From 7f0a501f4db61b5a2da216e63619c73bea48ef97 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 26 Jan 2023 21:07:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/7xxx/CVE-2018-7364.json | 10 ++++ 2020/18xxx/CVE-2020-18329.json | 61 +++++++++++++++++-- 2020/18xxx/CVE-2020-18331.json | 61 +++++++++++++++++-- 2020/21xxx/CVE-2020-21596.json | 5 ++ 2020/21xxx/CVE-2020-21597.json | 5 ++ 2020/21xxx/CVE-2020-21598.json | 5 ++ 2021/29xxx/CVE-2021-29023.json | 5 ++ 2022/21xxx/CVE-2022-21192.json | 83 ++++++++++++++++++++++++-- 2022/21xxx/CVE-2022-21810.json | 87 ++++++++++++++++++++++++++-- 2022/25xxx/CVE-2022-25847.json | 83 ++++++++++++++++++++++++-- 2022/25xxx/CVE-2022-25882.json | 103 +++++++++++++++++++++++++++++++-- 2022/25xxx/CVE-2022-25894.json | 88 ++++++++++++++++++++++++++-- 2022/25xxx/CVE-2022-25927.json | 87 ++++++++++++++++++++++++++-- 2022/25xxx/CVE-2022-25962.json | 78 +++++++++++++++++++++++-- 2022/32xxx/CVE-2022-32212.json | 5 ++ 2022/32xxx/CVE-2022-32213.json | 5 ++ 2022/32xxx/CVE-2022-32214.json | 5 ++ 2022/32xxx/CVE-2022-32215.json | 5 ++ 2022/35xxx/CVE-2022-35255.json | 5 ++ 2022/35xxx/CVE-2022-35256.json | 5 ++ 2022/37xxx/CVE-2022-37290.json | 5 ++ 2022/43xxx/CVE-2022-43235.json | 5 ++ 2022/43xxx/CVE-2022-43236.json | 5 ++ 2022/43xxx/CVE-2022-43237.json | 5 ++ 2022/43xxx/CVE-2022-43238.json | 5 ++ 2022/43xxx/CVE-2022-43239.json | 5 ++ 2022/43xxx/CVE-2022-43240.json | 5 ++ 2022/43xxx/CVE-2022-43241.json | 5 ++ 2022/43xxx/CVE-2022-43242.json | 5 ++ 2022/43xxx/CVE-2022-43243.json | 5 ++ 2022/43xxx/CVE-2022-43244.json | 5 ++ 2022/43xxx/CVE-2022-43245.json | 5 ++ 2022/43xxx/CVE-2022-43248.json | 5 ++ 2022/43xxx/CVE-2022-43249.json | 5 ++ 2022/43xxx/CVE-2022-43250.json | 5 ++ 2022/43xxx/CVE-2022-43252.json | 5 ++ 2022/43xxx/CVE-2022-43253.json | 5 ++ 2022/43xxx/CVE-2022-43548.json | 5 ++ 2022/44xxx/CVE-2022-44018.json | 56 ++++++++++++++++-- 2022/45xxx/CVE-2022-45730.json | 61 +++++++++++++++++-- 2022/45xxx/CVE-2022-45920.json | 56 ++++++++++++++++-- 2022/46xxx/CVE-2022-46128.json | 61 +++++++++++++++++-- 2022/46xxx/CVE-2022-46624.json | 61 +++++++++++++++++-- 2022/46xxx/CVE-2022-46957.json | 61 +++++++++++++++++-- 2022/47xxx/CVE-2022-47052.json | 56 ++++++++++++++++-- 2022/47xxx/CVE-2022-47073.json | 61 +++++++++++++++++-- 2022/47xxx/CVE-2022-47655.json | 5 ++ 2022/47xxx/CVE-2022-47950.json | 5 ++ 2023/0xxx/CVE-2023-0488.json | 18 ++++++ 2023/0xxx/CVE-2023-0489.json | 18 ++++++ 2023/0xxx/CVE-2023-0490.json | 18 ++++++ 2023/0xxx/CVE-2023-0491.json | 18 ++++++ 2023/0xxx/CVE-2023-0492.json | 18 ++++++ 2023/0xxx/CVE-2023-0493.json | 18 ++++++ 2023/22xxx/CVE-2023-22845.json | 18 ++++++ 2023/23xxx/CVE-2023-23589.json | 5 ++ 2023/24xxx/CVE-2023-24472.json | 18 ++++++ 2023/24xxx/CVE-2023-24473.json | 18 ++++++ 2023/24xxx/CVE-2023-24508.json | 2 +- 59 files changed, 1444 insertions(+), 89 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0488.json create mode 100644 2023/0xxx/CVE-2023-0489.json create mode 100644 2023/0xxx/CVE-2023-0490.json create mode 100644 2023/0xxx/CVE-2023-0491.json create mode 100644 2023/0xxx/CVE-2023-0492.json create mode 100644 2023/0xxx/CVE-2023-0493.json create mode 100644 2023/22xxx/CVE-2023-22845.json create mode 100644 2023/24xxx/CVE-2023-24472.json create mode 100644 2023/24xxx/CVE-2023-24473.json diff --git a/2018/7xxx/CVE-2018-7364.json b/2018/7xxx/CVE-2018-7364.json index 088f7270298..eaca422917e 100644 --- a/2018/7xxx/CVE-2018-7364.json +++ b/2018/7xxx/CVE-2018-7364.json @@ -73,6 +73,16 @@ "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943", "refsource": "CONFIRM", "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943" + }, + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943" + }, + { + "refsource": "MISC", + "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p", + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p" } ] }, diff --git a/2020/18xxx/CVE-2020-18329.json b/2020/18xxx/CVE-2020-18329.json index 28ae2b3c365..aff0248e405 100644 --- a/2020/18xxx/CVE-2020-18329.json +++ b/2020/18xxx/CVE-2020-18329.