From 838c85ecba8b2c90aa9e4db44824e467338ef460 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Dec 2023 14:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12612.json | 61 ++++++++++++++++++++--- 2021/33xxx/CVE-2021-33069.json | 75 +++++++++++++++------------- 2023/49xxx/CVE-2023-49867.json | 18 +++++++ 2023/49xxx/CVE-2023-49990.json | 56 ++++++++++++++++++--- 2023/49xxx/CVE-2023-49991.json | 56 ++++++++++++++++++--- 2023/49xxx/CVE-2023-49992.json | 56 ++++++++++++++++++--- 2023/49xxx/CVE-2023-49993.json | 56 ++++++++++++++++++--- 2023/49xxx/CVE-2023-49994.json | 56 ++++++++++++++++++--- 2023/50xxx/CVE-2023-50330.json | 18 +++++++ 2023/6xxx/CVE-2023-6193.json | 90 ++++++++++++++++++++++++++++++++-- 10 files changed, 468 insertions(+), 74 deletions(-) create mode 100644 2023/49xxx/CVE-2023-49867.json create mode 100644 2023/50xxx/CVE-2023-50330.json diff --git a/2020/12xxx/CVE-2020-12612.json b/2020/12xxx/CVE-2020-12612.json index d74ef9e9bc0..d55b107110b 100644 --- a/2020/12xxx/CVE-2020-12612.json +++ b/2020/12xxx/CVE-2020-12612.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12612", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12612", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1", + "refsource": "MISC", + "name": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1" + }, + { + "refsource": "MISC", + "name": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09", + "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09" } ] } diff --git a/2021/33xxx/CVE-2021-33069.json b/2021/33xxx/CVE-2021-33069.json index dd70ceac38a..3b9c5f3d266 100644 --- a/2021/33xxx/CVE-2021-33069.json +++ b/2021/33xxx/CVE-2021-33069.json @@ -1,34 +1,19 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33069", "ASSIGNER": "secure@intel.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC", - "version": { - "version_data": [ - { - "version_value": "See references" - } - ] - } - } - ] - } - } - ] - } + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access.\n\n" + } + ] }, "problemtype": { "problemtype_data": [ @@ -42,26 +27,48 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html", "refsource": "MISC", - "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html", - "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html" + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html" }, { + "url": "https://www.solidigm.com/content/dam/solidigm/en/site/support/support-community/cve-(security)/documents/public-security-advisory.pdf", "refsource": "MISC", - "name": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf", - "url": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf" + "name": "https://www.solidigm.com/content/dam/solidigm/en/site/support/support-community/cve-(security)/documents/public-security-advisory.pdf" } ] }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access." - } - ] + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/49xxx/CVE-2023-49867.json b/2023/49xxx/CVE-2023-49867.json new file mode 100644 index 00000000000..3302e5234e7 --- /dev/null +++ b/2023/49xxx/CVE-2023-49867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-49867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/49xxx/CVE-2023-49990.json b/2023/49xxx/CVE-2023-49990.json index 7f0fda9ec1b..7bc78c84ae0 100644 --- a/2023/49xxx/CVE-2023-49990.json +++ b/2023/49xxx/CVE-2023-49990.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49990", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49990", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espeak-ng/espeak-ng/issues/1824", + "refsource": "MISC", + "name": "https://github.com/espeak-ng/espeak-ng/issues/1824" } ] } diff --git a/2023/49xxx/CVE-2023-49991.json b/2023/49xxx/CVE-2023-49991.json index e8ec49e8cfa..6eff7a25982 100644 --- a/2023/49xxx/CVE-2023-49991.json +++ b/2023/49xxx/CVE-2023-49991.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49991", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49991", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espeak-ng/espeak-ng/issues/1825", + "refsource": "MISC", + "name": "https://github.com/espeak-ng/espeak-ng/issues/1825" } ] } diff --git a/2023/49xxx/CVE-2023-49992.json b/2023/49xxx/CVE-2023-49992.json index 89a4b7b702d..b77d6187139 100644 --- a/2023/49xxx/CVE-2023-49992.json +++ b/2023/49xxx/CVE-2023-49992.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49992", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49992", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espeak-ng/espeak-ng/issues/1827", + "refsource": "MISC", + "name": "https://github.com/espeak-ng/espeak-ng/issues/1827" } ] } diff --git a/2023/49xxx/CVE-2023-49993.json b/2023/49xxx/CVE-2023-49993.json index a02844f4396..f314d947cf2 100644 --- a/2023/49xxx/CVE-2023-49993.json +++ b/2023/49xxx/CVE-2023-49993.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49993", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49993", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espeak-ng/espeak-ng/issues/1826", + "refsource": "MISC", + "name": "https://github.com/espeak-ng/espeak-ng/issues/1826" } ] } diff --git a/2023/49xxx/CVE-2023-49994.json b/2023/49xxx/CVE-2023-49994.json index 27def255b64..3477616e131 100644 --- a/2023/49xxx/CVE-2023-49994.json +++ b/2023/49xxx/CVE-2023-49994.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49994", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49994", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espeak-ng/espeak-ng/issues/1823", + "refsource": "MISC", + "name": "https://github.com/espeak-ng/espeak-ng/issues/1823" } ] } diff --git a/2023/50xxx/CVE-2023-50330.json b/2023/50xxx/CVE-2023-50330.json new file mode 100644 index 00000000000..aec94c847fc --- /dev/null +++ b/2023/50xxx/CVE-2023-50330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-50330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6193.json b/2023/6xxx/CVE-2023-6193.json index bdc9bb8cca0..a8d0ebf35b0 100644 --- a/2023/6xxx/CVE-2023-6193.json +++ b/2023/6xxx/CVE-2023-6193.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6193", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@cloudflare.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.\nQUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. \nQuiche versions greater than 0.19.0 address this problem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cloudflare", + "product": { + "product_data": [ + { + "product_name": "quiche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.15.0", + "version_value": "0.19.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm", + "refsource": "MISC", + "name": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm" + }, + { + "url": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2", + "refsource": "MISC", + "name": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Marten Seemann " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] }