From 6986dcf447d659ac3a350bdfa9c4c6e8e90ad2fc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Jan 2023 18:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/3xxx/CVE-2006-3360.json | 10 ++++ 2022/45xxx/CVE-2022-45613.json | 61 ++++++++++++++++++++--- 2022/47xxx/CVE-2022-47966.json | 66 ++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0389.json | 18 +++++++ 2023/0xxx/CVE-2023-0390.json | 18 +++++++ 2023/21xxx/CVE-2023-21601.json | 90 +++++++++++++++++++++++++++++++--- 2023/21xxx/CVE-2023-21603.json | 90 +++++++++++++++++++++++++++++++--- 7 files changed, 329 insertions(+), 24 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0389.json create mode 100644 2023/0xxx/CVE-2023-0390.json diff --git a/2006/3xxx/CVE-2006-3360.json b/2006/3xxx/CVE-2006-3360.json index 5e0e52cea7a..d8dc894de9b 100644 --- a/2006/3xxx/CVE-2006-3360.json +++ b/2006/3xxx/CVE-2006-3360.json @@ -91,6 +91,16 @@ "name": "20060705 phpSysInfo arbitrary file identification", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-2wxv-3g4v-p76p", + "url": "https://github.com/advisories/GHSA-2wxv-3g4v-p76p" + }, + { + "refsource": "MISC", + "name": "https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745", + "url": "https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745" } ] } diff --git a/2022/45xxx/CVE-2022-45613.json b/2022/45xxx/CVE-2022-45613.json index 50e50965ea3..ff76e4d5638 100644 --- a/2022/45xxx/CVE-2022-45613.json +++ b/2022/45xxx/CVE-2022-45613.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45613", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45613", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@just0rg/book-store-management-system-1-0-unrestricted-input-leads-to-xss-74506d42492e", + "url": "https://medium.com/@just0rg/book-store-management-system-1-0-unrestricted-input-leads-to-xss-74506d42492e" + }, + { + "url": "https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/stored-xss", + "refsource": "MISC", + "name": "https://github.com/lithonn/bug-report/tree/main/vendors/oretnom23/bsms_ci/stored-xss" } ] } diff --git a/2022/47xxx/CVE-2022-47966.json b/2022/47xxx/CVE-2022-47966.json index 27fce007ece..643582e1541 100644 --- a/2022/47xxx/CVE-2022-47966.json +++ b/2022/47xxx/CVE-2022-47966.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47966", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47966", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://manageengine.com", + "refsource": "MISC", + "name": "https://manageengine.com" + }, + { + "url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", + "refsource": "MISC", + "name": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6" + }, + { + "refsource": "MISC", + "name": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", + "url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html" } ] } diff --git a/2023/0xxx/CVE-2023-0389.json b/2023/0xxx/CVE-2023-0389.json new file mode 100644 index 00000000000..94354248adb --- /dev/null +++ b/2023/0xxx/CVE-2023-0389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0390.json b/2023/0xxx/CVE-2023-0390.json new file mode 100644 index 00000000000..33d69ac1f63 --- /dev/null +++ b/2023/0xxx/CVE-2023-0390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21601.json b/2023/21xxx/CVE-2023-21601.json index 85f22986ceb..2471d4b96cf 100644 --- a/2023/21xxx/CVE-2023-21601.json +++ b/2023/21xxx/CVE-2023-21601.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2023-01-10T23:00:00.000Z", "ID": "CVE-2023-21601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension OBJ File Parsing Use-After-Free Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.6" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension version 3.4.6 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb23-10.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb23-10.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21603.json b/2023/21xxx/CVE-2023-21603.json index e7c837f9d88..0a2ab6c1f10 100644 --- a/2023/21xxx/CVE-2023-21603.json +++ b/2023/21xxx/CVE-2023-21603.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2023-01-10T23:00:00.000Z", "ID": "CVE-2023-21603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.4.6" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/dimension/apsb23-10.html", + "name": "https://helpx.adobe.com/security/products/dimension/apsb23-10.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file