diff --git a/2020/24xxx/CVE-2020-24165.json b/2020/24xxx/CVE-2020-24165.json index 172384ee39c..a03cb83a0f4 100644 --- a/2020/24xxx/CVE-2020-24165.json +++ b/2020/24xxx/CVE-2020-24165.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://pastebin.com/iqCbjdT8", "url": "https://pastebin.com/iqCbjdT8" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html" } ] } diff --git a/2023/0xxx/CVE-2023-0330.json b/2023/0xxx/CVE-2023-0330.json index 22e5ac6a821..5bbb75f61e0 100644 --- a/2023/0xxx/CVE-2023-0330.json +++ b/2023/0xxx/CVE-2023-0330.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3180.json b/2023/3xxx/CVE-2023-3180.json index 0ab9d14f2cf..329271f4c0b 100644 --- a/2023/3xxx/CVE-2023-3180.json +++ b/2023/3xxx/CVE-2023-3180.json @@ -186,6 +186,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230831-0008/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230831-0008/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html" } ] }, diff --git a/2023/42xxx/CVE-2023-42331.json b/2023/42xxx/CVE-2023-42331.json index f8d076534ae..854f94339bf 100644 --- a/2023/42xxx/CVE-2023-42331.json +++ b/2023/42xxx/CVE-2023-42331.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component." + "value": "A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/Num-Nine/CVE/issues/4", "url": "https://github.com/Num-Nine/CVE/issues/4" + }, + { + "refsource": "MISC", + "name": "https://github.com/Num-Nine/CVE/wiki/Any-file-is-uploaded-to-eliteCMS1.01", + "url": "https://github.com/Num-Nine/CVE/wiki/Any-file-is-uploaded-to-eliteCMS1.01" } ] } diff --git a/2023/43xxx/CVE-2023-43068.json b/2023/43xxx/CVE-2023-43068.json index 49f745967b4..3d1c738fbe6 100644 --- a/2023/43xxx/CVE-2023-43068.json +++ b/2023/43xxx/CVE-2023-43068.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell SmartFabric Storage Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.4.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43069.json b/2023/43xxx/CVE-2023-43069.json index e153f94e329..a1120adada8 100644 --- a/2023/43xxx/CVE-2023-43069.json +++ b/2023/43xxx/CVE-2023-43069.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell SmartFabric Storage Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.4.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43070.json b/2023/43xxx/CVE-2023-43070.json index 2a42d3e4eb1..b0f826aa402 100644 --- a/2023/43xxx/CVE-2023-43070.json +++ b/2023/43xxx/CVE-2023-43070.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43070", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell SmartFabric Storage Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.4.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43071.json b/2023/43xxx/CVE-2023-43071.json index 304e2a5cb93..9a6b6bf938e 100644 --- a/2023/43xxx/CVE-2023-43071.json +++ b/2023/43xxx/CVE-2023-43071.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File", + "cweId": "CWE-1236" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell SmartFabric Storage Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.4.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43072.json b/2023/43xxx/CVE-2023-43072.json index 689a74c89cd..51299e76824 100644 --- a/2023/43xxx/CVE-2023-43072.json +++ b/2023/43xxx/CVE-2023-43072.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43072", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell SmartFabric Storage Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.4.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43073.json b/2023/43xxx/CVE-2023-43073.json index 001a2f687c3..ac81625c8b0 100644 --- a/2023/43xxx/CVE-2023-43073.json +++ b/2023/43xxx/CVE-2023-43073.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell SmartFabric Storage Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": " v1.4.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44386.json b/2023/44xxx/CVE-2023-44386.json index 7037f0178f9..d0d4a1167fe 100644 --- a/2023/44xxx/CVE-2023-44386.json +++ b/2023/44xxx/CVE-2023-44386.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44386", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-231: Improper Handling of Extra Values", + "cweId": "CWE-231" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-617: Reachable Assertion", + "cweId": "CWE-617" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-696: Incorrect Behavior Order", + "cweId": "CWE-696" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vapor", + "product": { + "product_data": [ + { + "product_name": "vapor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.83.2, < 4.84.