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18329", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18329", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694", + "refsource": "MISC", + "name": "https://medium.com/@SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694" + }, + { + "refsource": "MISC", + "name": "https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md", + "url": "https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md" } ] } diff --git a/2020/18xxx/CVE-2020-18331.json b/2020/18xxx/CVE-2020-18331.json index c0f1572d301..90441d26363 100644 --- a/2020/18xxx/CVE-2020-18331.json +++ b/2020/18xxx/CVE-2020-18331.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18331", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18331", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@SergiuSechel/insecure-permissions-and-multiple-vulnerabilities-in-chinamobile-plc-wireless-routers-leaves-more-d3eb9ff70d24", + "refsource": "MISC", + "name": "https://medium.com/@SergiuSechel/insecure-permissions-and-multiple-vulnerabilities-in-chinamobile-plc-wireless-routers-leaves-more-d3eb9ff70d24" + }, + { + "refsource": "MISC", + "name": "https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18331.md", + "url": "https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18331.md" } ] } diff --git a/2020/21xxx/CVE-2020-21596.json b/2020/21xxx/CVE-2020-21596.json index 76911e3783c..0e6a7a0d0cb 100644 --- a/2020/21xxx/CVE-2020-21596.json +++ b/2020/21xxx/CVE-2020-21596.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/236", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/236" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2020/21xxx/CVE-2020-21597.json b/2020/21xxx/CVE-2020-21597.json index c95d673d861..b78abf723f1 100644 --- a/2020/21xxx/CVE-2020-21597.json +++ b/2020/21xxx/CVE-2020-21597.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/238", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/238" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2020/21xxx/CVE-2020-21598.json b/2020/21xxx/CVE-2020-21598.json index abf56860294..77c4c370742 100644 --- a/2020/21xxx/CVE-2020-21598.json +++ b/2020/21xxx/CVE-2020-21598.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://cwe.mitre.org/data/definitions/122.html", "url": "https://cwe.mitre.org/data/definitions/122.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2021/29xxx/CVE-2021-29023.json b/2021/29xxx/CVE-2021-29023.json index 1953845cca6..8ef8c0934bb 100644 --- a/2021/29xxx/CVE-2021-29023.json +++ b/2021/29xxx/CVE-2021-29023.json @@ -56,6 +56,11 @@ "url": "https://notnnor.github.io/research/2021/03/16/weak-password-recovery-mechanism-in-invoiceplane.html", "refsource": "MISC", "name": "https://notnnor.github.io/research/2021/03/16/weak-password-recovery-mechanism-in-invoiceplane.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/InvoicePlane/InvoicePlane/pull/767", + "url": "https://github.com/InvoicePlane/InvoicePlane/pull/767" } ] } diff --git a/2022/21xxx/CVE-2022-21192.json b/2022/21xxx/CVE-2022-21192.json index de6f2c824e7..fbd1d8cbcce 100644 --- a/2022/21xxx/CVE-2022-21192.json +++ b/2022/21xxx/CVE-2022-21192.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "serve-lite", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-SERVELITE-3149916", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-SERVELITE-3149916" + }, + { + "url": "https://gist.github.com/lirantal/9ccdfda0edcb95e36d07a04b0b6c2db0", + "refsource": "MISC", + "name": "https://gist.github.com/lirantal/9ccdfda0edcb95e36d07a04b0b6c2db0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Liran Tal" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2022/21xxx/CVE-2022-21810.json b/2022/21xxx/CVE-2022-21810.json index f48efafa0db..f62d05128eb 100644 --- a/2022/21xxx/CVE-2022-21810.json +++ b/2022/21xxx/CVE-2022-21810.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "smartctl", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-SMARTCTL-3175613" + }, + { + "url": "https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18", + "refsource": "MISC", + "name": "https://github.com/baslr/node-smartctl/blob/f61266084d5b3e4baae9bd85f67ec4ec6a716736/index.js%23L18" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Junmin Zhu at SJTU" + }, + { + "lang": "en", + "value": "JHU System Security Lab" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P" } ] } diff --git a/2022/25xxx/CVE-2022-25847.json b/2022/25xxx/CVE-2022-25847.json index 509fbfab816..8dd09479e4b 100644 --- a/2022/25xxx/CVE-2022-25847.json +++ b/2022/25xxx/CVE-2022-25847.