diff --git a/2022/36xxx/CVE-2022-36784.json b/2022/36xxx/CVE-2022-36784.json
index e518dbc0d36..40c98cd61b0 100644
--- a/2022/36xxx/CVE-2022-36784.json
+++ b/2022/36xxx/CVE-2022-36784.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Elsight \u2013 Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution."
+ "value": "\nElsight \u2013 Elsight Halo \u00a0Remote Code Execution (RCE)\nElsight Halo web panel allows us to perform connection validation.\nthrough the POST request :\n/api/v1/nics/wifi/wlan0/ping\nwe can abuse DESTINATION parameter and leverage it to remote code execution.\n\n"
}
]
},
@@ -35,12 +35,13 @@
"product": {
"product_data": [
{
- "product_name": "Elsight Halo ",
+ "product_name": "Elsight Halo",
"version": {
"version_data": [
{
- "version_value": "10.6.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": "Update to version 10.6.1"
}
]
}
@@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0055",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"solution": [
{
@@ -83,23 +84,23 @@
"credits": [
{
"lang": "en",
- "value": "Dudu Moyal ,Moriel Harush"
+ "value": "Dudu Moyal ,Moriel Harush "
}
],
"impact": {
"cvss": [
{
- "attackComplexity": "HIGH",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 5.5,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
- "scope": "CHANGED",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
"userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
diff --git a/2022/36xxx/CVE-2022-36785.json b/2022/36xxx/CVE-2022-36785.json
index ea7c2dbec7b..d47fcf88530 100644
--- a/2022/36xxx/CVE-2022-36785.json
+++ b/2022/36xxx/CVE-2022-36785.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "D-Link \u2013 G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure \u2013 file contains a URL with private IP at line 15 \"login.asp\" A. The window.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ; \"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at *Authorization Bypass \u2013 URL by \"setupWizard.asp' while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface."
+ "value": "\nD-Link \u2013 G integrated Access Device4 Information Disclosure & Authorization Bypass.\n*Information Disclosure \u2013 \nfile contains a URL with private IP at line 15 \"login.asp\" A. The\nwindow.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ;\n\"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at \n\n*Authorization Bypass \u2013 \nURL by \"setupWizard.asp' while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface.\n\n\n\n"
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Information Disclosure & Authorization Bypass"
+ "value": "Information Disclosure & Authorization Bypass."
}
]
}
@@ -39,8 +39,9 @@
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": " Upgrade to the latest version."
}
]
}
@@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0056",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"credits": [
{
@@ -76,17 +77,17 @@
"impact": {
"cvss": [
{
- "attackComplexity": "HIGH",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 4.6,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
diff --git a/2022/36xxx/CVE-2022-36786.json b/2022/36xxx/CVE-2022-36786.json
index 756ebdc8b02..ea3ecdc950e 100644
--- a/2022/36xxx/CVE-2022-36786.json
+++ b/2022/36xxx/CVE-2022-36786.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router."
+ "value": "DLINK - DSL-224 Post-auth RCE.\nDLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API.\nIt is possible to inject a command through this interface that will run with ROOT permissions on the router.\n\n"
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Post-auth PCE"
+ "value": "Post-auth RCE"
}
]
}
@@ -39,8 +39,9 @@
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": "Update to version 3.0.9_Beta Hotfix"
}
]
}
@@ -65,8 +66,21 @@
},
"source": {
"advisory": "ILVN-2022-0057",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nUpdate to version 3.0.9_Beta Hotfix\n\n
"
+ }
+ ],
+ "value": "\nUpdate to version 3.0.9_Beta Hotfix\n\n\n"
+ }
+ ],
"credits": [
{
"lang": "en",
@@ -76,17 +90,17 @@
"impact": {
"cvss": [
{
- "attackComplexity": "HIGH",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 9.8,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
diff --git a/2022/36xxx/CVE-2022-36787.json b/2022/36xxx/CVE-2022-36787.json
index 9371b527456..e6e5e3f9bd5 100644
--- a/2022/36xxx/CVE-2022-36787.json
+++ b/2022/36xxx/CVE-2022-36787.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter \" DocNumber\" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE."
+ "value": "\nwebvendome - webvendome SQL Injection.\nSQL Injection in the Parameter \" DocNumber\"\nRequest :\nGet Request :\n/webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.\n\n"
}
]
},
@@ -32,16 +32,17 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Webvendome",
+ "vendor_name": "webvendome",
"product": {
"product_data": [
{
- "product_name": "Webvendome",
+ "product_name": "webvendome",
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": " Upgrade to the latest version."