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm", + "refsource": "MISC", + "name": "https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm" + }, + { + "url": "https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3", + "refsource": "MISC", + "name": "https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3" + }, + { + "url": "https://github.com/vapor/vapor/releases/tag/4.84.2", + "refsource": "MISC", + "name": "https://github.com/vapor/vapor/releases/tag/4.84.2" + } + ] + }, + "source": { + "advisory": "GHSA-3mwq-h3g6-ffhm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44387.json b/2023/44xxx/CVE-2023-44387.json index 525e38e0a21..bed3f1825cc 100644 --- a/2023/44xxx/CVE-2023-44387.json +++ b/2023/44xxx/CVE-2023-44387.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gradle", + "product": { + "product_data": [ + { + "product_name": "gradle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 7.6.0, < 7.6.3" + }, + { + "version_affected": "=", + "version_value": "< 8.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9" + }, + { + "url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7" + }, + { + "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3" + }, + { + "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0" + } + ] + }, + "source": { + "advisory": "GHSA-43r3-pqhv-f7h9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.2, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45208.json b/2023/45xxx/CVE-2023-45208.json new file mode 100644 index 00000000000..cc163daaddb --- /dev/null +++ b/2023/45xxx/CVE-2023-45208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4354.json b/2023/4xxx/CVE-2023-4354.json index fbc535a892a..ad542230af5 100644 --- a/2023/4xxx/CVE-2023-4354.json +++ b/2023/4xxx/CVE-2023-4354.json @@ -78,6 +78,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/" + }, + { + "url": "http://packetstormsecurity.com/files/174949/Chrome-SKIA-Integer-Overflow.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174949/Chrome-SKIA-Integer-Overflow.html" } ] } diff --git a/2023/4xxx/CVE-2023-4355.json b/2023/4xxx/CVE-2023-4355.json index bd7862cfac9..77c67768810 100644 --- a/2023/4xxx/CVE-2023-4355.json +++ b/2023/4xxx/CVE-2023-4355.json @@ -78,6 +78,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/" + }, + { + "url": "http://packetstormsecurity.com/files/174950/Chrome-Dangling-FixedArray-Pointers-Memory-Corruption.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174950/Chrome-Dangling-FixedArray-Pointers-Memory-Corruption.html" } ] } diff --git a/2023/4xxx/CVE-2023-4401.json b/2023/4xxx/CVE-2023-4401.json index 6a3fdf8d826..f798f16e875 100644 --- a/2023/4xxx/CVE-2023-4401.json +++ b/2023/4xxx/CVE-2023-4401.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the \u2018more\u2019 command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Dell SmartFabric Storage Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": " v1.4.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4427.json b/2023/4xxx/CVE-2023-4427.json index 48239ab041b..1f7e992038d 100644 --- a/2023/4xxx/CVE-2023-4427.json +++ b/2023/4xxx/CVE-2023-4427.json @@ -83,6 +83,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" + }, + { + "url": "http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html" } ] } diff --git a/2023/5xxx/CVE-2023-5346.json b/2023/5xxx/CVE-2023-5346.json index 47119b3a250..a11ef2cbcd8 100644 --- a/2023/5xxx/CVE-2023-5346.json +++ b/2023/5xxx/CVE-2023-5346.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "117.0.5938.149", + "version_value": "117.0.5938.149" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1485829", + "refsource": "MISC", + "name": "https://crbug.com/1485829" } ] } diff --git a/2023/5xxx/CVE-2023-5423.json b/2023/5xxx/CVE-2023-5423.json index 67cc64a714a..dfdc4dde98b 100644 --- a/2023/5xxx/CVE-2023-5423.json +++ b/2023/5xxx/CVE-2023-5423.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384." + }, + { + "lang": "deu", + "value": "In SourceCodester Online Pizza Ordering System 1.0 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /admin/ajax.php?action=confirm_order. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Pizza Ordering System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.241384", + "refsource": "MISC", + "name": "https://vuldb.com/?id.241384" + }, + { + "url": "https://vuldb.com/?ctiid.241384", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.241384" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "simon.davis8080 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] }