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "serve-lite", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-SERVELITE-3149915", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-SERVELITE-3149915" + }, + { + "url": "https://gist.github.com/lirantal/52debd25284726fcc2eaed9c7512975c", + "refsource": "MISC", + "name": "https://gist.github.com/lirantal/52debd25284726fcc2eaed9c7512975c" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Liran Tal" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ] } diff --git a/2022/25xxx/CVE-2022-25882.json b/2022/25xxx/CVE-2022-25882.json index 7faf0ea38ed..10785f23b73 100644 --- a/2022/25xxx/CVE-2022-25882.json +++ b/2022/25xxx/CVE-2022-25882.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25882", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example \"../../../etc/passwd\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "onnx", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479" + }, + { + "url": "https://github.com/onnx/onnx/issues/3991", + "refsource": "MISC", + "name": "https://github.com/onnx/onnx/issues/3991" + }, + { + "url": "https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129", + "refsource": "MISC", + "name": "https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129" + }, + { + "url": "https://github.com/onnx/onnx/pull/4400", + "refsource": "MISC", + "name": "https://github.com/onnx/onnx/pull/4400" + }, + { + "url": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d", + "refsource": "MISC", + "name": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d" + }, + { + "url": "https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856", + "refsource": "MISC", + "name": "https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "jnovikov" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" } ] } diff --git a/2022/25xxx/CVE-2022-25894.json b/2022/25xxx/CVE-2022-25894.json index b7135175c62..91467a6d226 100644 --- a/2022/25xxx/CVE-2022-25894.json +++ b/2022/25xxx/CVE-2022-25894.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25894", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution (RCE)", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "com.bstek.uflo:uflo-core", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMBSTEKUFLO-3091112", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JAVA-COMBSTEKUFLO-3091112" + }, + { + "url": "https://github.com/youseries/uflo/blob/b3e198bc6523e5a6ba69edd84ba10e05a3b78726/uflo-core/src/main/java/com/bstek/uflo/expr/impl/ExpressionContextImpl.java%23L126", + "refsource": "MISC", + "name": "https://github.com/youseries/uflo/blob/b3e198bc6523e5a6ba69edd84ba10e05a3b78726/uflo-core/src/main/java/com/bstek/uflo/expr/impl/ExpressionContextImpl.java%23L126" + }, + { + "url": "https://fmyyy1.github.io/2022/10/23/uflo2rce/", + "refsource": "MISC", + "name": "https://fmyyy1.github.io/2022/10/23/uflo2rce/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "fmyyy" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P" } ] } diff --git a/2022/25xxx/CVE-2022-25927.json b/2022/25xxx/CVE-2022-25927.json index ae4eab90b94..cc444dba05c 100644 --- a/2022/25xxx/CVE-2022-25927.json +++ b/2022/25xxx/CVE-2022-25927.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Regular Expression Denial of Service (ReDoS)", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ua-parser-js", + "version": { + "version_data": [ + { + "version_value": "0.7.30", + "version_affected": "=" + }, + { + "version_value": "0.8.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450" + }, + { + "url": "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411", + "refsource": "MISC", + "name": "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Beau Harder" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P" } ] } diff --git a/2022/25xxx/CVE-2022-25962.json b/2022/25xxx/CVE-2022-25962.json index 4d42b584260..514f31a2e6f 100644 --- a/2022/25xxx/CVE-2022-25962.json +++ b/2022/25xxx/CVE-2022-25962.