}
]
}
@@ -55,9 +56,9 @@
"references": {
"reference_data": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
- "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@@ -66,7 +67,7 @@
},
"source": {
"advisory": "ILVN-2022-0058",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"solution": [
{
@@ -75,10 +76,10 @@
{
"base64": false,
"type": "text/html",
- "value": "\n\nUpdate to the latest version.\n\n"
+ "value": "\n\nUpdate to the latest version.\n\n
"
}
],
- "value": "\nUpdate to the latest version.\n\n"
+ "value": "\nUpdate to the latest version.\n\n\n"
}
],
"credits": [
@@ -91,16 +92,16 @@
"cvss": [
{
"attackComplexity": "LOW",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "NONE",
- "baseScore": 6.3,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
- "privilegesRequired": "LOW",
+ "privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
diff --git a/2022/39xxx/CVE-2022-39178.json b/2022/39xxx/CVE-2022-39178.json
index b624a430cb3..2e306c83d94 100644
--- a/2022/39xxx/CVE-2022-39178.json
+++ b/2022/39xxx/CVE-2022-39178.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure."
+ "value": "\nWebvendome - webvendome Internal Server IP Disclosure.\nSend GET Request to the request which is shown in the picture.\nInternal Server IP and Full path disclosure. \n\n"
}
]
},
@@ -31,16 +31,17 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "Webvendome",
+ "vendor_name": "webvendome",
"product": {
"product_data": [
{
- "product_name": "Webvendome",
+ "product_name": "webvendome",
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": " Upgrade to the latest version."
}
]
}
@@ -54,9 +55,9 @@
"references": {
"reference_data": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
- "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0059",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"solution": [
{
@@ -74,10 +75,10 @@
{
"base64": false,
"type": "text/html",
- "value": "\n\nUpdate to the latest version.\n\n"
+ "value": "\n\nUpdate to the latest version.\n\n
"
}
],
- "value": "\nUpdate to the latest version.\n\n"
+ "value": "\nUpdate to the latest version.\n\n\n"
}
],
"credits": [
@@ -90,16 +91,16 @@
"cvss": [
{
"attackComplexity": "LOW",
- "attackVector": "ADJACENT_NETWORK",
+ "attackVector": "NETWORK",
"availabilityImpact": "NONE",
- "baseScore": 4.1,
+ "baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
"scope": "UNCHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
diff --git a/2022/39xxx/CVE-2022-39179.json b/2022/39xxx/CVE-2022-39179.json
index 963abbdcba7..37f7b17a449 100644
--- a/2022/39xxx/CVE-2022-39179.json
+++ b/2022/39xxx/CVE-2022-39179.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file."
+ "value": "\nCollege Management System v1.0 - Authenticated remote code execution.\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\n.php file that contains malicious code via student.php file.\n\n"
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "Authenticated remote code execution."
+ "value": "Authenticated remote code execution"
}
]
}
@@ -31,7 +31,7 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "College Management System v1.0",
+ "vendor_name": "College Management",
"product": {
"product_data": [
{
@@ -39,8 +39,9 @@
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": " Upgrade to the latest version."
}
]
}
@@ -54,9 +55,9 @@
"references": {
"reference_data": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
- "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0060",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"credits": [
{
@@ -77,16 +78,16 @@
"cvss": [
{
"attackComplexity": "LOW",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 4.9,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
"scope": "UNCHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
diff --git a/2022/39xxx/CVE-2022-39180.json b/2022/39xxx/CVE-2022-39180.json
index c7e7175505f..1cfc511d0d2 100644
--- a/2022/39xxx/CVE-2022-39180.json
+++ b/2022/39xxx/CVE-2022-39180.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page."
+ "value": "\nCollege Management System v1.0 - SQL Injection (SQLi).\nBy inserting SQL commands to the username and password fields in the login.php page\n\n"
}
]
},
@@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
- "vendor_name": "College Management System v1.0",
+ "vendor_name": "College Management",
"product": {
"product_data": [
{
@@ -40,8 +40,9 @@
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": " Upgrade to the latest version."
}
]
}
@@ -55,9 +56,9 @@
"references": {
"reference_data": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
- "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@@ -66,7 +67,7 @@
},
"source": {
"advisory": "ILVN-2022-0061",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"credits": [
{
@@ -78,16 +79,16 @@
"cvss": [
{
"attackComplexity": "LOW",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 4.9,
- "baseSeverity": "MEDIUM",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
"scope": "UNCHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
diff --git a/2022/39xxx/CVE-2022-39181.json b/2022/39xxx/CVE-2022-39181.json
index 338134c8fd6..96fdb37b2fb 100644
--- a/2022/39xxx/CVE-2022-39181.json
+++ b/2022/39xxx/CVE-2022-39181.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser."
