diff --git a/2023/24xxx/CVE-2023-24805.json b/2023/24xxx/CVE-2023-24805.json
index 06445cd914d..6e011738f37 100644
--- a/2023/24xxx/CVE-2023-24805.json
+++ b/2023/24xxx/CVE-2023-24805.json
@@ -83,6 +83,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-06",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-06"
}
]
},
diff --git a/2023/34xxx/CVE-2023-34321.json b/2023/34xxx/CVE-2023-34321.json
index fe2218ccdc5..e8c58c30664 100644
--- a/2023/34xxx/CVE-2023-34321.json
+++ b/2023/34xxx/CVE-2023-34321.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34321",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-437"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-437.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-437.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit\nis not affected.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "There is no known mitigation.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Julien Grall of Amazon.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/34xxx/CVE-2023-34322.json b/2023/34xxx/CVE-2023-34322.json
index 51db81f02bc..20188d9b0cf 100644
--- a/2023/34xxx/CVE-2023-34322.json
+++ b/2023/34xxx/CVE-2023-34322.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34322",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "For migration as well as to work around kernels unaware of L1TF (see\nXSA-273), PV guests may be run in shadow paging mode. Since Xen itself\nneeds to be mapped when PV guests run, Xen and shadowed PV guests run\ndirectly the respective shadow page tables. For 64-bit PV guests this\nmeans running on the shadow of the guest root page table.\n\nIn the course of dealing with shortage of memory in the shadow pool\nassociated with a domain, shadows of page tables may be torn down. This\ntearing down may include the shadow root page table that the CPU in\nquestion is presently running on. While a precaution exists to\nsupposedly prevent the tearing down of the underlying live page table,\nthe time window covered by that precaution isn't large enough.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-438"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-438.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-438.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "All Xen versions from at least 3.2 onwards are vulnerable. Earlier\nversions have not been inspected.\n\nOnly x86 systems are vulnerable. Only 64-bit PV guests can leverage the\nvulnerability, and only when running in shadow mode. Shadow mode would\nbe in use when migrating guests or as a workaround for XSA-273 (L1TF).\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Running only HVM or PVH guests will avoid the vulnerability.\n\nRunning PV guests in the PV shim will also avoid the vulnerability.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Tim Deegan, and Jan Beulich of SUSE.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/34xxx/CVE-2023-34323.json b/2023/34xxx/CVE-2023-34323.json
index 174a72f5bdb..a5f1a65d213 100644
--- a/2023/34xxx/CVE-2023-34323.json
+++ b/2023/34xxx/CVE-2023-34323.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34323",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "When a transaction is committed, C Xenstored will first check\nthe quota is correct before attempting to commit any nodes. It would\nbe possible that accounting is temporarily negative if a node has\nbeen removed outside of the transaction.\n\nUnfortunately, some versions of C Xenstored are assuming that the\nquota cannot be negative and are using assert() to confirm it. This\nwill lead to C Xenstored crash when tools are built without -DNDEBUG\n(this is the default).\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-440"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-440.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-440.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "All versions of Xen up to and including 4.17 are vulnerable if XSA-326\nwas ingested.\n\nAll Xen systems using C Xenstored are vulnerable. C Xenstored built\nusing -DNDEBUG (can be specified via EXTRA_CFLAGS_XEN_TOOLS=-DNDEBUG)\nare not vulnerable. Systems using the OCaml variant of Xenstored are\nnot vulnerable.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "The problem can be avoided by using OCaml Xenstored variant.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Stanislav Uschakow and Julien Grall, all\nfrom Amazon.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/34xxx/CVE-2023-34324.json b/2023/34xxx/CVE-2023-34324.json
index 646651e2ff7..4d50bdaf516 100644
--- a/2023/34xxx/CVE-2023-34324.json