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "vagrant.js", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-VAGRANTJS-3175614", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-VAGRANTJS-3175614" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "HU System Security Lab" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P" } ] } diff --git a/2022/32xxx/CVE-2022-32212.json b/2022/32xxx/CVE-2022-32212.json index 4bf70871ad0..17648b1a39e 100644 --- a/2022/32xxx/CVE-2022-32212.json +++ b/2022/32xxx/CVE-2022-32212.json @@ -88,6 +88,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5326", + "url": "https://www.debian.org/security/2023/dsa-5326" } ] }, diff --git a/2022/32xxx/CVE-2022-32213.json b/2022/32xxx/CVE-2022-32213.json index 0a52ebf1f7e..d8f47d1b718 100644 --- a/2022/32xxx/CVE-2022-32213.json +++ b/2022/32xxx/CVE-2022-32213.json @@ -73,6 +73,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5326", + "url": "https://www.debian.org/security/2023/dsa-5326" } ] }, diff --git a/2022/32xxx/CVE-2022-32214.json b/2022/32xxx/CVE-2022-32214.json index 001677f7022..24a1e3aafaa 100644 --- a/2022/32xxx/CVE-2022-32214.json +++ b/2022/32xxx/CVE-2022-32214.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/1524692", "url": "https://hackerone.com/reports/1524692" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5326", + "url": "https://www.debian.org/security/2023/dsa-5326" } ] }, diff --git a/2022/32xxx/CVE-2022-32215.json b/2022/32xxx/CVE-2022-32215.json index 443451e753c..d22bc0784c7 100644 --- a/2022/32xxx/CVE-2022-32215.json +++ b/2022/32xxx/CVE-2022-32215.json @@ -73,6 +73,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5326", + "url": "https://www.debian.org/security/2023/dsa-5326" } ] }, diff --git a/2022/35xxx/CVE-2022-35255.json b/2022/35xxx/CVE-2022-35255.json index f2896427cfb..915651c7c08 100644 --- a/2022/35xxx/CVE-2022-35255.json +++ b/2022/35xxx/CVE-2022-35255.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230113-0002/", "url": "https://security.netapp.com/advisory/ntap-20230113-0002/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5326", + "url": "https://www.debian.org/security/2023/dsa-5326" } ] }, diff --git a/2022/35xxx/CVE-2022-35256.json b/2022/35xxx/CVE-2022-35256.json index 8214228e575..b54ec367377 100644 --- a/2022/35xxx/CVE-2022-35256.json +++ b/2022/35xxx/CVE-2022-35256.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5326", + "url": "https://www.debian.org/security/2023/dsa-5326" } ] }, diff --git a/2022/37xxx/CVE-2022-37290.json b/2022/37xxx/CVE-2022-37290.json index c7c988ca9e6..2bc40a51dca 100644 --- a/2022/37xxx/CVE-2022-37290.json +++ b/2022/37xxx/CVE-2022-37290.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-dbe1157188", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX5CVF4FAHFA6UNKHFBBLOP2NUMIQJAY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2023-f81ad89b81", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYPDZ7LBBUVU3WFK7DCGDFGK2GXTKGT5/" } ] } diff --git a/2022/43xxx/CVE-2022-43235.json b/2022/43xxx/CVE-2022-43235.json index 749d5f16453..4fa7ec89a9d 100644 --- a/2022/43xxx/CVE-2022-43235.json +++ b/2022/43xxx/CVE-2022-43235.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/337", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/337" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43236.json b/2022/43xxx/CVE-2022-43236.json index 81beb97850a..88b660e4e0e 100644 --- a/2022/43xxx/CVE-2022-43236.json +++ b/2022/43xxx/CVE-2022-43236.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/343", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/343" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43237.json b/2022/43xxx/CVE-2022-43237.json index 0f7c3378781..431939a3315 100644 --- a/2022/43xxx/CVE-2022-43237.json +++ b/2022/43xxx/CVE-2022-43237.