+ "value": "\nGLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS).\nType 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in\nthe HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a\nvulnerable web application, which is then reflected back to the victim and executed by the web browser. The most\ncommon mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby\nan attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content\nback to the victim, the content is executed by the victim's browser. \n\n"
}
]
},
@@ -40,8 +40,9 @@
"version": {
"version_data": [
{
- "version_value": "1.0",
- "version_affected": "="
+ "version_affected": "<",
+ "version_name": "All versions",
+ "version_value": " Upgrade to the latest version."
}
]
}
@@ -55,9 +56,9 @@
"references": {
"reference_data": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
- "name": "https://www.gov.il/en/departments/faq/cve_advisories"
+ "name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@@ -66,7 +67,7 @@
},
"source": {
"advisory": "ILVN-2022-0062",
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"credits": [
{
@@ -78,16 +79,16 @@
"cvss": [
{
"attackComplexity": "LOW",
- "attackVector": "ADJACENT_NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 4.9,
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
- "privilegesRequired": "LOW",
- "scope": "UNCHANGED",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
"userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
diff --git a/2023/1xxx/CVE-2023-1356.json b/2023/1xxx/CVE-2023-1356.json
index 2d9e2a6888a..24714a4db8c 100644
--- a/2023/1xxx/CVE-2023-1356.json
+++ b/2023/1xxx/CVE-2023-1356.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1356",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Reflected cross-site scripting in the StudentSearch component in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows hijacking of a user\u2019s browsing session by attackers who have convinced the said user to click on a malicious link."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/26xxx/CVE-2023-26583.json b/2023/26xxx/CVE-2023-26583.json
index 1cb919e320c..cc72867e2ef 100644
--- a/2023/26xxx/CVE-2023-26583.json
+++ b/2023/26xxx/CVE-2023-26583.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26583",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26583",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-26583"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/26xxx/CVE-2023-26584.json b/2023/26xxx/CVE-2023-26584.json
index 30f42ab656c..4ab36231bb2 100644
--- a/2023/26xxx/CVE-2023-26584.json
+++ b/2023/26xxx/CVE-2023-26584.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26584",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27254.json b/2023/27xxx/CVE-2023-27254.json
index fcc4778d25c..a094cdd5405 100644
--- a/2023/27xxx/CVE-2023-27254.json
+++ b/2023/27xxx/CVE-2023-27254.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27254",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated SQL injection in the GetRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27254",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27254"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27255.json b/2023/27xxx/CVE-2023-27255.json
index f1d4046f257..35a7c862a97 100644
--- a/2023/27xxx/CVE-2023-27255.json
+++ b/2023/27xxx/CVE-2023-27255.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27255",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27255",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27255"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27256.json b/2023/27xxx/CVE-2023-27256.json
index 26d1ca93a53..99d97315c93 100644
--- a/2023/27xxx/CVE-2023-27256.json
+++ b/2023/27xxx/CVE-2023-27256.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27256",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the GetLogFiles method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27256",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27256"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27257.json b/2023/27xxx/CVE-2023-27257.json
index 740a8741ab6..0f7fad983fb 100644
--- a/2023/27xxx/CVE-2023-27257.json
+++ b/2023/27xxx/CVE-2023-27257.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27257",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the GetActiveToiletPasses method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27258.json b/2023/27xxx/CVE-2023-27258.json
index 07d52ee0037..8202b4ec419 100644
--- a/2023/27xxx/CVE-2023-27258.json
+++ b/2023/27xxx/CVE-2023-27258.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27258",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the GetStudentGroupStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27258",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27258"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Melodi Dey"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27259.json b/2023/27xxx/CVE-2023-27259.json
index e6ebe972664..496bf2e69af 100644
--- a/2023/27xxx/CVE-2023-27259.json
+++ b/2023/27xxx/CVE-2023-27259.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27259",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27259",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27259"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Melodi Dey"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27260.json b/2023/27xxx/CVE-2023-27260.json
index c88ac732474..d9c612955be 100644
--- a/2023/27xxx/CVE-2023-27260.json
+++ b/2023/27xxx/CVE-2023-27260.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27260",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27261.json b/2023/27xxx/CVE-2023-27261.json
index 176b892a8f5..abedfcf9612 100644
--- a/2023/27xxx/CVE-2023-27261.json
+++ b/2023/27xxx/CVE-2023-27261.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27261",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the DeleteAssignments method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27261",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27261"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27262.json b/2023/27xxx/CVE-2023-27262.json
index 34682a8e1ce..a90d401a01e 100644
--- a/2023/27xxx/CVE-2023-27262.json
+++ b/2023/27xxx/CVE-2023-27262.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27262",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27375.json b/2023/27xxx/CVE-2023-27375.json
index 4c6f4579d76..71c2e37202c 100644
--- a/2023/27xxx/CVE-2023-27375.json