+++ b/2023/34xxx/CVE-2023-34324.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34324",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Closing of an event channel in the Linux kernel can result in a deadlock.\nThis happens when the close is being performed in parallel to an unrelated\nXen console action and the handling of a Xen console interrupt in an\nunprivileged guest.\n\nThe closing of an event channel is e.g. triggered by removal of a\nparavirtual device on the other side. As this action will cause console\nmessages to be issued on the other side quite often, the chance of\ntriggering the deadlock is not neglectable.\n\nNote that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel\non Arm doesn't use queued-RW-locks, which are required to trigger the\nissue (on Arm32 a waiting writer doesn't block further readers to get\nthe lock).\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-441"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-441.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-441.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "All unprivileged guests running a Linux kernel of version 5.10 and later,\nor with the fixes for XSA-332, are vulnerable.\n\nAll guest types are vulnerable.\n\nOnly x86- and 64-bit Arm-guests are vulnerable.\n\nArm-guests running in 32-bit mode are not vulnerable.\n\nGuests not using paravirtualized drivers are not vulnerable.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "There is no known mitigation.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered as a bug by Marek Marczykowski-G\u00f3recki of\nInvisible Things Lab; the security impact was recognised by J\u00fcrgen\nGro\u00df of SUSE.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/34xxx/CVE-2023-34325.json b/2023/34xxx/CVE-2023-34325.json
index e09b86e0bc9..569ff0e78bb 100644
--- a/2023/34xxx/CVE-2023-34325.json
+++ b/2023/34xxx/CVE-2023-34325.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34325",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nlibfsimage contains parsing code for several filesystems, most of them based on\ngrub-legacy code. libfsimage is used by pygrub to inspect guest disks.\n\nPygrub runs as the same user as the toolstack (root in a priviledged domain).\n\nAt least one issue has been reported to the Xen Security Team that allows an\nattacker to trigger a stack buffer overflow in libfsimage. After further\nanalisys the Xen Security Team is no longer confident in the suitability of\nlibfsimage when run against guest controlled input with super user priviledges.\n\nIn order to not affect current deployments that rely on pygrub patches are\nprovided in the resolution section of the advisory that allow running pygrub in\ndeprivileged mode.\n\nCVE-2023-4949 refers to the original issue in the upstream grub\nproject (\"An attacker with local access to a system (either through a\ndisk or external drive) can present a modified XFS partition to\ngrub-legacy in such a way to exploit a memory corruption in grub\u2019s XFS\nfile system implementation.\") CVE-2023-34325 refers specifically to\nthe vulnerabilities in Xen's copy of libfsimage, which is decended\nfrom a very old version of grub.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-443"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-443.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-443.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "All Xen versions are affected.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Ensuring that guests do not use the pygrub bootloader will avoid this\nvulnerability.\n\nFor cases where the PV guest is known to be 64bit, and uses grub2 as a\nbootloader, pvgrub is a suitable alternative pygrub.\n\nRunning only HVM guests will avoid the vulnerability.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Ferdinand N\u00f6lscher of Google.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/34xxx/CVE-2023-34326.json b/2023/34xxx/CVE-2023-34326.json
index dfe761c98c7..6f6bd0a4886 100644
--- a/2023/34xxx/CVE-2023-34326.json
+++ b/2023/34xxx/CVE-2023-34326.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34326",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The caching invalidation guidelines from the AMD-Vi specification (48882\u2014Rev\n3.07-PUB\u2014Oct 2022) is incorrect on some hardware, as devices will malfunction\n(see stale DMA mappings) if some fields of the DTE are updated but the IOMMU\nTLB is not flushed.\n\nSuch stale DMA mappings can point to memory ranges not owned by the guest, thus\nallowing access to unindented memory regions.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-442"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-442.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-442.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 AMD systems with IOMMU hardware are vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Not passing through physical devices to guests will avoid the vulnerability.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Roger Pau Monn\u00e9 of XenServer.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/34xxx/CVE-2023-34327.json b/2023/34xxx/CVE-2023-34327.json
index 5bdfc82ed7d..354c4a864bc 100644
--- a/2023/34xxx/CVE-2023-34327.json
+++ b/2023/34xxx/CVE-2023-34327.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34327",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-444"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-444.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-444.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "Only AMD/Hygon hardware supporting the DBEXT feature are vulnerable.\nThis is believed to be the Steamroller microarchitecture and later.\n\nFor CVE-2023-34327, Xen versions 4.5 and later are vulnerable.\n\nFor CVE-2023-34328, Xen version between 4.5 and 4.13 are vulnerable.\nThe issue is benign in Xen 4.14 and later owing to an unrelated change.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not\nsusceptible to running in the wrong state. By default, VMs will see the\nDBEXT feature on capable hardware, and when not explicitly levelled for\nmigration compatibility.\n\nFor CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot\nleverage the vulnerability.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Andrew Cooper of XenServer.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/34xxx/CVE-2023-34328.json b/2023/34xxx/CVE-2023-34328.json
