From 7ad5c9cd0e66fcd32fa6cbbdddcbfe590132d949 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 May 2023 14:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2873.json | 5 ++ 2022/36xxx/CVE-2022-36280.json | 5 ++ 2022/3xxx/CVE-2022-3424.json | 5 ++ 2022/3xxx/CVE-2022-3545.json | 5 ++ 2022/3xxx/CVE-2022-3707.json | 5 ++ 2022/41xxx/CVE-2022-41218.json | 5 ++ 2022/45xxx/CVE-2022-45934.json | 5 ++ 2022/47xxx/CVE-2022-47929.json | 5 ++ 2022/4xxx/CVE-2022-4744.json | 5 ++ 2023/0xxx/CVE-2023-0045.json | 5 ++ 2023/0xxx/CVE-2023-0266.json | 12 +++- 2023/0xxx/CVE-2023-0394.json | 5 ++ 2023/0xxx/CVE-2023-0458.json | 5 ++ 2023/0xxx/CVE-2023-0461.json | 5 ++ 2023/1xxx/CVE-2023-1073.json | 5 ++ 2023/1xxx/CVE-2023-1074.json | 5 ++ 2023/1xxx/CVE-2023-1078.json | 5 ++ 2023/1xxx/CVE-2023-1079.json | 5 ++ 2023/1xxx/CVE-2023-1118.json | 5 ++ 2023/1xxx/CVE-2023-1281.json | 5 ++ 2023/1xxx/CVE-2023-1513.json | 5 ++ 2023/1xxx/CVE-2023-1670.json | 5 ++ 2023/1xxx/CVE-2023-1829.json | 5 ++ 2023/1xxx/CVE-2023-1855.json | 5 ++ 2023/1xxx/CVE-2023-1989.json | 5 ++ 2023/1xxx/CVE-2023-1990.json | 5 ++ 2023/1xxx/CVE-2023-1998.json | 5 ++ 2023/22xxx/CVE-2023-22683.json | 113 +++++++++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23454.json | 5 ++ 2023/23xxx/CVE-2023-23455.json | 5 ++ 2023/23xxx/CVE-2023-23559.json | 5 ++ 2023/23xxx/CVE-2023-23874.json | 113 +++++++++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23876.json | 113 +++++++++++++++++++++++++++++++-- 2023/25xxx/CVE-2023-25979.json | 113 +++++++++++++++++++++++++++++++-- 2023/26xxx/CVE-2023-26545.json | 5 ++ 2023/28xxx/CVE-2023-28328.json | 5 ++ 2023/2xxx/CVE-2023-2162.json | 5 ++ 2023/2xxx/CVE-2023-2194.json | 5 ++ 2023/2xxx/CVE-2023-2493.json | 18 ++++++ 2023/2xxx/CVE-2023-2494.json | 18 ++++++ 2023/30xxx/CVE-2023-30456.json | 5 ++ 2023/30xxx/CVE-2023-30772.json | 5 ++ 42 files changed, 656 insertions(+), 19 deletions(-) create mode 100644 2023/2xxx/CVE-2023-2493.json create mode 100644 2023/2xxx/CVE-2023-2494.json diff --git a/2022/2xxx/CVE-2022-2873.json b/2022/2xxx/CVE-2022-2873.json index 3c2a38d6585..bb2c9068466 100644 --- a/2022/2xxx/CVE-2022-2873.json +++ b/2022/2xxx/CVE-2022-2873.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2022/36xxx/CVE-2022-36280.json b/2022/36xxx/CVE-2022-36280.json index 2d87341b8e2..6970de1bbc7 100644 --- a/2022/36xxx/CVE-2022-36280.json +++ b/2022/36xxx/CVE-2022-36280.json @@ -102,6 +102,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2022/3xxx/CVE-2022-3424.json b/2022/3xxx/CVE-2022-3424.json index c02050d3ff4..73ef2dac695 100644 --- a/2022/3xxx/CVE-2022-3424.json +++ b/2022/3xxx/CVE-2022-3424.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2022/3xxx/CVE-2022-3545.json b/2022/3xxx/CVE-2022-3545.json index 04ef3d35b49..b9d9582bdf3 100644 --- a/2022/3xxx/CVE-2022-3545.json +++ b/2022/3xxx/CVE-2022-3545.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2022/3xxx/CVE-2022-3707.json b/2022/3xxx/CVE-2022-3707.json index 234305b3257..1bcc549d869 100644 --- a/2022/3xxx/CVE-2022-3707.json +++ b/2022/3xxx/CVE-2022-3707.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2022/41xxx/CVE-2022-41218.json b/2022/41xxx/CVE-2022-41218.json index 621742b13b2..bbbb5e5a1c2 100644 --- a/2022/41xxx/CVE-2022-41218.json +++ b/2022/41xxx/CVE-2022-41218.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2022/45xxx/CVE-2022-45934.json b/2022/45xxx/CVE-2022-45934.json index 2c924a45a33..3745f12763b 100644 --- a/2022/45xxx/CVE-2022-45934.json +++ b/2022/45xxx/CVE-2022-45934.