+++ b/2023/27xxx/CVE-2023-27375.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27375",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27375",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27375"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Melodi Dey"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27376.json b/2023/27xxx/CVE-2023-27376.json
index 4aaae66afe5..54efaa89c92 100644
--- a/2023/27xxx/CVE-2023-27376.json
+++ b/2023/27xxx/CVE-2023-27376.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27376",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27376",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27376"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Melodi Dey"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/27xxx/CVE-2023-27377.json b/2023/27xxx/CVE-2023-27377.json
index c758ddf5503..9b1ef8e9334 100644
--- a/2023/27xxx/CVE-2023-27377.json
+++ b/2023/27xxx/CVE-2023-27377.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27377",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vdp@themissinglink.com.au",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IDAttend Pty Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "IDWeb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.1.052"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27377",
+ "refsource": "MISC",
+ "name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27377"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Melodi Dey"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41255.json b/2023/41xxx/CVE-2023-41255.json
index 08b3d3f5e7b..b8c2fb95fd7 100644
--- a/2023/41xxx/CVE-2023-41255.json
+++ b/2023/41xxx/CVE-2023-41255.json
@@ -1,17 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41255",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@bosch.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-306 Missing Authentication for Critical Function",
+ "cweId": "CWE-306"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Rexroth",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
+ "refsource": "MISC",
+ "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41372.json b/2023/41xxx/CVE-2023-41372.json
index db3c560b4e8..ff66ee67882 100644
--- a/2023/41xxx/CVE-2023-41372.json
+++ b/2023/41xxx/CVE-2023-41372.json
@@ -1,17 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41372",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@bosch.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-798 Use of Hard-coded Credentials",
+ "cweId": "CWE-798"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Rexroth",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
+ "refsource": "MISC",
+ "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41960.json b/2023/41xxx/CVE-2023-41960.json
index ab583dbc100..8502da7099f 100644
--- a/2023/41xxx/CVE-2023-41960.json
+++ b/2023/41xxx/CVE-2023-41960.json
@@ -1,17 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41960",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@bosch.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-926 Improper Export of Android Application Components",
+ "cweId": "CWE-926"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Rexroth",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
+ "refsource": "MISC",
+ "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/43xxx/CVE-2023-43488.json b/2023/43xxx/CVE-2023-43488.json
index f2cd8d9221d..8c6148d98b6 100644
--- a/2023/43xxx/CVE-2023-43488.json
+++ b/2023/43xxx/CVE-2023-43488.json
@@ -1,17 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43488",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@bosch.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-862 Missing Authorization",
+ "cweId": "CWE-862"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Rexroth",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
+ "refsource": "MISC",
+ "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.9,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45220.json b/2023/45xxx/CVE-2023-45220.json
index b5888a5dc7e..694d5065e72 100644
--- a/2023/45xxx/CVE-2023-45220.json
+++ b/2023/45xxx/CVE-2023-45220.json
@@ -1,17 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45220",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@bosch.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-306 Missing Authentication for Critical Function",
+ "cweId": "CWE-306"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Rexroth",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
+ "refsource": "MISC",
+ "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45844.json b/2023/45xxx/CVE-2023-45844.json
index 0fe1f7e4e4b..04e2ee18ac2 100644
--- a/2023/45xxx/CVE-2023-45844.json
+++ b/2023/45xxx/CVE-2023-45844.json
@@ -1,17 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45844",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@bosch.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-284 Improper Access Control",
+ "cweId": "CWE-284"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Rexroth",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
+ "refsource": "MISC",
+ "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "PHYSICAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46518.json b/2023/46xxx/CVE-2023-46518.json
index 497d0105e06..886bd47caf5 100644
--- a/2023/46xxx/CVE-2023-46518.json
+++ b/2023/46xxx/CVE-2023-46518.json
@@ -1,17 +1,71 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46518",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46518",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md"
+ },
+ {
+ "url": "https://www.mercurycom.com.cn/",
+ "refsource": "MISC",
+ "name": "https://www.mercurycom.com.cn/"
+ },
+ {
+ "url": "https://service.mercurycom.com.cn/download-2341.html",
+ "refsource": "MISC",
+ "name": "https://service.mercurycom.com.cn/download-2341.html"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46520.json b/2023/46xxx/CVE-2023-46520.json
index 6d68d1ad240..87fce000e98 100644
--- a/2023/46xxx/CVE-2023-46520.json
+++ b/2023/46xxx/CVE-2023-46520.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46520",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46520",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46521.json b/2023/46xxx/CVE-2023-46521.json
index 6cc0bf03660..76a891bcdef 100644
--- a/2023/46xxx/CVE-2023-46521.json
+++ b/2023/46xxx/CVE-2023-46521.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46521",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46521",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/11/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/11/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46522.json b/2023/46xxx/CVE-2023-46522.json
