From 7fb3afe5082264c781d6be882222594fc4d29976 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Sep 2023 15:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/30xxx/CVE-2023-30908.json | 11 ++-- 2023/39xxx/CVE-2023-39914.json | 100 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39915.json | 100 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39916.json | 100 +++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4939.json | 18 ++++++ 2023/4xxx/CVE-2023-4940.json | 18 ++++++ 2023/4xxx/CVE-2023-4941.json | 18 ++++++ 2023/4xxx/CVE-2023-4942.json | 18 ++++++ 2023/4xxx/CVE-2023-4943.json | 18 ++++++ 2023/4xxx/CVE-2023-4944.json | 18 ++++++ 2023/4xxx/CVE-2023-4945.json | 18 ++++++ 2023/4xxx/CVE-2023-4946.json | 18 ++++++ 12 files changed, 438 insertions(+), 17 deletions(-) create mode 100644 2023/4xxx/CVE-2023-4939.json create mode 100644 2023/4xxx/CVE-2023-4940.json create mode 100644 2023/4xxx/CVE-2023-4941.json create mode 100644 2023/4xxx/CVE-2023-4942.json create mode 100644 2023/4xxx/CVE-2023-4943.json create mode 100644 2023/4xxx/CVE-2023-4944.json create mode 100644 2023/4xxx/CVE-2023-4945.json create mode 100644 2023/4xxx/CVE-2023-4946.json diff --git a/2023/30xxx/CVE-2023-30908.json b/2023/30xxx/CVE-2023-30908.json index f1032aee7e7..a310b81fcfc 100644 --- a/2023/30xxx/CVE-2023-30908.json +++ b/2023/30xxx/CVE-2023-30908.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Potential security vulnerability have been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.\n\n" + "value": "A remote authentication bypass issue exists in a OneView API.\n\n" } ] }, @@ -31,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "HPE", + "vendor_name": "Hewlett Packard Enterprise (HPE)", "product": { "product_data": [ { - "product_name": "OneView", + "product_name": "HPE OneView", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "Prior to v8.5 and v6.60.05 " + "version_affected": "<", + "version_name": "0", + "version_value": "8.5" } ] } diff --git a/2023/39xxx/CVE-2023-39914.json b/2023/39xxx/CVE-2023-39914.json index e0ecee49b17..95e5acdddaf 100644 --- a/2023/39xxx/CVE-2023-39914.json +++ b/2023/39xxx/CVE-2023-39914.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39914", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sep@nlnetlabs.nl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NLnet Labs\u2019 bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-228: Improper Handling of Syntactically Invalid Structure", + "cweId": "CWE-228" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NLnet Labs", + "product": { + "product_data": [ + { + "product_name": "bcder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "*", + "status": "affected", + "lessThan": "0.7.3", + "versionType": "semver" + }, + { + "version": "0.7.3", + "status": "unaffected", + "lessThan": "*", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt", + "refsource": "MISC", + "name": "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "This issue is fixed in 0.7.3 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "Haya Shulman" + }, + { + "lang": "en", + "value": "Donika Mirdita" + }, + { + "lang": "en", + "value": "Niklas Vogel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2023/39xxx/CVE-2023-39915.json b/2023/39xxx/CVE-2023-39915.json index 85d8a345924..31656e55e84 100644 --- a/2023/39xxx/CVE-2023-39915.json +++ b/2023/39xxx/CVE-2023-39915.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39915", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sep@nlnetlabs.nl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NLnet Labs\u2019 Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-228: Improper Handling of Syntactically Invalid Structure", + "cweId": "CWE-228" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NLnet Labs", + "product": { + "product_data": [ + { + "product_name": "Routinator", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "*", + "status": "affected", + "lessThan": "0.12.2", + "versionType": "semver" + }, + { + "version": "0.12.2", + "status": "unaffected", + "lessThan": "*", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt", + "refsource": "MISC", + "name": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "This issue is fixed in 0.12.2 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "Haya Shulman" + }, + { + "lang": "en", + "value": "Donika Mirdita" + }, + { + "lang": "en", + "value": "Niklas Vogel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2023/39xxx/CVE-2023-39916.json b/2023/39xxx/CVE-2023-39916.json index bd4ab75b107..eb7b593f689 100644 --- a/2023/39xxx/CVE-2023-39916.json +++ b/2023/39xxx/CVE-2023-39916.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sep@nlnetlabs.nl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35: Path Traversal: '.../...//'", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NLnet Labs", + "product": { + "product_data": [ + { + "product_name": "Routinator", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0.9.0", + "status": "affected", + "lessThan": "0.12.2", + "versionType": "semver" + }, + { + "version": "0.12.2", + "status": "unaffected", + "lessThan": "*", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt", + "refsource": "MISC", + "name": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "This issue is fixed in 0.12.2 and all later versions. Disabling the rrdp-keep-responses option in affected versions also avoids the issue." + } + ], + "credits": [ + { + "lang": "en", + "value": "Haya Shulman" + }, + { + "lang": "en", + "value": "Donika Mirdita" + }, + { + "lang": "en", + "value": "Niklas Vogel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H" } ] } diff --git a/2023/4xxx/CVE-2023-4939.json b/2023/4xxx/CVE-2023-4939.json new file mode 100644 index 00000000000..9efabb61a9d --- /dev/null +++ b/2023/4xxx/CVE-2023-4939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4940.json b/2023/4xxx/CVE-2023-4940.json new file mode 100644 index 00000000000..b19872aa65b --- /dev/null +++ b/2023/4xxx/CVE-2023-4940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4941.json b/2023/4xxx/CVE-2023-4941.json new file mode 100644 index 00000000000..57c44a3ffd9 --- /dev/null +++ b/2023/4xxx/CVE-2023-4941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4942.json b/2023/4xxx/CVE-2023-4942.json new file mode 100644 index 00000000000..074a945857f --- /dev/null +++ b/2023/4xxx/CVE-2023-4942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4943.json b/2023/4xxx/CVE-2023-4943.json new file mode 100644 index 00000000000..c8ae2ff45f3 --- /dev/null +++ b/2023/4xxx/CVE-2023-4943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4944.json b/2023/4xxx/CVE-2023-4944.json new file mode 100644 index 00000000000..e7325a3d751 --- /dev/null +++ b/2023/4xxx/CVE-2023-4944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4945.json b/2023/4xxx/CVE-2023-4945.json new file mode 100644 index 00000000000..1884f7a134b --- /dev/null +++ b/2023/4xxx/CVE-2023-4945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4946.json b/2023/4xxx/CVE-2023-4946.json new file mode 100644 index 00000000000..d2b3c2435b5 --- /dev/null +++ b/2023/4xxx/CVE-2023-4946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file