index 91a8cca644c..7ada272eed2 100644
--- a/2023/34xxx/CVE-2023-34328.json
+++ b/2023/34xxx/CVE-2023-34328.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34328",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-444"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-444.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-444.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "Only AMD/Hygon hardware supporting the DBEXT feature are vulnerable.\nThis is believed to be the Steamroller microarchitecture and later.\n\nFor CVE-2023-34327, Xen versions 4.5 and later are vulnerable.\n\nFor CVE-2023-34328, Xen version between 4.5 and 4.13 are vulnerable.\nThe issue is benign in Xen 4.14 and later owing to an unrelated change.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not\nsusceptible to running in the wrong state. By default, VMs will see the\nDBEXT feature on capable hardware, and when not explicitly levelled for\nmigration compatibility.\n\nFor CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot\nleverage the vulnerability.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Andrew Cooper of XenServer.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/38xxx/CVE-2023-38146.json b/2023/38xxx/CVE-2023-38146.json
index 52130aba7d4..2dfaa1d2681 100644
--- a/2023/38xxx/CVE-2023-38146.json
+++ b/2023/38xxx/CVE-2023-38146.json
@@ -70,6 +70,11 @@
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146"
+ },
+ {
+ "url": "http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html",
+ "refsource": "MISC",
+ "name": "http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html"
}
]
},
diff --git a/2023/39xxx/CVE-2023-39294.json b/2023/39xxx/CVE-2023-39294.json
index ccea32da9a1..97ad9deb2cb 100644
--- a/2023/39xxx/CVE-2023-39294.json
+++ b/2023/39xxx/CVE-2023-39294.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39294",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.3.2578 build 20231110"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.3.2578 build 20231110"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-54",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-54"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-54",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "rekter0"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/39xxx/CVE-2023-39296.json b/2023/39xxx/CVE-2023-39296.json
index 0b49fe48852..b67c4a1b8db 100644
--- a/2023/39xxx/CVE-2023-39296.json
+++ b/2023/39xxx/CVE-2023-39296.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39296",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-1321",
+ "cweId": "CWE-1321"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.3.2578 build 20231110"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.3.2578 build 20231110"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-64",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-64"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-64",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Anonymous working with SSD Secure Disclosure"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41287.json b/2023/41xxx/CVE-2023-41287.json
index 9f687850c74..888d7aaacb6 100644
--- a/2023/41xxx/CVE-2023-41287.json
+++ b/2023/41xxx/CVE-2023-41287.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41287",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Video Station",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.7.x",
+ "version_value": "5.7.2 ( 2023/11/23 )"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-55",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-55"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-55",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
Video Station 5.7.2 ( 2023/11/23 ) and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Vladimir Meier and Thomas Dewaele (Bugscale SA)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41288.json b/2023/41xxx/CVE-2023-41288.json
index cf735cdde15..811ceb4866c 100644
--- a/2023/41xxx/CVE-2023-41288.json
+++ b/2023/41xxx/CVE-2023-41288.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41288",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Video Station",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.7.x",
+ "version_value": "5.7.2 ( 2023/11/23 )"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-55",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-55"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-55",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
Video Station 5.7.2 ( 2023/11/23 ) and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Vladimir Meier and Thomas Dewaele (Bugscale SA)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41289.json b/2023/41xxx/CVE-2023-41289.json
index 86f823b0891..5f5e477fe9d 100644
--- a/2023/41xxx/CVE-2023-41289.json
+++ b/2023/41xxx/CVE-2023-41289.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41289",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQcalAgent 1.1.8 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QcalAgent",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.1.x",