index d20cc3205e9..aec0ad80321 100644
--- a/2023/46xxx/CVE-2023-46522.json
+++ b/2023/46xxx/CVE-2023-46522.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46522",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46522",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/2/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/2/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46525.json b/2023/46xxx/CVE-2023-46525.json
index e8b560dc2db..29e46c66c30 100644
--- a/2023/46xxx/CVE-2023-46525.json
+++ b/2023/46xxx/CVE-2023-46525.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46525",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46525",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/12/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/12/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46526.json b/2023/46xxx/CVE-2023-46526.json
index 9c03fa7d259..52fa6e87b81 100644
--- a/2023/46xxx/CVE-2023-46526.json
+++ b/2023/46xxx/CVE-2023-46526.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46526",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46526",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46527.json b/2023/46xxx/CVE-2023-46527.json
index de6c1f856ee..460d6efdaa6 100644
--- a/2023/46xxx/CVE-2023-46527.json
+++ b/2023/46xxx/CVE-2023-46527.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46527",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46527",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46534.json b/2023/46xxx/CVE-2023-46534.json
index accd6bf425e..3f7033eb7a0 100644
--- a/2023/46xxx/CVE-2023-46534.json
+++ b/2023/46xxx/CVE-2023-46534.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46534",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46534",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/9/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/9/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46535.json b/2023/46xxx/CVE-2023-46535.json
index f1df2dc701c..f65e1f6b1d7 100644
--- a/2023/46xxx/CVE-2023-46535.json
+++ b/2023/46xxx/CVE-2023-46535.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46535",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46535",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46536.json b/2023/46xxx/CVE-2023-46536.json
index 54b6fbf38a0..a910b515b73 100644
--- a/2023/46xxx/CVE-2023-46536.json
+++ b/2023/46xxx/CVE-2023-46536.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46536",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46536",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/5/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/5/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46537.json b/2023/46xxx/CVE-2023-46537.json
index 9296aae1442..06b992db6e4 100644
--- a/2023/46xxx/CVE-2023-46537.json
+++ b/2023/46xxx/CVE-2023-46537.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46537",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46537",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/7/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/7/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46538.json b/2023/46xxx/CVE-2023-46538.json
index 5c946b10dc1..f32419df81b 100644
--- a/2023/46xxx/CVE-2023-46538.json
+++ b/2023/46xxx/CVE-2023-46538.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46538",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46538",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46539.json b/2023/46xxx/CVE-2023-46539.json
index 5b87a41e2f6..430b6e213df 100644
--- a/2023/46xxx/CVE-2023-46539.json
+++ b/2023/46xxx/CVE-2023-46539.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46539",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46539",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
+ "refsource": "MISC",
+ "name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46540.json b/2023/46xxx/CVE-2023-46540.json
index 7604ba4a2a1..eeed41b8ce7 100644
--- a/2023/46xxx/CVE-2023-46540.json
+++ b/2023/46xxx/CVE-2023-46540.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46540",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46540",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/11/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/11/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46541.json b/2023/46xxx/CVE-2023-46541.json
index 3527a67ccf4..c2028bb9da0 100644
--- a/2023/46xxx/CVE-2023-46541.json
+++ b/2023/46xxx/CVE-2023-46541.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46541",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46541",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/10/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/10/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46542.json b/2023/46xxx/CVE-2023-46542.json
index 06f92047a66..71810f51dcc 100644
--- a/2023/46xxx/CVE-2023-46542.json
+++ b/2023/46xxx/CVE-2023-46542.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46542",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46542",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/13/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/13/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46543.json b/2023/46xxx/CVE-2023-46543.json
index f6b8fb3bdc0..fce10ad5be9 100644
--- a/2023/46xxx/CVE-2023-46543.json
+++ b/2023/46xxx/CVE-2023-46543.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46543",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46543",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/16/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/16/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46544.json b/2023/46xxx/CVE-2023-46544.json
index b72ff4db8a5..e343b53425b 100644
--- a/2023/46xxx/CVE-2023-46544.json
+++ b/2023/46xxx/CVE-2023-46544.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46544",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46544",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/14/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/14/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46545.json b/2023/46xxx/CVE-2023-46545.json
index fe7192d37fc..b9220086226 100644
--- a/2023/46xxx/CVE-2023-46545.json
+++ b/2023/46xxx/CVE-2023-46545.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46545",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46545",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/17/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/17/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46546.json b/2023/46xxx/CVE-2023-46546.json