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2022/47xxx/CVE-2022-47929.json b/2022/47xxx/CVE-2022-47929.json index 2919cd1c9c3..8dda0829876 100644 --- a/2022/47xxx/CVE-2022-47929.json +++ b/2022/47xxx/CVE-2022-47929.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2022/4xxx/CVE-2022-4744.json b/2022/4xxx/CVE-2022-4744.json index 009ae450a65..a68e6f5cec7 100644 --- a/2022/4xxx/CVE-2022-4744.json +++ b/2022/4xxx/CVE-2022-4744.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html", "url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/0xxx/CVE-2023-0045.json b/2023/0xxx/CVE-2023-0045.json index 02d17bd01e9..1ca0c28111b 100644 --- a/2023/0xxx/CVE-2023-0045.json +++ b/2023/0xxx/CVE-2023-0045.json @@ -64,6 +64,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/0xxx/CVE-2023-0266.json b/2023/0xxx/CVE-2023-0266.json index 3e76da9f2c9..22be32711d6 100644 --- a/2023/0xxx/CVE-2023-0266.json +++ b/2023/0xxx/CVE-2023-0266.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e" + "value": "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.\u00a0SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit\u00a056b88b50565cd8b946a2d00b0c83927b7ebb055e\n" } ] }, @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_value": "4.14", - "version_affected": "=" + "version_affected": "<", + "version_name": "4.14", + "version_value": "56b88b50565cd8b946a2d00b0c83927b7ebb055e" } ] } @@ -68,6 +69,11 @@ "url": "https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e", "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/0xxx/CVE-2023-0394.json b/2023/0xxx/CVE-2023-0394.json index c46652bf2c3..208bfe33e27 100644 --- a/2023/0xxx/CVE-2023-0394.json +++ b/2023/0xxx/CVE-2023-0394.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/0xxx/CVE-2023-0458.json b/2023/0xxx/CVE-2023-0458.json index 76bdce82803..827dec3044d 100644 --- a/2023/0xxx/CVE-2023-0458.json +++ b/2023/0xxx/CVE-2023-0458.json @@ -69,6 +69,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/0xxx/CVE-2023-0461.json b/2023/0xxx/CVE-2023-0461.json index b3207bcdc86..9e617651dcd 100644 --- a/2023/0xxx/CVE-2023-0461.json +++ b/2023/0xxx/CVE-2023-0461.json @@ -69,6 +69,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1073.json b/2023/1xxx/CVE-2023-1073.json index 835a3445f0f..076f4b7b223 100644 --- a/2023/1xxx/CVE-2023-1073.json +++ b/2023/1xxx/CVE-2023-1073.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1074.json b/2023/1xxx/CVE-2023-1074.json index 8b446d68521..5934956d360 100644 --- a/2023/1xxx/CVE-2023-1074.json +++ b/2023/1xxx/CVE-2023-1074.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1078.json b/2023/1xxx/CVE-2023-1078.json index 896247e41d2..18b5e9e3912 100644 --- a/2023/1xxx/CVE-2023-1078.json +++ b/2023/1xxx/CVE-2023-1078.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1079.json b/2023/1xxx/CVE-2023-1079.json index 910013fde8b..0d0ee2f0fbb 100644 --- a/2023/1xxx/CVE-2023-1079.json +++ b/2023/1xxx/CVE-2023-1079.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1118.json b/2023/1xxx/CVE-2023-1118.json index fd055d7c576..cf80515cf80 100644 --- a/2023/1xxx/CVE-2023-1118.json +++ b/2023/1xxx/CVE-2023-1118.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1281.json b/2023/1xxx/CVE-2023-1281.json index b0f7ac7c7a3..608871fa9d6 100644 --- a/2023/1xxx/CVE-2023-1281.json +++ b/2023/1xxx/CVE-2023-1281.json @@ -79,6 +79,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1513.json b/2023/1xxx/CVE-2023-1513.json index 2691700682f..7ad18a44782 100644 --- a/2023/1xxx/CVE-2023-1513.json +++ b/2023/1xxx/CVE-2023-1513.