diff --git a/2023/2xxx/CVE-2023-2190.json b/2023/2xxx/CVE-2023-2190.json index c7d0e63d479..a59a30978c5 100644 --- a/2023/2xxx/CVE-2023-2190.json +++ b/2023/2xxx/CVE-2023-2190.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639: Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.10", + "version_value": "15.11.10" + }, + { + "version_affected": "<", + "version_name": "16.0", + "version_value": "16.0.6" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408137", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/408137" + }, + { + "url": "https://hackerone.com/reports/1944500", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1944500" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.1.1, 16.0.6, 15.11.10 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/34xxx/CVE-2023-34129.json b/2023/34xxx/CVE-2023-34129.json index 21dc7a50f16..4d837252ec4 100644 --- a/2023/34xxx/CVE-2023-34129.json +++ b/2023/34xxx/CVE-2023-34129.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@sonicwall.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SonicWall", + "product": { + "product_data": [ + { + "product_name": "GMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.3.2-SP1 and earlier versions" + } + ] + } + }, + { + "product_name": "Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.5.0.4-R7 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "refsource": "MISC", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "refsource": "MISC", + "name": "https://www.sonicwall.com/support/notices/230710150218060" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/34xxx/CVE-2023-34130.json b/2023/34xxx/CVE-2023-34130.json index 18774293b87..773fe98779a 100644 --- a/2023/34xxx/CVE-2023-34130.json +++ b/2023/34xxx/CVE-2023-34130.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@sonicwall.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SonicWall", + "product": { + "product_data": [ + { + "product_name": "GMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.3.2-SP1 and earlier versions" + } + ] + } + }, + { + "product_name": "Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.5.0.4-R7 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010", + "refsource": "MISC", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010" + }, + { + "url": "https://www.sonicwall.com/support/notices/230710150218060", + "refsource": "MISC", + "name": "https://www.sonicwall.com/support/notices/230710150218060" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37560.json b/2023/37xxx/CVE-2023-37560.json index f05bc9759b8..7fa9cb53b2a 100644 --- a/2023/37xxx/CVE-2023-37560.json +++ b/2023/37xxx/CVE-2023-37560.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRH-300WH-H", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v2.12 and earlier" + } + ] + } + }, + { + "product_name": "WTC-300HWH", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.09 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230711-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230711-01/" + }, + { + "url": "https://jvn.jp/en/jp/JVN05223215/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN05223215/" } ] } diff --git a/2023/37xxx/CVE-2023-37561.json b/2023/37xxx/CVE-2023-37561.json index 164cc361507..40a1c1d3897 100644 --- a/2023/37xxx/CVE-2023-37561.json +++ b/2023/37xxx/CVE-2023-37561.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.\r\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRH-300WH-H", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v2.12 and earlier" + } + ] + } + }, + { + "product_name": "WTC-300HWH", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.09 and earlier" + } + ] + } + }, + { + "product_name": "WTC-C1167GC-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.17 and earlier" + } + ] + } + }, + { + "product_name": "WTC-C1167GC-W", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.17 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230711-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230711-01/" + }, + { + "url": "https://jvn.jp/en/jp/JVN05223215/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN05223215/" } ] } diff --git a/2023/37xxx/CVE-2023-37566.json b/2023/37xxx/CVE-2023-37566.json index 450f8b5416e..63ea3a7c95d 100644 --- a/2023/37xxx/CVE-2023-37566.json +++ b/2023/37xxx/CVE-2023-37566.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary command execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-1167GHBK3-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.24 and earlier" + } + ] + } + }, + { + "product_name": "WRC-1167FEBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.18 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230711-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230711-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91850798/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91850798/" } ] } diff --git a/2023/37xxx/CVE-2023-37567.json b/2023/37xxx/CVE-2023-37567.json index 7aeaad73b85..ab5af0e853f 100644 --- a/2023/37xxx/CVE-2023-37567.json +++ b/2023/37xxx/CVE-2023-37567.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary command execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-1167GHBK3-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.24 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230711-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230711-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91850798/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91850798/" } ] } diff --git a/2023/37xxx/CVE-2023-37568.json b/2023/37xxx/CVE-2023-37568.json index e527f27de15..9418acdd18f 100644 --- a/2023/37xxx/CVE-2023-37568.json +++ b/2023/37xxx/CVE-2023-37568.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary command execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-1167GHBK-S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.03 and earlier" + } + ] + } + }, + { + "product_name": "WRC-1167GEBK-S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.03 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230711-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230711-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91850798/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91850798/" } ] } diff --git a/2023/38xxx/CVE-2023-38190.json b/2023/38xxx/CVE-2023-38190.json new file mode 100644 index 00000000000..2681465f142 --- /dev/null +++ b/2023/38xxx/CVE-2023-38190.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38190", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38191.json b/2023/38xxx/CVE-2023-38191.json new file mode 100644 index 00000000000..648786cbd6f --- /dev/null +++ b/2023/38xxx/CVE-2023-38191.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38191", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38192.json b/2023/38xxx/CVE-2023-38192.json new file mode 100644 index 00000000000..eb3650691fd --- /dev/null +++ b/2023/38xxx/CVE-2023-38192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38193.json b/2023/38xxx/CVE-2023-38193.json new file mode 100644 index 00000000000..0cad9c85ca9 --- /dev/null +++ b/2023/38xxx/CVE-2023-38193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38194.json b/2023/38xxx/CVE-2023-38194.json new file mode 100644 index 00000000000..5df459ef44c --- /dev/null +++ b/2023/38xxx/CVE-2023-38194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38195.json b/2023/38xxx/CVE-2023-38195.json new file mode 100644 index 00000000000..eb25e53f727 --- /dev/null +++ b/2023/38xxx/CVE-2023-38195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38196.json b/2023/38xxx/CVE-2023-38196.json new file mode 100644 index 00000000000..5d80e0098db --- /dev/null +++ b/2023/38xxx/CVE-2023-38196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38197.json b/2023/38xxx/CVE-2023-38197.json new file mode 100644 index 00000000000..a909ef98df3 --- /dev/null +++ b/2023/38xxx/CVE-2023-38197.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-38197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960", + "refsource": "MISC", + "name": "https://codereview.qt-project.org/c/qt/qtbase/+/488960" + } + ] + } +} \ No newline at end of file