index 0f2c5dc0b72..878803f31f8 100644
--- a/2023/46xxx/CVE-2023-46546.json
+++ b/2023/46xxx/CVE-2023-46546.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46546",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46546",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/15/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/15/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46547.json b/2023/46xxx/CVE-2023-46547.json
index e8b62fefd49..2bdc12b0217 100644
--- a/2023/46xxx/CVE-2023-46547.json
+++ b/2023/46xxx/CVE-2023-46547.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46547",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46547",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/12/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/12/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46548.json b/2023/46xxx/CVE-2023-46548.json
index 77955706c31..31fec3d3ed7 100644
--- a/2023/46xxx/CVE-2023-46548.json
+++ b/2023/46xxx/CVE-2023-46548.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46548",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46548",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/1/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/1/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46549.json b/2023/46xxx/CVE-2023-46549.json
index e17cafde5d2..7dbef3c5343 100644
--- a/2023/46xxx/CVE-2023-46549.json
+++ b/2023/46xxx/CVE-2023-46549.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46549",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46549",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/18/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/18/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46550.json b/2023/46xxx/CVE-2023-46550.json
index 94d400c0056..28f80c5021f 100644
--- a/2023/46xxx/CVE-2023-46550.json
+++ b/2023/46xxx/CVE-2023-46550.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46550",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46550",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/21/1.md#2firmware-download-address",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/21/1.md#2firmware-download-address"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46551.json b/2023/46xxx/CVE-2023-46551.json
index a808e27e6de..0f98e960701 100644
--- a/2023/46xxx/CVE-2023-46551.json
+++ b/2023/46xxx/CVE-2023-46551.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46551",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46551",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/2/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/2/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46552.json b/2023/46xxx/CVE-2023-46552.json
index b25a4f8eb41..9ac22975801 100644
--- a/2023/46xxx/CVE-2023-46552.json
+++ b/2023/46xxx/CVE-2023-46552.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46552",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46552",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/19/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/19/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46553.json b/2023/46xxx/CVE-2023-46553.json
index df71afd95ff..be5c94953b6 100644
--- a/2023/46xxx/CVE-2023-46553.json
+++ b/2023/46xxx/CVE-2023-46553.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46553",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46553",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/5/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/5/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46554.json b/2023/46xxx/CVE-2023-46554.json
index a559df549e1..8f2a522ea8c 100644
--- a/2023/46xxx/CVE-2023-46554.json
+++ b/2023/46xxx/CVE-2023-46554.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46554",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46554",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/20/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/20/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46555.json b/2023/46xxx/CVE-2023-46555.json
index 13389a94d17..21ee10bed25 100644
--- a/2023/46xxx/CVE-2023-46555.json
+++ b/2023/46xxx/CVE-2023-46555.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46555",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46555",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/3/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/3/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46556.json b/2023/46xxx/CVE-2023-46556.json
index 5f0731443fe..502342db14b 100644
--- a/2023/46xxx/CVE-2023-46556.json
+++ b/2023/46xxx/CVE-2023-46556.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46556",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46556",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/4/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/4/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46557.json b/2023/46xxx/CVE-2023-46557.json
index 8474eed8d93..bb674d63357 100644
--- a/2023/46xxx/CVE-2023-46557.json
+++ b/2023/46xxx/CVE-2023-46557.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46557",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46557",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/22/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/22/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46558.json b/2023/46xxx/CVE-2023-46558.json
index 3eda0add3f7..cdaa68e5920 100644
--- a/2023/46xxx/CVE-2023-46558.json
+++ b/2023/46xxx/CVE-2023-46558.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46558",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46558",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/25/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/25/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46559.json b/2023/46xxx/CVE-2023-46559.json
index 466455fdc85..6058e909a18 100644
--- a/2023/46xxx/CVE-2023-46559.json
+++ b/2023/46xxx/CVE-2023-46559.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46559",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46559",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/9/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/9/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46560.json b/2023/46xxx/CVE-2023-46560.json
index 8d43fcb8887..2d4819ebcb1 100644
--- a/2023/46xxx/CVE-2023-46560.json
+++ b/2023/46xxx/CVE-2023-46560.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46560",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46560",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/23/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/23/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46562.json b/2023/46xxx/CVE-2023-46562.json