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1670.json b/2023/1xxx/CVE-2023-1670.json index 2f93f7d1ded..d50ac11a732 100644 --- a/2023/1xxx/CVE-2023-1670.json +++ b/2023/1xxx/CVE-2023-1670.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1829.json b/2023/1xxx/CVE-2023-1829.json index 5e9e81f379c..fd0ab33620f 100644 --- a/2023/1xxx/CVE-2023-1829.json +++ b/2023/1xxx/CVE-2023-1829.json @@ -69,6 +69,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1855.json b/2023/1xxx/CVE-2023-1855.json index 99116c27076..70d6bf78aac 100644 --- a/2023/1xxx/CVE-2023-1855.json +++ b/2023/1xxx/CVE-2023-1855.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1989.json b/2023/1xxx/CVE-2023-1989.json index 522dfefdbc6..56d91134924 100644 --- a/2023/1xxx/CVE-2023-1989.json +++ b/2023/1xxx/CVE-2023-1989.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1990.json b/2023/1xxx/CVE-2023-1990.json index f170aff32d4..1afbe0b633d 100644 --- a/2023/1xxx/CVE-2023-1990.json +++ b/2023/1xxx/CVE-2023-1990.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1998.json b/2023/1xxx/CVE-2023-1998.json index d97079a69f1..c64787072f2 100644 --- a/2023/1xxx/CVE-2023-1998.json +++ b/2023/1xxx/CVE-2023-1998.json @@ -74,6 +74,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/22xxx/CVE-2023-22683.json b/2023/22xxx/CVE-2023-22683.json index bbe632cd832..968321f0d1a 100644 --- a/2023/22xxx/CVE-2023-22683.json +++ b/2023/22xxx/CVE-2023-22683.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themis Solutions, Inc. Clio Grow plugin <=\u00a01.0.0 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Themis Solutions, Inc.", + "product": { + "product_data": [ + { + "product_name": "Clio Grow", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/clio-grow-form/wordpress-clio-grow-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/clio-grow-form/wordpress-clio-grow-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.1 or a higher version." + } + ], + "value": "Update to\u00a01.0.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rio Darmawan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23454.json b/2023/23xxx/CVE-2023-23454.json index 235c65b0167..005eed46453 100644 --- a/2023/23xxx/CVE-2023-23454.json +++ b/2023/23xxx/CVE-2023-23454.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2023/23xxx/CVE-2023-23455.json b/2023/23xxx/CVE-2023-23455.json index 7a5aa0f170d..1ea4cfd980b 100644 --- a/2023/23xxx/CVE-2023-23455.json +++ b/2023/23xxx/CVE-2023-23455.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2023/23xxx/CVE-2023-23559.json b/2023/23xxx/CVE-2023-23559.json index 1fe61b00228..ad182c82f0b 100644 --- a/2023/23xxx/CVE-2023-23559.json +++ b/2023/23xxx/CVE-2023-23559.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2023/23xxx/CVE-2023-23874.json b/2023/23xxx/CVE-2023-23874.json index d3cc78aaa14..9877be64272 100644 --- a/2023/23xxx/CVE-2023-23874.json +++ b/2023/23xxx/CVE-2023-23874.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <=\u00a03.0.32 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Metaphor Creations", + "product": { + "product_data": [ + { + "product_name": "Ditty", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.0.33", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.0.32", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ditty-news-ticker/wordpress-ditty-wordpress-plugin-responsive-slider-list-and-ticker-display-plugin-3-0-32-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ditty-news-ticker/wordpress-ditty-wordpress-plugin-responsive-slider-list-and-ticker-display-plugin-3-0-32-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.0.33 or a higher version." + } + ], + "value": "Update to\u00a03.0.33 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafshanzani Suhada (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23876.json b/2023/23xxx/CVE-2023-23876.json index c1e85cd29da..59e35fb5d91 100644 --- a/2023/23xxx/CVE-2023-23876.json +++ b/2023/23xxx/CVE-2023-23876.