+ "version_value": "1.1.8"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-34",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-34"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-34",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
QcalAgent 1.1.8 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nQcalAgent 1.1.8 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "lebr0nli (Alan Li)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45039.json b/2023/45xxx/CVE-2023-45039.json
index 794896b00c2..9ad423e1c05 100644
--- a/2023/45xxx/CVE-2023-45039.json
+++ b/2023/45xxx/CVE-2023-45039.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45039",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-27",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jiaxu Zhao && Bingwei Peng"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45040.json b/2023/45xxx/CVE-2023-45040.json
index 0c278a5256d..fe7e88d0add 100644
--- a/2023/45xxx/CVE-2023-45040.json
+++ b/2023/45xxx/CVE-2023-45040.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45040",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-27",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jiaxu Zhao && Bingwei Peng"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45041.json b/2023/45xxx/CVE-2023-45041.json
index e7b9b2f0cf2..b52e68f5af2 100644
--- a/2023/45xxx/CVE-2023-45041.json
+++ b/2023/45xxx/CVE-2023-45041.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45041",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-27",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jiaxu Zhao && Bingwei Peng"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45042.json b/2023/45xxx/CVE-2023-45042.json
index b02ec90f171..9f40a5ff71a 100644
--- a/2023/45xxx/CVE-2023-45042.json
+++ b/2023/45xxx/CVE-2023-45042.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45042",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-27",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jiaxu Zhao && Bingwei Peng"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45043.json b/2023/45xxx/CVE-2023-45043.json
index 95151e3a176..49e8381a091 100644
--- a/2023/45xxx/CVE-2023-45043.json
+++ b/2023/45xxx/CVE-2023-45043.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45043",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-27",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jiaxu Zhao && Bingwei Peng"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/45xxx/CVE-2023-45044.json b/2023/45xxx/CVE-2023-45044.json
index f8b9bc207e7..fc8293a42c2 100644
--- a/2023/45xxx/CVE-2023-45044.json
+++ b/2023/45xxx/CVE-2023-45044.json
@@ -1,17 +1,120 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45044",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuTS hero",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "h5.1.x",
+ "version_value": "h5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "QTS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.1.x",
+ "version_value": "5.1.4.2596 build 20231128"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-27",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jiaxu Zhao && Bingwei Peng"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.8,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46835.json b/2023/46xxx/CVE-2023-46835.json
index 9ef7a5bef4e..999db2414ef 100644
--- a/2023/46xxx/CVE-2023-46835.json
+++ b/2023/46xxx/CVE-2023-46835.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46835",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The current setup of the quarantine page tables assumes that the\nquarantine domain (dom_io) has been initialized with an address width\nof DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.\n\nHowever dom_io being a PV domain gets the AMD-Vi IOMMU page tables\nlevels based on the maximum (hot pluggable) RAM address, and hence on\nsystems with no RAM above the 512GB mark only 3 page-table levels are\nconfigured in the IOMMU.\n\nOn systems without RAM above the 512GB boundary\namd_iommu_quarantine_init() will setup page tables for the scratch\npage with 4 levels, while the IOMMU will be configured to use 3 levels\nonly, resulting in the last page table directory (PDE) effectively\nbecoming a page table entry (PTE), and hence a device in quarantine\nmode gaining write access to the page destined to be a PDE.\n\nDue to this page table level mismatch, the sink page the device gets\nread/write access to is no longer cleared between device assignment,\npossibly leading to data leaks.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-445"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-445.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-445.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 AMD systems with IOMMU hardware are vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Not passing through physical devices to guests will avoid the\nvulnerability.\n\nNot using quarantine scratch-page mode will avoid the vulnerability,\nbut could result in other issues.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Roger Pau Monn\u00e9 of XenServer.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/46xxx/CVE-2023-46836.json b/2023/46xxx/CVE-2023-46836.json
index cbe352dbeb0..c66bcc83d81 100644
--- a/2023/46xxx/CVE-2023-46836.json