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/344", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/344" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43238.json b/2022/43xxx/CVE-2022-43238.json index 68b30ec9423..30be1ed67b6 100644 --- a/2022/43xxx/CVE-2022-43238.json +++ b/2022/43xxx/CVE-2022-43238.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/336", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/336" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43239.json b/2022/43xxx/CVE-2022-43239.json index 8eb799c1986..50ac4fc8298 100644 --- a/2022/43xxx/CVE-2022-43239.json +++ b/2022/43xxx/CVE-2022-43239.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/341", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/341" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43240.json b/2022/43xxx/CVE-2022-43240.json index 0297da38218..9c059625141 100644 --- a/2022/43xxx/CVE-2022-43240.json +++ b/2022/43xxx/CVE-2022-43240.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/335", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/335" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43241.json b/2022/43xxx/CVE-2022-43241.json index 51197b6684c..7f23a34185d 100644 --- a/2022/43xxx/CVE-2022-43241.json +++ b/2022/43xxx/CVE-2022-43241.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/338", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/338" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43242.json b/2022/43xxx/CVE-2022-43242.json index 2aaf98ff5dc..b75d62acad9 100644 --- a/2022/43xxx/CVE-2022-43242.json +++ b/2022/43xxx/CVE-2022-43242.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/340", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/340" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43243.json b/2022/43xxx/CVE-2022-43243.json index 4f76544cb02..205b9e109e4 100644 --- a/2022/43xxx/CVE-2022-43243.json +++ b/2022/43xxx/CVE-2022-43243.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/339", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/339" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43244.json b/2022/43xxx/CVE-2022-43244.json index d20b576215c..aced59e04f5 100644 --- a/2022/43xxx/CVE-2022-43244.json +++ b/2022/43xxx/CVE-2022-43244.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/342", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/342" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43245.json b/2022/43xxx/CVE-2022-43245.json index 3e9845289e6..f287dd9bcbc 100644 --- a/2022/43xxx/CVE-2022-43245.json +++ b/2022/43xxx/CVE-2022-43245.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/352", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/352" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43248.json b/2022/43xxx/CVE-2022-43248.json index ffb7ac491d2..7e5ef8608a5 100644 --- a/2022/43xxx/CVE-2022-43248.json +++ b/2022/43xxx/CVE-2022-43248.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/349", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/349" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43249.json b/2022/43xxx/CVE-2022-43249.json index 0148490da5b..cac9c26320e 100644 --- a/2022/43xxx/CVE-2022-43249.json +++ b/2022/43xxx/CVE-2022-43249.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/345", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/345" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43250.json b/2022/43xxx/CVE-2022-43250.json index 3509788bd93..7096a01e125 100644 --- a/2022/43xxx/CVE-2022-43250.json +++ b/2022/43xxx/CVE-2022-43250.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/346", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/346" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43252.json b/2022/43xxx/CVE-2022-43252.json index c0a444d69b6..def86aac6d8 100644 --- a/2022/43xxx/CVE-2022-43252.json +++ b/2022/43xxx/CVE-2022-43252.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/347", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/347" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43253.json b/2022/43xxx/CVE-2022-43253.json index 90ba1f55de8..ac7fd13f0d9 100644 --- a/2022/43xxx/CVE-2022-43253.json +++ b/2022/43xxx/CVE-2022-43253.