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <=\u00a02.1.49 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TMS-Plugins", + "product": { + "product_data": [ + { + "product_name": "wpDataTables", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.50", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.49", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1.50 or a higher version." + } + ], + "value": "Update to\u00a02.1.50 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafshanzani Suhada (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25979.json b/2023/25xxx/CVE-2023-25979.json index f30de779b97..f42942c3c32 100644 --- a/2023/25xxx/CVE-2023-25979.json +++ b/2023/25xxx/CVE-2023-25979.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <=\u00a01.7.6 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Video Gallery by Total-Soft", + "product": { + "product_data": [ + { + "product_name": "Video Gallery", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.7.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.7.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/gallery-videos/wordpress-video-gallery-youtube-gallery-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/gallery-videos/wordpress-video-gallery-youtube-gallery-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.7.7 or a higher version." + } + ], + "value": "Update to\u00a01.7.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "yuyudhn (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/26xxx/CVE-2023-26545.json b/2023/26xxx/CVE-2023-26545.json index 1fdc8eb6d27..489bda2563d 100644 --- a/2023/26xxx/CVE-2023-26545.json +++ b/2023/26xxx/CVE-2023-26545.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2023/28xxx/CVE-2023-28328.json b/2023/28xxx/CVE-2023-28328.json index d5b8a5ff4d2..c2bba4936cc 100644 --- a/2023/28xxx/CVE-2023-28328.json +++ b/2023/28xxx/CVE-2023-28328.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2162.json b/2023/2xxx/CVE-2023-2162.json index f7f6ffb8c5b..7226946bed8 100644 --- a/2023/2xxx/CVE-2023-2162.json +++ b/2023/2xxx/CVE-2023-2162.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2194.json b/2023/2xxx/CVE-2023-2194.json index fbcd27fcebe..156579807dc 100644 --- a/2023/2xxx/CVE-2023-2194.json +++ b/2023/2xxx/CVE-2023-2194.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2493.json b/2023/2xxx/CVE-2023-2493.json new file mode 100644 index 00000000000..6e371ef8680 --- /dev/null +++ b/2023/2xxx/CVE-2023-2493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2494.json b/2023/2xxx/CVE-2023-2494.json new file mode 100644 index 00000000000..b58313b9804 --- /dev/null +++ b/2023/2xxx/CVE-2023-2494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/30xxx/CVE-2023-30456.json b/2023/30xxx/CVE-2023-30456.json index 3d65f8dee85..2cfecd2bee6 100644 --- a/2023/30xxx/CVE-2023-30456.json +++ b/2023/30xxx/CVE-2023-30456.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2023/30xxx/CVE-2023-30772.json b/2023/30xxx/CVE-2023-30772.json index 2fade9f1f95..c69b48c1c3d 100644 --- a/2023/30xxx/CVE-2023-30772.json +++ b/2023/30xxx/CVE-2023-30772.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1210329", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1210329" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] },