diff --git a/2020/24xxx/CVE-2020-24736.json b/2020/24xxx/CVE-2020-24736.json index dddb5bd2bb1..7764503ff9b 100644 --- a/2020/24xxx/CVE-2020-24736.json +++ b/2020/24xxx/CVE-2020-24736.json @@ -56,6 +56,11 @@ "url": "https://www.sqlite.org/src/info/4feb3159c6bc3f7e33959", "refsource": "MISC", "name": "https://www.sqlite.org/src/info/4feb3159c6bc3f7e33959" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230526-0005/", + "url": "https://security.netapp.com/advisory/ntap-20230526-0005/" } ] } diff --git a/2022/4xxx/CVE-2022-4744.json b/2022/4xxx/CVE-2022-4744.json index a68e6f5cec7..9dd011fb2a2 100644 --- a/2022/4xxx/CVE-2022-4744.json +++ b/2022/4xxx/CVE-2022-4744.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230526-0009/", + "url": "https://security.netapp.com/advisory/ntap-20230526-0009/" } ] }, diff --git a/2023/0xxx/CVE-2023-0620.json b/2023/0xxx/CVE-2023-0620.json index a8e90b0a3c2..926461f51fa 100644 --- a/2023/0xxx/CVE-2023-0620.json +++ b/2023/0xxx/CVE-2023-0620.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9." + "value": "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\n\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9." } ] }, @@ -91,6 +91,11 @@ "url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1", "refsource": "MISC", "name": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230526-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ] }, diff --git a/2023/0xxx/CVE-2023-0665.json b/2023/0xxx/CVE-2023-0665.json index 90dd4498204..0818c4d23da 100644 --- a/2023/0xxx/CVE-2023-0665.json +++ b/2023/0xxx/CVE-2023-0665.json @@ -91,6 +91,11 @@ "url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1", "refsource": "MISC", "name": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230526-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ] }, diff --git a/2023/1xxx/CVE-2023-1670.json b/2023/1xxx/CVE-2023-1670.json index d50ac11a732..6aa845a134d 100644 --- a/2023/1xxx/CVE-2023-1670.json +++ b/2023/1xxx/CVE-2023-1670.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230526-0010/", + "url": "https://security.netapp.com/advisory/ntap-20230526-0010/" } ] }, diff --git a/2023/20xxx/CVE-2023-20862.json b/2023/20xxx/CVE-2023-20862.json index 4fa90677b35..0f537a5bda9 100644 --- a/2023/20xxx/CVE-2023-20862.json +++ b/2023/20xxx/CVE-2023-20862.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://spring.io/security/cve-2023-20862", "url": "https://spring.io/security/cve-2023-20862" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230526-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230526-0002/" } ] }, diff --git a/2023/24xxx/CVE-2023-24534.json b/2023/24xxx/CVE-2023-24534.json index 019330ef233..d25d78f4e61 100644 --- a/2023/24xxx/CVE-2023-24534.json +++ b/2023/24xxx/CVE-2023-24534.json @@ -78,6 +78,11 @@ "url": "https://pkg.go.dev/vuln/GO-2023-1704", "refsource": "MISC", "name": "https://pkg.go.dev/vuln/GO-2023-1704" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230526-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230526-0007/" } ] }, diff --git a/2023/24xxx/CVE-2023-24536.json b/2023/24xxx/CVE-2023-24536.json index e8cefe4cd85..8f0c822bef9 100644 --- a/2023/24xxx/CVE-2023-24536.json +++ b/2023/24xxx/CVE-2023-24536.json @@ -76,11 +76,6 @@ }, "references": { "reference_data": [ - { - "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", - "refsource": "MISC", - "name": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" - }, { "url": "https://go.dev/issue/59153", "refsource": "MISC", @@ -101,10 +96,20 @@ "refsource": "MISC", "name": "https://go.dev/cl/482077" }, + { + "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" + }, { "url": "https://pkg.go.dev/vuln/GO-2023-1705", "refsource": "MISC", "name": "https://pkg.go.dev/vuln/GO-2023-1705" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230526-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230526-0007/" } ] }, diff --git a/2023/25xxx/CVE-2023-25000.json b/2023/25xxx/CVE-2023-25000.json index a6d65d0929c..ce4e7aac5bd 100644 --- a/2023/25xxx/CVE-2023-25000.json +++ b/2023/25xxx/CVE-2023-25000.json @@ -101,6 +101,11 @@ "url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078", "refsource": "MISC", "name": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230526-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ] }, diff --git a/2023/26xxx/CVE-2023-26048.json b/2023/26xxx/CVE-2023-26048.json index 2dc218b93b5..c3405afa3d2 100644 --- a/2023/26xxx/CVE-2023-26048.json +++ b/2023/26xxx/CVE-2023-26048.json @@ -86,6 +86,11 @@ "url": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", "refsource": "MISC", "name": "https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230526-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230526-0001/" } ] }, diff --git a/2023/26xxx/CVE-2023-26049.json b/2023/26xxx/CVE-2023-26049.json index 7ef0afa863d..99845ede2f0 100644 --- a/2023/26xxx/CVE-2023-26049.json +++ b/2023/26xxx/CVE-2023-26049.json @@ -90,6 +90,11 @@ "url": "https://www.rfc-editor.org/rfc/rfc6265", "refsource": "MISC", "name": "https://www.rfc-editor.org/rfc/rfc6265" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230526-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230526-0001/" } ] }, diff --git a/2023/28xxx/CVE-2023-28755.json b/2023/28xxx/CVE-2023-28755.json index eb36f500257..ebac090f68f 100644 --- a/2023/28xxx/CVE-2023-28755.json +++ b/2023/28xxx/CVE-2023-28755.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230526-0003/", + "url": "https://security.netapp.com/advisory/ntap-20230526-0003/" } ] } diff --git a/2023/28xxx/CVE-2023-28756.json b/2023/28xxx/CVE-2023-28756.json index de2daf1339c..93f4aad45d9 100644 --- a/2023/28xxx/CVE-2023-28756.json +++ b/2023/28xxx/CVE-2023-28756.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230526-0004/", + "url": "https://security.netapp.com/advisory/ntap-20230526-0004/" } ] } diff --git a/2023/29xxx/CVE-2023-29323.json b/2023/29xxx/CVE-2023-29323.json index 5408830f45c..a556630295d 100644 --- a/2023/29xxx/CVE-2023-29323.json +++ b/2023/29xxx/CVE-2023-29323.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae", "url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230526-0006/", + "url": "https://security.netapp.com/advisory/ntap-20230526-0006/" } ] } diff --git a/2023/2xxx/CVE-2023-2921.json b/2023/2xxx/CVE-2023-2921.json new file mode 100644 index 00000000000..76a93526b3a --- /dev/null +++ b/2023/2xxx/CVE-2023-2921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/33xxx/CVE-2023-33197.json b/2023/33xxx/CVE-2023-33197.json index 6c978036f13..0eec57524dc 100644 --- a/2023/33xxx/CVE-2023-33197.json +++ b/2023/33xxx/CVE-2023-33197.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "cweId": "CWE-80" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "craftcms", + "product": { + "product_data": [ + { + "product_name": "cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.0.0-RC1, <= 4.4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr" + }, + { + "url": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/commit/8c2ad0bd313015b8ee42326af2848ee748f1d766" + }, + { + "url": "https://github.com/craftcms/cms/releases/tag/4.4.6", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/releases/tag/4.4.6" + } + ] + }, + "source": { + "advisory": "GHSA-6qjx-787v-6pxr", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33247.json b/2023/33xxx/CVE-2023-33247.json index ce0ea766f4c..6309e5fe6ad 100644 --- a/2023/33xxx/CVE-2023-33247.json +++ b/2023/33xxx/CVE-2023-33247.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33247", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33247", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs", + "url": "https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs" } ] } diff --git a/2023/33xxx/CVE-2023-33255.json b/2023/33xxx/CVE-2023-33255.json index 647bb9a747d..657b729885e 100644 --- a/2023/33xxx/CVE-2023-33255.json +++ b/2023/33xxx/CVE-2023-33255.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33255", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33255", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://schutzwerk.com", + "refsource": "MISC", + "name": "https://schutzwerk.com" + }, + { + "refsource": "MISC", + "name": "https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt", + "url": "https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt" } ] }