index 84e7fa21f95..f311a619dba 100644
--- a/2023/46xxx/CVE-2023-46562.json
+++ b/2023/46xxx/CVE-2023-46562.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46562",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46562",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/8/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/8/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46563.json b/2023/46xxx/CVE-2023-46563.json
index d74d0d4403c..f02fb2f95f0 100644
--- a/2023/46xxx/CVE-2023-46563.json
+++ b/2023/46xxx/CVE-2023-46563.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46563",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46563",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/7/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/7/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46564.json b/2023/46xxx/CVE-2023-46564.json
index 382c925b6c4..0cf055fbe22 100644
--- a/2023/46xxx/CVE-2023-46564.json
+++ b/2023/46xxx/CVE-2023-46564.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-46564",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-46564",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
+ "refsource": "MISC",
+ "name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
+ },
+ {
+ "url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46650.json b/2023/46xxx/CVE-2023-46650.json
index 7143feb1595..f64d1cd02df 100644
--- a/2023/46xxx/CVE-2023-46650.json
+++ b/2023/46xxx/CVE-2023-46650.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46650",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins GitHub Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.37.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46651.json b/2023/46xxx/CVE-2023-46651.json
index c61bb24082e..29869ac1eaa 100644
--- a/2023/46xxx/CVE-2023-46651.json
+++ b/2023/46xxx/CVE-2023-46651.json
@@ -1,17 +1,83 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46651",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins Warnings Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "10.5.1",
+ "versionType": "maven",
+ "lessThan": "*",
+ "status": "unaffected"
+ },
+ {
+ "version": "10.4.1",
+ "versionType": "maven",
+ "lessThan": "10.4.*",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46652.json b/2023/46xxx/CVE-2023-46652.json
index 59aef31a298..50c5d31863d 100644
--- a/2023/46xxx/CVE-2023-46652.json
+++ b/2023/46xxx/CVE-2023-46652.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46652",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins lambdatest-automation Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.20.9"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46653.json b/2023/46xxx/CVE-2023-46653.json
index d49350678c8..a6745a27700 100644
--- a/2023/46xxx/CVE-2023-46653.json
+++ b/2023/46xxx/CVE-2023-46653.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46653",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins lambdatest-automation Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.20.10"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46654.json b/2023/46xxx/CVE-2023-46654.json
index f25b5442a8e..39a314aefd9 100644
--- a/2023/46xxx/CVE-2023-46654.json
+++ b/2023/46xxx/CVE-2023-46654.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46654",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins CloudBees CD Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.1.32"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46655.json b/2023/46xxx/CVE-2023-46655.json
index f5d25305827..c4e38a97804 100644
--- a/2023/46xxx/CVE-2023-46655.json
+++ b/2023/46xxx/CVE-2023-46655.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46655",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins CloudBees CD Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.1.32"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3238",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3238"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46656.json b/2023/46xxx/CVE-2023-46656.json
index a19a3d174eb..11eb7689771 100644
--- a/2023/46xxx/CVE-2023-46656.json
+++ b/2023/46xxx/CVE-2023-46656.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46656",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins Multibranch Scan Webhook Trigger Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.0.9"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46657.json b/2023/46xxx/CVE-2023-46657.json
index 2b6bdc28de4..ab4cb64adbc 100644
--- a/2023/46xxx/CVE-2023-46657.json
+++ b/2023/46xxx/CVE-2023-46657.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46657",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins Gogs Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.0.15"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46658.json b/2023/46xxx/CVE-2023-46658.json
index 572c98dfd7b..7b6ca332bb2 100644
--- a/2023/46xxx/CVE-2023-46658.json
+++ b/2023/46xxx/CVE-2023-46658.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46658",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins MSTeams Webhook Trigger Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "0.1.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46659.json b/2023/46xxx/CVE-2023-46659.json
index 6371d781091..1ae5554b684 100644
--- a/2023/46xxx/CVE-2023-46659.json
+++ b/2023/46xxx/CVE-2023-46659.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46659",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins Edgewall Trac Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.13"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3247",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3247"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46660.json b/2023/46xxx/CVE-2023-46660.json
index 994312926d0..c41f4380ee0 100644
--- a/2023/46xxx/CVE-2023-46660.json
+++ b/2023/46xxx/CVE-2023-46660.json
@@ -1,17 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46660",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "jenkinsci-cert@googlegroups.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Jenkins Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Jenkins Zanata Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "0.6"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879",
+ "refsource": "MISC",
+ "name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4128.json b/2023/4xxx/CVE-2023-4128.json
index 99470cec19d..e0949325aa8 100644
--- a/2023/4xxx/CVE-2023-4128.json
