diff --git a/2023/34xxx/CVE-2023-34366.json b/2023/34xxx/CVE-2023-34366.json
index 8dd83a8adb1..4b2c1d71591 100644
--- a/2023/34xxx/CVE-2023-34366.json
+++ b/2023/34xxx/CVE-2023-34366.json
@@ -1,17 +1,92 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34366",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "talos-cna@cisco.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-416: Use After Free",
+ "cweId": "CWE-416"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Ichitaro 2023",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Ichitaro 2023",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0.1.59372"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
+ "refsource": "MISC",
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
+ },
+ {
+ "url": "https://jvn.jp/en/jp/JVN28846531/index.html",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/jp/JVN28846531/index.html"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Discovered by a member of Cisco Talos."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/35xxx/CVE-2023-35126.json b/2023/35xxx/CVE-2023-35126.json
index 7e6a1b406ba..67867170487 100644
--- a/2023/35xxx/CVE-2023-35126.json
+++ b/2023/35xxx/CVE-2023-35126.json
@@ -63,6 +63,11 @@
"url": "https://jvn.jp/en/jp/JVN28846531/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN28846531/index.html"
+ },
+ {
+ "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
+ "refsource": "MISC",
+ "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
}
]
},
diff --git a/2023/35xxx/CVE-2023-35986.json b/2023/35xxx/CVE-2023-35986.json
index 74f1d2a9f2b..6b4341a2b4e 100644
--- a/2023/35xxx/CVE-2023-35986.json
+++ b/2023/35xxx/CVE-2023-35986.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-35986",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-121 Stack-based Buffer Overflow",
+ "cweId": "CWE-121"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Santesoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Sante DICOM Viewer Pro",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "12.2.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSMA-23-285-01",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nSantesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v12.2.6.\n\n
"
+ }
+ ],
+ "value": "\nSantesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v12.2.6 https://santesoft.com/win/sante-dicom-viewer-pro/download.html .\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/38xxx/CVE-2023-38127.json b/2023/38xxx/CVE-2023-38127.json
index e6bea0c8dc2..e9a80eeb184 100644
--- a/2023/38xxx/CVE-2023-38127.json
+++ b/2023/38xxx/CVE-2023-38127.json
@@ -1,17 +1,92 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38127",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "talos-cna@cisco.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-190: Integer Overflow or Wraparound",
+ "cweId": "CWE-190"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Ichitaro 2023",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Ichitaro 2023",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0.1.59372"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
+ "refsource": "MISC",
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
+ },
+ {
+ "url": "https://jvn.jp/en/jp/JVN28846531/index.html",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/jp/JVN28846531/index.html"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Discovered by a member of Cisco Talos."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/38xxx/CVE-2023-38128.json b/2023/38xxx/CVE-2023-38128.json
index f5c458213d8..dbd4f3efdd3 100644
--- a/2023/38xxx/CVE-2023-38128.json
+++ b/2023/38xxx/CVE-2023-38128.json
@@ -1,17 +1,92 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38128",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "talos-cna@cisco.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')",
+ "cweId": "CWE-843"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Ichitaro 2023",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Ichitaro 2023",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0.1.59372"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
+ "refsource": "MISC",
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
+ },
+ {
+ "url": "https://jvn.jp/en/jp/JVN28846531/index.html",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/jp/JVN28846531/index.html"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Discovered by a member of Cisco Talos."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/39xxx/CVE-2023-39431.json b/2023/39xxx/CVE-2023-39431.json
index 4cad44633e3..04faca5076b 100644
--- a/2023/39xxx/CVE-2023-39431.json
+++ b/2023/39xxx/CVE-2023-39431.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39431",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\n\n\nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Santesoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Sante DICOM Viewer Pro",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "12.2.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSMA-23-285-01",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nSantesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v12.2.6.\n\n
"
+ }
+ ],
+ "value": "\nSantesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v12.2.6 https://santesoft.com/win/sante-dicom-viewer-pro/download.html .\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5059.json b/2023/5xxx/CVE-2023-5059.json
index 8273075f6bd..d6d0b0ca6d1 100644
--- a/2023/5xxx/CVE-2023-5059.json
+++ b/2023/5xxx/CVE-2023-5059.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5059",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\n\n\n\n\nSantesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125 Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Santesoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Sante FFT Imaging",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "v1.4.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-02",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-02"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSMA-23-285-02",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\n\n\nSantesoft has released an updated version of their product and recommends users update to Sante FFT Imaging to v1.4.1.\n\n\n\n
"
+ }
+ ],
+ "value": "\n\n\nSantesoft has released an updated version of their product and recommends users update to Sante FFT Imaging to v1.4.1 https://santesoft.com/win/sante-fft-imaging/download.html .\n\n\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}