diff --git a/2021/1xxx/CVE-2021-1842.json b/2021/1xxx/CVE-2021-1842.json index 1e3c29b174d..2bcf3503fa3 100644 --- a/2021/1xxx/CVE-2021-1842.json +++ b/2021/1xxx/CVE-2021-1842.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-1842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate is unused by its CNA." } ] } diff --git a/2022/38xxx/CVE-2022-38112.json b/2022/38xxx/CVE-2022-38112.json index 1768cc0b064..deeed7b6aaa 100644 --- a/2022/38xxx/CVE-2022-38112.json +++ b/2022/38xxx/CVE-2022-38112.json @@ -1,15 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@solarwinds.com", - "DATE_PUBLIC": "2023-01-18T21:21:00.000Z", "ID": "CVE-2022-38112", - "STATE": "PUBLIC", - "TITLE": "Sensitive Information Disclosure Vulnerability" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "SolarWinds", "product": { "product_data": [ { @@ -25,75 +48,60 @@ } } ] - }, - "vendor_name": "SolarWinds" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext." + "url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38112", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38112" } ] }, "generator": { "engine": "vulnogram 0.1.0-rc1" }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-312 Cleartext Storage of Sensitive Information" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm", - "name": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm" - }, - { - "refsource": "MISC", - "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38112", - "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38112" - } - ] + "source": { + "discovery": "UNKNOWN" }, "solution": [ { - "lang": "eng", - "value": "SolarWinds has released a Service Release to address this vulnerability in Database Performance Analyzer (DPA) 2023.1" + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

SolarWinds has released a Service Release to address this vulnerability in Database Performance Analyzer (DPA) 2023.1

" + } + ], + "value": "SolarWinds has released a Service Release to address this vulnerability in Database Performance Analyzer (DPA) 2023.1\n\n" } ], - "source": { - "discovery": "UNKNOWN" + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1576.json b/2023/1xxx/CVE-2023-1576.json index 7713a44d2e3..8801c44270e 100644 --- a/2023/1xxx/CVE-2023-1576.json +++ b/2023/1xxx/CVE-2023-1576.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Heap buffer overflow in CPP/7zip/Archive/Zip/ZipIn.cpp:1116 in NArchive::NZip::CInArchive::FindCd(bool) was found in p7zip 16.02.\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "p7zip", + "product": { + "product_data": [ + { + "product_name": "p7zip", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/p7zip/bugs/241/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/p7zip/bugs/241/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31284.json b/2023/31xxx/CVE-2023-31284.json index 403c118a07b..2acea1d8e28 100644 --- a/2023/31xxx/CVE-2023-31284.json +++ b/2023/31xxx/CVE-2023-31284.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20230913 Re: illumos (or at least danmcd) membership in the distros list", "url": "http://www.openwall.com/lists/oss-security/2023/09/13/5" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230914 Re: illumos (or at least danmcd) membership in the distros list", + "url": "http://www.openwall.com/lists/oss-security/2023/09/14/4" } ] } diff --git a/2023/40xxx/CVE-2023-40779.json b/2023/40xxx/CVE-2023-40779.json index bc9660368d2..7575077d058 100644 --- a/2023/40xxx/CVE-2023-40779.json +++ b/2023/40xxx/CVE-2023-40779.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-40779", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-40779", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@muthumohanprasath.r/open-redirection-vulnerability-on-icewarp-webclient-product-cve-2023-40779-61176503710", + "url": "https://medium.com/@muthumohanprasath.r/open-redirection-vulnerability-on-icewarp-webclient-product-cve-2023-40779-61176503710" } ] } diff --git a/2023/41xxx/CVE-2023-41010.json b/2023/41xxx/CVE-2023-41010.json index 2295a836ca8..0250b31778c 100644 --- a/2023/41xxx/CVE-2023-41010.json +++ b/2023/41xxx/CVE-2023-41010.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41010", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41010", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/te5tb99/For-submitting/wiki/China-Telecom-Tianyi-Home-Gateway-TEWA%E2%80%90700G", + "refsource": "MISC", + "name": "https://github.com/te5tb99/For-submitting/wiki/China-Telecom-Tianyi-Home-Gateway-TEWA%E2%80%90700G" } ] } diff --git a/2023/41xxx/CVE-2023-41267.json b/2023/41xxx/CVE-2023-41267.json index 84e66a486a2..f13df688ad3 100644 --- a/2023/41xxx/CVE-2023-41267.json +++ b/2023/41xxx/CVE-2023-41267.json @@ -64,6 +64,11 @@ "url": "https://lists.apache.org/thread/ggthr5pn42bn6wcr25hxnykjzh4ntw7z", "refsource": "MISC", "name": "https://lists.apache.org/thread/ggthr5pn42bn6wcr25hxnykjzh4ntw7z" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/14/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/14/3" } ] }, diff --git a/2023/4xxx/CVE-2023-4832.json b/2023/4xxx/CVE-2023-4832.json index 91b22023f90..2b65c4ac46c 100644 --- a/2023/4xxx/CVE-2023-4832.json +++ b/2023/4xxx/CVE-2023-4832.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072 .\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Aceka", + "product": { + "product_data": [ + { + "product_name": "Company Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3072 " + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0523", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0523" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0523", + "defect": [ + "TR-23-0523" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Omer Fatih YEGIN" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4969.json b/2023/4xxx/CVE-2023-4969.json new file mode 100644 index 00000000000..f52b0657696 --- /dev/null +++ b/2023/4xxx/CVE-2023-4969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file