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/348", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/348" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/43xxx/CVE-2022-43548.json b/2022/43xxx/CVE-2022-43548.json index 0edf2239597..f106d527e76 100644 --- a/2022/43xxx/CVE-2022-43548.json +++ b/2022/43xxx/CVE-2022-43548.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230120-0004/", "url": "https://security.netapp.com/advisory/ntap-20230120-0004/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5326", + "url": "https://www.debian.org/security/2023/dsa-5326" } ] }, diff --git a/2022/44xxx/CVE-2022-44018.json b/2022/44xxx/CVE-2022-44018.json index b2eae17cefb..ef59bfc8a60 100644 --- a/2022/44xxx/CVE-2022-44018.json +++ b/2022/44xxx/CVE-2022-44018.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44018", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44018", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-10.html", + "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-10.html" } ] } diff --git a/2022/45xxx/CVE-2022-45730.json b/2022/45xxx/CVE-2022-45730.json index ee56b3d1766..5078244e985 100644 --- a/2022/45xxx/CVE-2022-45730.json +++ b/2022/45xxx/CVE-2022-45730.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45730", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45730", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql/", + "refsource": "MISC", + "name": "https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql/" + }, + { + "refsource": "MISC", + "name": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45730", + "url": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45730" } ] } diff --git a/2022/45xxx/CVE-2022-45920.json b/2022/45xxx/CVE-2022-45920.json index a2e9b69233a..49d8e59f5c3 100644 --- a/2022/45xxx/CVE-2022-45920.json +++ b/2022/45xxx/CVE-2022-45920.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45920", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45920", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-10.html", + "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-10.html" } ] } diff --git a/2022/46xxx/CVE-2022-46128.json b/2022/46xxx/CVE-2022-46128.json index b8bc83482eb..41b1fc1fa8f 100644 --- a/2022/46xxx/CVE-2022-46128.json +++ b/2022/46xxx/CVE-2022-46128.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46128", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46128", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/projects/Doctor-Appointment-System_PHP.zip", + "refsource": "MISC", + "name": "https://phpgurukul.com/projects/Doctor-Appointment-System_PHP.zip" + }, + { + "refsource": "MISC", + "name": "https://github.com/Rajeshwar40/CVE/blob/main/2022-46128", + "url": "https://github.com/Rajeshwar40/CVE/blob/main/2022-46128" } ] } diff --git a/2022/46xxx/CVE-2022-46624.json b/2022/46xxx/CVE-2022-46624.json index 7b39570747a..bbbef18e716 100644 --- a/2022/46xxx/CVE-2022-46624.json +++ b/2022/46xxx/CVE-2022-46624.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46624", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46624", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Online Graduate Tracer System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-46624", + "url": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-46624" } ] } diff --git a/2022/46xxx/CVE-2022-46957.json b/2022/46xxx/CVE-2022-46957.json index 9490b8e0807..688a1e279f5 100644 --- a/2022/46xxx/CVE-2022-46957.json +++ b/2022/46xxx/CVE-2022-46957.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46957", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46957", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/tracking.zip", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/tracking.zip" + }, + { + "refsource": "MISC", + "name": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-46957", + "url": "https://github.com/Rajeshwar40/CVE/blob/main/CVE-2022-46957" } ] } diff --git a/2022/47xxx/CVE-2022-47052.json b/2022/47xxx/CVE-2022-47052.json index 35ca2395ab3..f5f5f31931a 100644 --- a/2022/47xxx/CVE-2022-47052.json +++ b/2022/47xxx/CVE-2022-47052.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47052", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NETGEAR Nighthawk R6220 v1.1.0.112_1.