From 5fff963afc42f0e20fd202481721fa970887ad1d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 27 Oct 2023 22:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/42xxx/CVE-2023-42406.json | 5 +++ 2023/46xxx/CVE-2023-46490.json | 61 ++++++++++++++++++++++++--- 2023/5xxx/CVE-2023-5834.json | 76 ++++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5835.json | 18 ++++++++ 4 files changed, 150 insertions(+), 10 deletions(-) create mode 100644 2023/5xxx/CVE-2023-5835.json diff --git a/2023/42xxx/CVE-2023-42406.json b/2023/42xxx/CVE-2023-42406.json index bf3594d609c..7844e06f42f 100644 --- a/2023/42xxx/CVE-2023-42406.json +++ b/2023/42xxx/CVE-2023-42406.json @@ -56,6 +56,11 @@ "url": "https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_sql_:sysmanage:editrole.php.md", "refsource": "MISC", "name": "https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_sql_:sysmanage:editrole.php.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/1dreamGN/CVE/blob/main/CVE-2023-42406.md", + "url": "https://github.com/1dreamGN/CVE/blob/main/CVE-2023-42406.md" } ] } diff --git a/2023/46xxx/CVE-2023-46490.json b/2023/46xxx/CVE-2023-46490.json index 62961092abb..9a6fe004d9a 100644 --- a/2023/46xxx/CVE-2023-46490.json +++ b/2023/46xxx/CVE-2023-46490.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46490", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46490", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53", + "url": "https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53" } ] } diff --git a/2023/5xxx/CVE-2023-5834.json b/2023/5xxx/CVE-2023-5834.json index 4e332142a79..4c26506a28c 100644 --- a/2023/5xxx/CVE-2023-5834.json +++ b/2023/5xxx/CVE-2023-5834.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@hashicorp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1386: Insecure Operation on Windows Junction / Mount Point", + "cweId": "CWE-1386" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HashiCorp", + "product": { + "product_data": [ + { + "product_name": "Vagrant", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "2.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568", + "refsource": "MISC", + "name": "https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "LOW", + "baseScore": 3.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ] } diff --git a/2023/5xxx/CVE-2023-5835.json b/2023/5xxx/CVE-2023-5835.json new file mode 100644 index 00000000000..50b56fb85c7 --- /dev/null +++ b/2023/5xxx/CVE-2023-5835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file