diff --git a/2021/46xxx/CVE-2021-46880.json b/2021/46xxx/CVE-2021-46880.json new file mode 100644 index 00000000000..691024b3ecf --- /dev/null +++ b/2021/46xxx/CVE-2021-46880.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-46880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt", + "refsource": "MISC", + "name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt" + }, + { + "url": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8", + "refsource": "MISC", + "name": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8" + }, + { + "refsource": "MISC", + "name": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig", + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig" + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22372.json b/2023/22xxx/CVE-2023-22372.json new file mode 100644 index 00000000000..e77a3b7d6af --- /dev/null +++ b/2023/22xxx/CVE-2023-22372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24461.json b/2023/24xxx/CVE-2023-24461.json new file mode 100644 index 00000000000..c5717c7c0aa --- /dev/null +++ b/2023/24xxx/CVE-2023-24461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24594.json b/2023/24xxx/CVE-2023-24594.json new file mode 100644 index 00000000000..f949d7a235b --- /dev/null +++ b/2023/24xxx/CVE-2023-24594.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24594", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/26xxx/CVE-2023-26463.json b/2023/26xxx/CVE-2023-26463.json index e6bdff1bf62..6204bc55b81 100644 --- a/2023/26xxx/CVE-2023-26463.json +++ b/2023/26xxx/CVE-2023-26463.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26463", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named \"public\" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "n/a", + "status": "unknown" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strongswan/strongswan/releases", + "refsource": "MISC", + "name": "https://github.com/strongswan/strongswan/releases" + }, + { + "url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html", + "refsource": "MISC", + "name": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html" } ] } diff --git a/2023/27xxx/CVE-2023-27378.json b/2023/27xxx/CVE-2023-27378.json new file mode 100644 index 00000000000..eed9c79fcef --- /dev/null +++ b/2023/27xxx/CVE-2023-27378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-27378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/27xxx/CVE-2023-27571.json b/2023/27xxx/CVE-2023-27571.json index 2e9361a9b62..a60f2b0b15d 100644 --- a/2023/27xxx/CVE-2023-27571.json +++ b/2023/27xxx/CVE-2023-27571.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27571", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27571", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "url": "https://www.sec-consult.com/en/blog/", + "refsource": "MISC", + "name": "https://www.sec-consult.com/en/blog/" + }, + { + "refsource": "MISC", + "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/", + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/" } ] } diff --git a/2023/27xxx/CVE-2023-27572.json b/2023/27xxx/CVE-2023-27572.json index c2e4f53b350..f64d7622072 100644 --- a/2023/27xxx/CVE-2023-27572.json +++ b/2023/27xxx/CVE-2023-27572.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27572", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27572", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "url": "https://www.sec-consult.com/en/blog/", + "refsource": "MISC", + "name": "https://www.sec-consult.com/en/blog/" + }, + { + "refsource": "MISC", + "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/", + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/" } ] } diff --git a/2023/28xxx/CVE-2023-28406.json b/2023/28xxx/CVE-2023-28406.json new file mode 100644 index 00000000000..be508be69ce --- /dev/null +++ b/2023/28xxx/CVE-2023-28406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28656.json b/2023/28xxx/CVE-2023-28656.json new file mode 100644 index 00000000000..9b2aa801ede --- /dev/null +++ b/2023/28xxx/CVE-2023-28656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28724.json b/2023/28xxx/CVE-2023-28724.json new file mode 100644 index 00000000000..43392f8608a --- /dev/null +++ b/2023/28xxx/CVE-2023-28724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28742.json b/2023/28xxx/CVE-2023-28742.json new file mode 100644 index 00000000000..2d987834797 --- /dev/null +++ b/2023/28xxx/CVE-2023-28742.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28742", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29163.json b/2023/29xxx/CVE-2023-29163.json new file mode 100644 index 00000000000..041bb6ef0ae --- /dev/null +++ b/2023/29xxx/CVE-2023-29163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29240.json b/2023/29xxx/CVE-2023-29240.json new file mode 100644 index 00000000000..a64c249af39 --- /dev/null +++ b/2023/29xxx/CVE-2023-29240.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29240", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file