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/dest-3/NETGEAR/tree/main/CVE-2022-47052", + "url": "https://github.com/dest-3/NETGEAR/tree/main/CVE-2022-47052" } ] } diff --git a/2022/47xxx/CVE-2022-47073.json b/2022/47xxx/CVE-2022-47073.json index 97c31d7c146..4e4b2071272 100644 --- a/2022/47xxx/CVE-2022-47073.json +++ b/2022/47xxx/CVE-2022-47073.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com", + "refsource": "MISC", + "name": "https://packetstormsecurity.com" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@shiva.infocop/stored-xss-found-in-small-crm-phpgurukul-7890ea3c04df", + "url": "https://medium.com/@shiva.infocop/stored-xss-found-in-small-crm-phpgurukul-7890ea3c04df" } ] } diff --git a/2022/47xxx/CVE-2022-47655.json b/2022/47xxx/CVE-2022-47655.json index 22750f02a01..20b5eab6f49 100644 --- a/2022/47xxx/CVE-2022-47655.json +++ b/2022/47xxx/CVE-2022-47655.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/367", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/367" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230124 [SECURITY] [DLA 3280-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html" } ] } diff --git a/2022/47xxx/CVE-2022-47950.json b/2022/47xxx/CVE-2022-47950.json index 4e78cbd0bf0..32f0ceb9e57 100644 --- a/2022/47xxx/CVE-2022-47950.json +++ b/2022/47xxx/CVE-2022-47950.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://security.openstack.org/ossa/OSSA-2023-001.html", "url": "https://security.openstack.org/ossa/OSSA-2023-001.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230125 [SECURITY] [DLA 3281-1] swift security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html" } ] } diff --git a/2023/0xxx/CVE-2023-0488.json b/2023/0xxx/CVE-2023-0488.json new file mode 100644 index 00000000000..38278b1a4c1 --- /dev/null +++ b/2023/0xxx/CVE-2023-0488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0489.json b/2023/0xxx/CVE-2023-0489.json new file mode 100644 index 00000000000..9d2b673c025 --- /dev/null +++ b/2023/0xxx/CVE-2023-0489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0490.json b/2023/0xxx/CVE-2023-0490.json new file mode 100644 index 00000000000..85d14bdf228 --- /dev/null +++ b/2023/0xxx/CVE-2023-0490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0491.json b/2023/0xxx/CVE-2023-0491.json new file mode 100644 index 00000000000..369f382caf0 --- /dev/null +++ b/2023/0xxx/CVE-2023-0491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0492.json b/2023/0xxx/CVE-2023-0492.json new file mode 100644 index 00000000000..3336b30a1ad --- /dev/null +++ b/2023/0xxx/CVE-2023-0492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0493.json b/2023/0xxx/CVE-2023-0493.json new file mode 100644 index 00000000000..d8876d12377 --- /dev/null +++ b/2023/0xxx/CVE-2023-0493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22845.json b/2023/22xxx/CVE-2023-22845.json new file mode 100644 index 00000000000..dd8a11859fe --- /dev/null +++ b/2023/22xxx/CVE-2023-22845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23589.json b/2023/23xxx/CVE-2023-23589.json index cb66be726e8..78e185ae967 100644 --- a/2023/23xxx/CVE-2023-23589.json +++ b/2023/23xxx/CVE-2023-23589.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-5320", "url": "https://www.debian.org/security/2023/dsa-5320" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2023-c290171664", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMY4FWXYKP3MDXTZ3EJ7XJVGBCKBK2XL/" } ] } diff --git a/2023/24xxx/CVE-2023-24472.json b/2023/24xxx/CVE-2023-24472.json new file mode 100644 index 00000000000..be7d8559692 --- /dev/null +++ b/2023/24xxx/CVE-2023-24472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24473.json b/2023/24xxx/CVE-2023-24473.json new file mode 100644 index 00000000000..c7df5137899 --- /dev/null +++ b/2023/24xxx/CVE-2023-24473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24508.json b/2023/24xxx/CVE-2023-24508.json index b960d4ee45c..f2741be4209 100644 --- a/2023/24xxx/CVE-2023-24508.json +++ b/2023/24xxx/CVE-2023-24508.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce." + "value": "Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce." } ] },