diff --git a/2022/39xxx/CVE-2022-39986.json b/2022/39xxx/CVE-2022-39986.json index 2eaaf658b5d..30df39abea0 100644 --- a/2022/39xxx/CVE-2022-39986.json +++ b/2022/39xxx/CVE-2022-39986.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-39986", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-39986", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php", + "refsource": "MISC", + "name": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2", + "url": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2" } ] } diff --git a/2022/39xxx/CVE-2022-39987.json b/2022/39xxx/CVE-2022-39987.json index a5efd2f0b02..c5f1638358e 100644 --- a/2022/39xxx/CVE-2022-39987.json +++ b/2022/39xxx/CVE-2022-39987.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-39987", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-39987", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the \"entity\" POST parameters in /ajax/networking/get_wgkey.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php", + "refsource": "MISC", + "name": "https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2", + "url": "https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2" } ] } diff --git a/2023/31xxx/CVE-2023-31710.json b/2023/31xxx/CVE-2023-31710.json index 8fe5b12c0df..a08e86c42c0 100644 --- a/2023/31xxx/CVE-2023-31710.json +++ b/2023/31xxx/CVE-2023-31710.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31710", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31710", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/xiaobye-ctf/My-CVE/tree/main/TP-Link/CVE-2023-31710", + "url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/TP-Link/CVE-2023-31710" } ] } diff --git a/2023/34xxx/CVE-2023-34634.json b/2023/34xxx/CVE-2023-34634.json index b650ca238f7..f03e98eae2e 100644 --- a/2023/34xxx/CVE-2023-34634.json +++ b/2023/34xxx/CVE-2023-34634.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34634", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34634", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://greenshot.atlassian.net/browse/BUG-3061", + "refsource": "MISC", + "name": "https://greenshot.atlassian.net/browse/BUG-3061" + }, + { + "url": "https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c", + "refsource": "MISC", + "name": "https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51633", + "url": "https://www.exploit-db.com/exploits/51633" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html" } ] } diff --git a/2023/39xxx/CVE-2023-39108.json b/2023/39xxx/CVE-2023-39108.json index 633c424f645..4083479f037 100644 --- a/2023/39xxx/CVE-2023-39108.json +++ b/2023/39xxx/CVE-2023-39108.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39108", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39108", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_b.md", + "refsource": "MISC", + "name": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_b.md" } ] } diff --git a/2023/39xxx/CVE-2023-39109.json b/2023/39xxx/CVE-2023-39109.json index 4d08392b1ea..29ce6827c25 100644 --- a/2023/39xxx/CVE-2023-39109.json +++ b/2023/39xxx/CVE-2023-39109.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39109", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_a.md", + "refsource": "MISC", + "name": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_a.md" } ] } diff --git a/2023/39xxx/CVE-2023-39110.json b/2023/39xxx/CVE-2023-39110.json index 7478af9b958..e455b952b91 100644 --- a/2023/39xxx/CVE-2023-39110.json +++ b/2023/39xxx/CVE-2023-39110.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39110", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39110", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_%20ajaxGetFileByPath.md", + "refsource": "MISC", + "name": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_%20ajaxGetFileByPath.md" } ] } diff --git a/2023/3xxx/CVE-2023-3117.json b/2023/3xxx/CVE-2023-3117.json index 1bf08162f01..e06bb6e6e0b 100644 --- a/2023/3xxx/CVE-2023-3117.json +++ b/2023/3xxx/CVE-2023-3117.json @@ -1,61 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3117", "ASSIGNER": "secalert@redhat.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Kernel", - "version": { - "version_data": [ - { - "version_value": "kernel 6.4-rc7" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97" - } - ] + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system." + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. \u00a0ConsultIDs: CVE-2023-3390. \u00a0Reason: This record is a duplicate of CVE-2023-3390. \u00a0Notes: All CVE users should reference CVE-2023-3390 instead of this record. \u00a0All references and descriptions in this record have been removed to prevent accidental usage." } ] } diff --git a/2023/4xxx/CVE-2023-4041.json b/2023/4xxx/CVE-2023-4041.json new file mode 100644 index 00000000000..53a756786c0 --- /dev/null +++ b/2023/4xxx/CVE-2023-4041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file