diff --git a/2022/28xxx/CVE-2022-28494.json b/2022/28xxx/CVE-2022-28494.json index e1b7cbb3f13..cf926105d11 100644 --- a/2022/28xxx/CVE-2022-28494.json +++ b/2022/28xxx/CVE-2022-28494.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28494", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28494", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/B2eFly/Router/blob/main/totolink/CP900/5/5.md", + "refsource": "MISC", + "name": "https://github.com/B2eFly/Router/blob/main/totolink/CP900/5/5.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/B2eFly/CVE/blob/main/totolink/CP900/5/5.md", + "url": "https://github.com/B2eFly/CVE/blob/main/totolink/CP900/5/5.md" } ] } diff --git a/2023/24xxx/CVE-2023-24655.json b/2023/24xxx/CVE-2023-24655.json index 028b3e50a7d..45816b41542 100644 --- a/2023/24xxx/CVE-2023-24655.json +++ b/2023/24xxx/CVE-2023-24655.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24655", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/y0gesh-verma/a9e83220f268f0294a611b82cf266739", + "url": "https://gist.github.com/y0gesh-verma/a9e83220f268f0294a611b82cf266739" + }, + { + "refsource": "MISC", + "name": "https://github.com/y0gesh-verma/CVE/blob/main/CVE-2023-24655/CVE-2023-24655.txt", + "url": "https://github.com/y0gesh-verma/CVE/blob/main/CVE-2023-24655/CVE-2023-24655.txt" } ] } diff --git a/2023/26xxx/CVE-2023-26088.json b/2023/26xxx/CVE-2023-26088.json index dde5f964b2d..1913b80d6f9 100644 --- a/2023/26xxx/CVE-2023-26088.json +++ b/2023/26xxx/CVE-2023-26088.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26088", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26088", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes", + "url": "https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes" + }, + { + "refsource": "MISC", + "name": "https://www.malwarebytes.com/secure/cves/cve-2023-26088", + "url": "https://www.malwarebytes.com/secure/cves/cve-2023-26088" } ] } diff --git a/2023/26xxx/CVE-2023-26498.json b/2023/26xxx/CVE-2023-26498.json index 0966b730ba7..943e9a626d3 100644 --- a/2023/26xxx/CVE-2023-26498.json +++ b/2023/26xxx/CVE-2023-26498.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26498", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26498", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper checking of the number of properties while parsing the chatroom attribute in the SDP (Session Description Protocol) module." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://semiconductor.samsung.com/processor/modem/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/processor/modem/" + }, + { + "url": "https://semiconductor.samsung.com/processor/mobile-processor/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/processor/mobile-processor/" + }, + { + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:L/I:L/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28470.json b/2023/28xxx/CVE-2023-28470.json index 50675dc7782..85798846264 100644 --- a/2023/28xxx/CVE-2023-28470.json +++ b/2023/28xxx/CVE-2023-28470.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-28470", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-28470", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forums.couchbase.com/tags/security", + "refsource": "MISC", + "name": "https://forums.couchbase.com/tags/security" + }, + { + "url": "https://www.couchbase.com/downloads", + "refsource": "MISC", + "name": "https://www.couchbase.com/downloads" + }, + { + "url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", + "refsource": "MISC", + "name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html" + }, + { + "refsource": "MISC", + "name": "https://www.couchbase.com/alerts/", + "url": "https://www.couchbase.com/alerts/" } ] }