+++ b/2023/46xxx/CVE-2023-46836.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46836",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative\nReturn Stack Overflow) are not IRQ-safe. It was believed that the\nmitigations always operated in contexts with IRQs disabled.\n\nHowever, the original XSA-254 fix for Meltdown (XPTI) deliberately left\ninterrupts enabled on two entry paths; one unconditionally, and one\nconditionally on whether XPTI was active.\n\nAs BTC/SRSO and Meltdown affect different CPU vendors, the mitigations\nare not active together by default. Therefore, there is a race\ncondition whereby a malicious PV guest can bypass BTC/SRSO protections\nand launch a BTC/SRSO attack against Xen.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-446"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-446.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-446.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "All versions of Xen are vulnerable.\n\nXen is only vulnerable in default configurations on AMD and Hygon CPUs.\n\nXen is not believed to be vulnerable in default configurations on CPUs\nfrom other hardware vendors.\n\nOnly PV guests can leverage the vulnerability.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Running only HVM or PVH VMs will avoid the vulnerability.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Andrew Cooper of XenServer.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/46xxx/CVE-2023-46837.json b/2023/46xxx/CVE-2023-46837.json
index 0857ccb0ee4..2d61585d52f 100644
--- a/2023/46xxx/CVE-2023-46837.json
+++ b/2023/46xxx/CVE-2023-46837.json
@@ -1,18 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46837",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@xen.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Xen",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Xen",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unknown",
+ "version": "consult Xen advisory XSA-447"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://xenbits.xenproject.org/xsa/advisory-447.html",
+ "refsource": "MISC",
+ "name": "https://xenbits.xenproject.org/xsa/advisory-447.html"
+ }
+ ]
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "value": "Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit\nis not affected.\n"
+ }
+ ],
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "There is no known mitigation.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "This issue was discovered by Michal Orzel from AMD.\n"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/47xxx/CVE-2023-47219.json b/2023/47xxx/CVE-2023-47219.json
index 58ffdf9eb56..65fd2926943 100644
--- a/2023/47xxx/CVE-2023-47219.json
+++ b/2023/47xxx/CVE-2023-47219.json
@@ -1,17 +1,102 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47219",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuMagie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.2.x",
+ "version_value": "2.2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-32",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-32"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-32",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/47xxx/CVE-2023-47559.json b/2023/47xxx/CVE-2023-47559.json
index ff8b0acf6e5..2d5efd4a915 100644
--- a/2023/47xxx/CVE-2023-47559.json
+++ b/2023/47xxx/CVE-2023-47559.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47559",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuMagie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.2.x",
+ "version_value": "2.2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-23"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-23",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "lebr0nli (Alan Li)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/47xxx/CVE-2023-47560.json b/2023/47xxx/CVE-2023-47560.json
index 742db7bab2a..12e952f1223 100644
--- a/2023/47xxx/CVE-2023-47560.json
+++ b/2023/47xxx/CVE-2023-47560.json
@@ -1,17 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47560",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-77",
+ "cweId": "CWE-77"
+ },
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "QuMagie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.2.x",
+ "version_value": "2.2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-23-23"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-23-23",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "lebr0nli (Alan Li)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0251.json b/2024/0xxx/CVE-2024-0251.json
new file mode 100644
index 00000000000..78dcbd4e857
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0251.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0251",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/22xxx/CVE-2024-22164.json b/2024/22xxx/CVE-2024-22164.json
new file mode 100644
index 00000000000..c719bbd7a56
--- /dev/null
+++ b/2024/22xxx/CVE-2024-22164.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-22164",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/22xxx/CVE-2024-22165.json b/2024/22xxx/CVE-2024-22165.json
new file mode 100644
index 00000000000..00e54162a25
--- /dev/null
+++ b/2024/22xxx/CVE-2024-22165.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-22165",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/22xxx/CVE-2024-22166.json b/2024/22xxx/CVE-2024-22166.json
new file mode 100644
index 00000000000..23f5b48d1d2
--- /dev/null
+++ b/2024/22xxx/CVE-2024-22166.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-22166",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file