"-Synchronized-Data."

2025-06-10 02:04:31 +00:00 · 2023-08-25 05:00:31 +00:00 · 2023-08-25 05:00:31 +00:00 · 71d4d59eae
commit 71d4d59eae
parent 9ea717ab24
5 changed files with 80 additions and 8 deletions
--- a/2023/38xxx/CVE-2023-38574.json
+++ b/2023/38xxx/CVE-2023-38574.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-38574",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/39xxx/CVE-2023-39938.json
+++ b/2023/39xxx/CVE-2023-39938.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-39938",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/3xxx/CVE-2023-3260.json
+++ b/2023/3xxx/CVE-2023-3260.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server."
+                "value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system."
            }
        ]
    },
@ -32,16 +32,16 @@
        "vendor": {
            "vendor_data": [
                {
-                    "vendor_name": "CyberPower",
+                    "vendor_name": "Dataprobe",
                    "product": {
                        "product_data": [
                            {
-                                "product_name": "PowerPanel Enterprise",
+                                "product_name": "iBoot PDU",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
-                                            "version_value": "v2.6.0"
+                                            "version_value": "1.43.03312023"
                                        }
                                    ]
                                }
@ -79,14 +79,14 @@
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
-                "baseScore": 9.1,
-                "baseSeverity": "CRITICAL",
+                "baseScore": 7.2,
+                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
-                "scope": "CHANGED",
+                "scope": "UNCHANGED",
                "userInteraction": "NONE",
-                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
--- a/2023/40xxx/CVE-2023-40535.json
+++ b/2023/40xxx/CVE-2023-40535.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-40535",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/40xxx/CVE-2023-40705.json
+++ b/2023/40xxx/CVE-2023-40705.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-40705",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}