+++ b/2023/4xxx/CVE-2023-4128.json
@@ -514,6 +514,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/",
"refsource": "MISC",
@@ -538,18 +543,13 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
- },
- {
- "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
- "refsource": "MISC",
- "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},
"work_around": [
{
"lang": "en",
- "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
+ "value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~"
}
],
"impact": {
diff --git a/2023/4xxx/CVE-2023-4692.json b/2023/4xxx/CVE-2023-4692.json
index eb2c141111f..ae3a9385aa1 100644
--- a/2023/4xxx/CVE-2023-4692.json
+++ b/2023/4xxx/CVE-2023-4692.json
@@ -1,17 +1,169 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4692",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secalert@redhat.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Heap-based Buffer Overflow",
+ "cweId": "CWE-122"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "grub2",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 9",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "Fedora",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Fedora",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-4692",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2023-4692"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613"
+ },
+ {
+ "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/",
+ "refsource": "MISC",
+ "name": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"
+ },
+ {
+ "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html"
+ },
+ {
+ "url": "https://seclists.org/oss-sec/2023/q4/37",
+ "refsource": "MISC",
+ "name": "https://seclists.org/oss-sec/2023/q4/37"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4693.json b/2023/4xxx/CVE-2023-4693.json
index 16e2556b819..179f3e8e623 100644
--- a/2023/4xxx/CVE-2023-4693.json
+++ b/2023/4xxx/CVE-2023-4693.json
@@ -1,17 +1,169 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4693",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secalert@redhat.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "grub2",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 9",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "Fedora",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Fedora",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-4693",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2023-4693"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343"
+ },
+ {
+ "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/",
+ "refsource": "MISC",
+ "name": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"
+ },
+ {
+ "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html"
+ },
+ {
+ "url": "https://seclists.org/oss-sec/2023/q4/37",
+ "refsource": "MISC",
+ "name": "https://seclists.org/oss-sec/2023/q4/37"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4853.json b/2023/4xxx/CVE-2023-4853.json
index 0c74fa4fc6e..811194809bc 100644
--- a/2023/4xxx/CVE-2023-4853.json
+++ b/2023/4xxx/CVE-2023-4853.json
@@ -128,6 +128,83 @@
]
}
},
+ {
+ "product_name": "RHEL-8 based Middleware Containers",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "7.13.4-3",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "7.13.4-2",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "7.13.4-2",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "7.13.4-3",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "7.13.4-3",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "RHINT Camel-K-1.10.2",
"version": {
@@ -288,6 +365,19 @@
]
}
},
+ {
+ "product_name": "RHPAM 7.13.4 async",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat Decision Manager 7",
"version": {
@@ -365,6 +455,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5480"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6107",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2023:6107"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6112",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2023:6112"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4853",
"refsource": "MISC",
diff --git a/2023/5xxx/CVE-2023-5363.json b/2023/5xxx/CVE-2023-5363.json
index 4bae393da0b..37bca75589d 100644
--- a/2023/5xxx/CVE-2023-5363.json
+++ b/2023/5xxx/CVE-2023-5363.json
@@ -73,6 +73,16 @@
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/24/1",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2023/10/24/1"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5532",
+ "refsource": "MISC",
+ "name": "https://www.debian.org/security/2023/dsa-5532"
}
]
},
diff --git a/2023/5xxx/CVE-2023-5568.json b/2023/5xxx/CVE-2023-5568.json
index 77f0ca7c74d..e6f760991dc 100644
--- a/2023/5xxx/CVE-2023-5568.json
+++ b/2023/5xxx/CVE-2023-5568.json
@@ -119,7 +119,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
- "defaultStatus": "affected"
+ "defaultStatus": "unaffected"
}
}
]
diff --git a/2023/5xxx/CVE-2023-5717.json b/2023/5xxx/CVE-2023-5717.json
index cf2f62a9d45..11694e1f599 100644
--- a/2023/5xxx/CVE-2023-5717.json
+++ b/2023/5xxx/CVE-2023-5717.json
@@ -1,17 +1,99 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5717",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@google.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Kernel",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "4.4",
+ "version_value": "6.6"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
+ },
+ {
+ "url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06",
+ "refsource": "MISC",
+ "name": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Budimir Markovic"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseSeverity": "HIGH",
+ "baseScore": 7.8,
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
]
}
diff --git a/2023/5xxx/CVE-2023-5764.json b/2023/5xxx/CVE-2023-5764.json
new file mode 100644
index 00000000000..765e14e0585
--- /dev/null
+++ b/2023/5xxx/CVE-2023-5764.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-5764",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/5xxx/CVE-2023-5765.json b/2023/5xxx/CVE-2023-5765.json
new file mode 100644
index 00000000000..312e66518d2
--- /dev/null
+++ b/2023/5xxx/CVE-2023-5765.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-5765",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/5xxx/CVE-2023-5766.json b/2023/5xxx/CVE-2023-5766.json
new file mode 100644
index 00000000000..5d5c0111355
--- /dev/null
+++ b/2023/5xxx/CVE-2023-5766.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-5766",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file