From 606a4bf89395ef596ebff3b3bea1968129c0057d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 3 Feb 2023 03:01:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0587.json | 67 +++++++++++++++++----------------- 2023/0xxx/CVE-2023-0634.json | 62 ++++++++++++++++--------------- 2023/23xxx/CVE-2023-23119.json | 65 +++++++++++++++++---------------- 2023/23xxx/CVE-2023-23120.json | 59 +++++++++++++++--------------- 2023/23xxx/CVE-2023-23127.json | 61 ++++++++++++++++--------------- 2023/23xxx/CVE-2023-23128.json | 61 ++++++++++++++++--------------- 6 files changed, 191 insertions(+), 184 deletions(-) diff --git a/2023/0xxx/CVE-2023-0587.json b/2023/0xxx/CVE-2023-0587.json index 54ff7d4a6d9..74047ffcacd 100644 --- a/2023/0xxx/CVE-2023-0587.json +++ b/2023/0xxx/CVE-2023-0587.json @@ -1,34 +1,19 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0587", "ASSIGNER": "security@trendmicro.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Trend Micro Apex One", - "version": { - "version_data": [ - { - "version_value": "Build 11110" - } - ] - } - } - ] - } - } - ] - } + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \\PCCSRV\\TEMP\\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed." + } + ] }, "problemtype": { "problemtype_data": [ @@ -42,20 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "Build 11110", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { + "url": "https://www.tenable.com/security/research/tra-2023-5", "refsource": "MISC", - "name": "https://www.tenable.com/security/research/tra-2023-5", - "url": "https://www.tenable.com/security/research/tra-2023-5" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \\PCCSRV\\TEMP\\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed." + "name": "https://www.tenable.com/security/research/tra-2023-5" } ] } diff --git a/2023/0xxx/CVE-2023-0634.json b/2023/0xxx/CVE-2023-0634.json index 45ef0bb8e36..85dd6c08d55 100644 --- a/2023/0xxx/CVE-2023-0634.json +++ b/2023/0xxx/CVE-2023-0634.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0634", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "shadow-utils-4.11.1" + "version_value": "shadow-utils-4.11.1", + "version_affected": "=" } ] } @@ -30,47 +52,27 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-476" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166544", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2166544", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166544" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2166544" }, { + "url": "https://access.redhat.com/security/cve/CVE-2023-0634", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2023-0634", - "url": "https://access.redhat.com/security/cve/CVE-2023-0634" + "name": "https://access.redhat.com/security/cve/CVE-2023-0634" }, { + "url": "https://github.com/shadow-maint/shadow/pull/642", "refsource": "MISC", - "name": "https://github.com/shadow-maint/shadow/pull/642", - "url": "https://github.com/shadow-maint/shadow/pull/642" + "name": "https://github.com/shadow-maint/shadow/pull/642" }, { + "url": "https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/", "refsource": "MISC", - "name": "https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/", - "url": "https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command." + "name": "https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/" } ] } diff --git a/2023/23xxx/CVE-2023-23119.json b/2023/23xxx/CVE-2023-23119.json index 3c1b3cc1eae..4bdbac12b0d 100644 --- a/2023/23xxx/CVE-2023-23119.json +++ b/2023/23xxx/CVE-2023-23119.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-23119", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,17 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ - { - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SkYce4f5o", - "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/SkYce4f5o" - }, { "url": "https://community.ui.com/tags/security/releases", "refsource": "MISC", "name": "https://community.ui.com/tags/security/releases" + }, + { + "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SkYce4f5o", + "refsource": "MISC", + "name": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SkYce4f5o" } ] } diff --git a/2023/23xxx/CVE-2023-23120.json b/2023/23xxx/CVE-2023-23120.json index 27f543aff8d..feac64fc20d 100644 --- a/2023/23xxx/CVE-2023-23120.json +++ b/2023/23xxx/CVE-2023-23120.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-23120", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,9 +59,9 @@ "name": "https://www.trendnet.com/support/" }, { - "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HJl1oFzci", + "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HJl1oFzci", "refsource": "MISC", - "name": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HJl1oFzci" + "name": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HJl1oFzci" } ] } diff --git a/2023/23xxx/CVE-2023-23127.json b/2023/23xxx/CVE-2023-23127.json index 65ecf87e526..162b9f4a184 100644 --- a/2023/23xxx/CVE-2023-23127.json +++ b/2023/23xxx/CVE-2023-23127.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-23127", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting." + "value": "** DISPUTED **In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting." } ] }, @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { + "url": "https://github.com/l00neyhacker/CVE-2023-23127", "refsource": "MISC", - "name": "https://github.com/l00neyhacker/CVE-2023-23127", - "url": "https://github.com/l00neyhacker/CVE-2023-23127" + "name": "https://github.com/l00neyhacker/CVE-2023-23127" } ] } diff --git a/2023/23xxx/CVE-2023-23128.json b/2023/23xxx/CVE-2023-23128.json index 37a79d20f9c..27b36893837 100644 --- a/2023/23xxx/CVE-2023-23128.json +++ b/2023/23xxx/CVE-2023-23128.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2023-23128", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid." + "value": "** DISPUTED **Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid." } ] }, @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { + "url": "https://github.com/l00neyhacker/CVE-2023-23128", "refsource": "MISC", - "name": "https://github.com/l00neyhacker/CVE-2023-23128", - "url": "https://github.com/l00neyhacker/CVE-2023-23128" + "name": "https://github.com/l00neyhacker/CVE-2023-23128" } ] }