NET 6.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.21" + } + ] + } + }, + { + "product_name": ".NET 7.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.0.0", + "version_value": "7.0.10" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.2.0", + "version_value": "17.2.18" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.4.0", + "version_value": "17.4.10" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2022 version 17.6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.6.0", + "version_value": "17.6.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C" } ] } diff --git a/2023/38xxx/CVE-2023-38815.json b/2023/38xxx/CVE-2023-38815.json index 27c2bfb2684..1442d5747ef 100644 --- a/2023/38xxx/CVE-2023-38815.json +++ b/2023/38xxx/CVE-2023-38815.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-38815", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-40042. Reason: This candidate is a reservation duplicate of CVE-2023-40042. Notes: All CVE users should reference CVE-2023-40042 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2023/39xxx/CVE-2023-39518.json b/2023/39xxx/CVE-2023-39518.json index 2f329f594fc..b34e4810406 100644 --- a/2023/39xxx/CVE-2023-39518.json +++ b/2023/39xxx/CVE-2023-39518.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "fobybus", + "product": { + "product_data": [ + { + "product_name": "social-media-skeleton", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.0.0, < 1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-2jxx-r967-f76p", + "refsource": "MISC", + "name": "https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-2jxx-r967-f76p" + }, + { + "url": "https://github.com/fobybus/social-media-skeleton/pull/4", + "refsource": "MISC", + "name": "https://github.com/fobybus/social-media-skeleton/pull/4" + }, + { + "url": "https://github.com/fobybus/social-media-skeleton/commit/6765d1109016e1f1d707ef47917927c7704e6428", + "refsource": "MISC", + "name": "https://github.com/fobybus/social-media-skeleton/commit/6765d1109016e1f1d707ef47917927c7704e6428" + } + ] + }, + "source": { + "advisory": "GHSA-2jxx-r967-f76p", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39533.json b/2023/39xxx/CVE-2023-39533.json index ac71b5114ea..1f93247d897 100644 --- a/2023/39xxx/CVE-2023-39533.json +++ b/2023/39xxx/CVE-2023-39533.json @@ -1,17 +1,128 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libp2p", + "product": { + "product_data": [ + { + "product_name": "go-libp2p", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.27.8" + }, + { + "version_affected": "=", + "version_value": ">= 0.28.0, < 0.28.2" + }, + { + "version_affected": "=", + "version_value": "= 0.29.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libp2p/go-libp2p/security/advisories/GHSA-876p-8259-xjgg", + "refsource": "MISC", + "name": "https://github.com/libp2p/go-libp2p/security/advisories/GHSA-876p-8259-xjgg" + }, + { + "url": "https://github.com/golang/go/issues/61460", + "refsource": "MISC", + "name": "https://github.com/golang/go/issues/61460" + }, + { + "url": "https://github.com/libp2p/go-libp2p/pull/2454", + "refsource": "MISC", + "name": "https://github.com/libp2p/go-libp2p/pull/2454" + }, + { + "url": "https://github.com/quic-go/quic-go/pull/4012", + "refsource": "MISC", + "name": "https://github.com/quic-go/quic-go/pull/4012" + }, + { + "url": "https://github.com/golang/go/commit/2350afd2e8ab054390e284c95d5b089c142db017", + "refsource": "MISC", + "name": "https://github.com/golang/go/commit/2350afd2e8ab054390e284c95d5b089c142db017" + }, + { + "url": "https://github.com/libp2p/go-libp2p/commit/0cce607219f3710addc7e18672cffd1f1d912fbb", + "refsource": "MISC", + "name": "https://github.com/libp2p/go-libp2p/commit/0cce607219f3710addc7e18672cffd1f1d912fbb" + }, + { + "url": "https://github.com/libp2p/go-libp2p/commit/445be526aea4ee0b1fa5388aa65d32b2816d3a00", + "refsource": "MISC", + "name": "https://github.com/libp2p/go-libp2p/commit/445be526aea4ee0b1fa5388aa65d32b2816d3a00" + }, + { + "url": "https://github.com/libp2p/go-libp2p/commit/e30fcf7dfd4715ed89a5e68d7a4f774d3b9aa92d", + "refsource": "MISC", + "name": "https://github.com/libp2p/go-libp2p/commit/e30fcf7dfd4715ed89a5e68d7a4f774d3b9aa92d" + } + ] + }, + "source": { + "advisory": "GHSA-876p-8259-xjgg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40038.json b/2023/40xxx/CVE-2023-40038.json new file mode 100644 index 00000000000..8f8cbf19260 --- /dev/null +++ b/2023/40xxx/CVE-2023-40038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40039.json b/2023/40xxx/CVE-2023-40039.json new file mode 100644 index 00000000000..8c6f2bbc86c --- /dev/null +++ b/2023/40xxx/CVE-2023-40039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40040.json b/2023/40xxx/CVE-2023-40040.json new file mode 100644 index 00000000000..890f56bb47b --- /dev/null +++ b/2023/40xxx/CVE-2023-40040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40041.json b/2023/40xxx/CVE-2023-40041.json new file mode 100644 index 00000000000..63a62e25353 --- /dev/null +++ b/2023/40xxx/CVE-2023-40041.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-40041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/lib-cste_modules-wps.md", + "refsource": "MISC", + "name": "https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/lib-cste_modules-wps.md" + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40042.json b/2023/40xxx/CVE-2023-40042.json new file mode 100644 index 00000000000..ca206061d46 --- /dev/null +++ b/2023/40xxx/CVE-2023-40042.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-40042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.totolink.cn", + "refsource": "MISC", + "name": "http://www.totolink.cn" + }, + { + "url": "https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/setStaticDhcpConfig.md", + "refsource": "MISC", + "name": "https://github.com/Korey0sh1/IoT_vuln/blob/main/TOTOLINK/T10_V2/setStaticDhcpConfig.md" + }, + { + "url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/172/ids/36.html", + "refsource": "MISC", + "name": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/172/ids/36.html" + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4246.json b/2023/4xxx/CVE-2023-4246.json new file mode 100644 index 00000000000..e51a3055e61 --- /dev/null +++ b/2023/4xxx/CVE-2023-4246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4247.json b/2023/4xxx/CVE-2023-4247.json new file mode 100644 index 00000000000..18580aaca7e --- /dev/null +++ b/2023/4xxx/CVE-2023-4247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4248.json b/2023/4xxx/CVE-2023-4248.json new file mode 100644 index 00000000000..7c514dd449a --- /dev/null +++ b/2023/4xxx/CVE-2023-4248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file