diff --git a/2023/0xxx/CVE-2023-0815.json b/2023/0xxx/CVE-2023-0815.json index 6086eda31ff..29d330c08e9 100644 --- a/2023/0xxx/CVE-2023-0815.json +++ b/2023/0xxx/CVE-2023-0815.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug." + "value": "Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet." } ] }, @@ -88,6 +88,11 @@ "url": "https://github.com/OpenNMS/opennms/pull/5741/files", "refsource": "MISC", "name": "https://github.com/OpenNMS/opennms/pull/5741/files" + }, + { + "url": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13", + "refsource": "MISC", + "name": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13" } ] }, diff --git a/2023/0xxx/CVE-2023-0846.json b/2023/0xxx/CVE-2023-0846.json index e9e5e108736..2e968328aef 100644 --- a/2023/0xxx/CVE-2023-0846.json +++ b/2023/0xxx/CVE-2023-0846.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information." + "value": "Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet." } ] }, @@ -103,6 +103,11 @@ "url": "https://github.com/OpenNMS/opennms/pull/5506/files", "refsource": "MISC", "name": "https://github.com/OpenNMS/opennms/pull/5506/files" + }, + { + "url": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13", + "refsource": "MISC", + "name": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13" } ] }, diff --git a/2023/0xxx/CVE-2023-0867.json b/2023/0xxx/CVE-2023-0867.json index c624561f880..d6ae1a763f7 100644 --- a/2023/0xxx/CVE-2023-0867.json +++ b/2023/0xxx/CVE-2023-0867.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information." + "value": "Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet." } ] }, @@ -114,6 +114,11 @@ "url": "https://github.com/OpenNMS/opennms/pull/5765", "refsource": "MISC", "name": "https://github.com/OpenNMS/opennms/pull/5765" + }, + { + "url": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13", + "refsource": "MISC", + "name": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13" } ] }, diff --git a/2023/0xxx/CVE-2023-0868.json b/2023/0xxx/CVE-2023-0868.json index 20c7e8eb852..505f4a2b460 100644 --- a/2023/0xxx/CVE-2023-0868.json +++ b/2023/0xxx/CVE-2023-0868.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies." + "value": "Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet." } ] }, @@ -80,6 +80,11 @@ "url": "https://github.com/OpenNMS/opennms/pull/5740", "refsource": "MISC", "name": "https://github.com/OpenNMS/opennms/pull/5740" + }, + { + "url": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13", + "refsource": "MISC", + "name": "https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13" } ] }, diff --git a/2023/0xxx/CVE-2023-0869.json b/2023/0xxx/CVE-2023-0869.json index b33613df2d8..dd83341144e 100644 --- a/2023/0xxx/CVE-2023-0869.json +++ b/2023/0xxx/CVE-2023-0869.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information." + "value": "Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet." } ] }, @@ -87,6 +87,11 @@ "url": "https://github.com/OpenNMS/opennms/pull/5734", "refsource": "MISC", "name": "https://github.com/OpenNMS/opennms/pull/5734" + }, + { + "url": "https://docs.opennms.com/meridian/2023/releasenotes/changelog.html#releasenotes-changelog-Meridian-2023.1.0", + "refsource": "MISC", + "name": "https://docs.opennms.com/meridian/2023/releasenotes/changelog.html#releasenotes-changelog-Meridian-2023.1.0" } ] }, diff --git a/2023/1xxx/CVE-2023-1073.json b/2023/1xxx/CVE-2023-1073.json new file mode 100644 index 00000000000..e62ca803581 --- /dev/null +++ b/2023/1xxx/CVE-2023-1073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1074.json b/2023/1xxx/CVE-2023-1074.json new file mode 100644 index 00000000000..c0490e80f63 --- /dev/null +++ b/2023/1xxx/CVE-2023-1074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1075.json b/2023/1xxx/CVE-2023-1075.json new file mode 100644 index 00000000000..8b0b4b19b0a --- /dev/null +++ b/2023/1xxx/CVE-2023-1075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1076.json b/2023/1xxx/CVE-2023-1076.json new file mode 100644 index 00000000000..dab106cd27c --- /dev/null +++ b/2023/1xxx/CVE-2023-1076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1077.json b/2023/1xxx/CVE-2023-1077.json new file mode 100644 index 00000000000..1745611942a --- /dev/null +++ b/2023/1xxx/CVE-2023-1077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1078.json b/2023/1xxx/CVE-2023-1078.json new file mode 100644 index 00000000000..7a44d95f68e --- /dev/null +++ b/2023/1xxx/CVE-2023-1078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1079.json b/2023/1xxx/CVE-2023-1079.json new file mode 100644 index 00000000000..614a61bde41 --- /dev/null +++ b/2023/1xxx/CVE-2023-1079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24249.json b/2023/24xxx/CVE-2023-24249.json index 566072e9d86..1e47535c96e 100644 --- a/2023/24xxx/CVE-2023-24249.json +++ b/2023/24xxx/CVE-2023-24249.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24249", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24249", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://laravel-admin.org/", + "refsource": "MISC", + "name": "https://laravel-admin.org/" + }, + { + "url": "https://github.com/z-song/laravel-admin", + "refsource": "MISC", + "name": "https://github.com/z-song/laravel-admin" + }, + { + "refsource": "MISC", + "name": "https://flyd.uk/post/cve-2023-24249/", + "url": "https://flyd.uk/post/cve-2023-24249/" } ] } diff --git a/2023/24xxx/CVE-2023-24253.json b/2023/24xxx/CVE-2023-24253.json index 5edd6f9eeae..965a8e9797b 100644 --- a/2023/24xxx/CVE-2023-24253.json +++ b/2023/24xxx/CVE-2023-24253.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24253", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24253", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.swascan.com/it/security-advisory-domotica-labs-ikon-server/", + "refsource": "MISC", + "name": "https://www.swascan.com/it/security-advisory-domotica-labs-ikon-server/" } ] }