diff --git a/2021/32xxx/CVE-2021-32050.json b/2021/32xxx/CVE-2021-32050.json index fb98f5af484..3bccea63783 100644 --- a/2021/32xxx/CVE-2021-32050.json +++ b/2021/32xxx/CVE-2021-32050.json @@ -1,17 +1,179 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@mongodb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.\n\nWithout due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).\n\nThis issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MongoDB Inc", + "product": { + "product_data": [ + { + "product_name": "MongoDB C Driver", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.17.7" + } + ] + } + }, + { + "product_name": "MongoDB C++ Driver", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.7.0" + } + ] + } + }, + { + "product_name": "MongoDB PHP Driver", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.9.2" + } + ] + } + }, + { + "product_name": "MongoDB Swift Driver", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.1.1" + } + ] + } + }, + { + "product_name": "MongoDB Node.js Driver", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.6", + "version_value": "3.6.10" + }, + { + "version_affected": "<", + "version_name": "4.0", + "version_value": "4.17.0" + }, + { + "version_affected": "<", + "version_name": "5.0", + "version_value": "5.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://jira.mongodb.org/browse/PHPC-1869", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/PHPC-1869" + }, + { + "url": "https://jira.mongodb.org/browse/CXX-2028", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/CXX-2028" + }, + { + "url": "https://jira.mongodb.org/browse/SWIFT-1229", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/SWIFT-1229" + }, + { + "url": "https://jira.mongodb.org/browse/CDRIVER-3797", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/CDRIVER-3797" + }, + { + "url": "https://jira.mongodb.org/browse/NODE-3356", + "refsource": "MISC", + "name": "https://jira.mongodb.org/browse/NODE-3356" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "configuration": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

This issue only arises if an application enables the command listener feature (this is not enabled by default).

" + } + ], + "value": "This issue only arises if an application enables the command listener feature (this is not enabled by default).\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0654.json b/2023/0xxx/CVE-2023-0654.json index 950fcb2b716..d3f43e16e56 100644 --- a/2023/0xxx/CVE-2023-0654.json +++ b/2023/0xxx/CVE-2023-0654.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@cloudflare.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", + "cweId": "CWE-1021" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cloudflare", + "product": { + "product_data": [ + { + "product_name": "WARP Client", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.29", + "status": "unaffected" + } + ], + "lessThan": "6.29", + "status": "affected", + "version": "0", + "versionType": "patch" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7", + "refsource": "MISC", + "name": "https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7" + }, + { + "url": "https://developers.cloudflare.com/warp-client/", + "refsource": "MISC", + "name": "https://developers.cloudflare.com/warp-client/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38283.json b/2023/38xxx/CVE-2023-38283.json index a295d8e9bff..a680ecd3996 100644 --- a/2023/38xxx/CVE-2023-38283.json +++ b/2023/38xxx/CVE-2023-38283.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38283", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38283", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig", + "refsource": "MISC", + "name": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig" + }, + { + "url": "https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1", + "refsource": "MISC", + "name": "https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1" + }, + { + "refsource": "MISC", + "name": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling", + "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling" + }, + { + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=37305800", + "url": "https://news.ycombinator.com/item?id=37305800" + }, + { + "refsource": "CONFIRM", + "name": "https://www.openbsd.org/errata73.html", + "url": "https://www.openbsd.org/errata73.html" } ] } diff --git a/2023/38xxx/CVE-2023-38802.json b/2023/38xxx/CVE-2023-38802.json index dd5f1e44021..9451829b048 100644 --- a/2023/38xxx/CVE-2023-38802.json +++ b/2023/38xxx/CVE-2023-38802.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38802", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38802", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling", + "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling" + }, + { + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=37305800", + "url": "https://news.ycombinator.com/item?id=37305800" } ] } diff --git a/2023/41xxx/CVE-2023-41362.json b/2023/41xxx/CVE-2023-41362.json index 3b50857dc26..cc196b87955 100644 --- a/2023/41xxx/CVE-2023-41362.json +++ b/2023/41xxx/CVE-2023-41362.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41362", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41362", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mybb.com/versions/1.8.36/", + "refsource": "MISC", + "name": "https://mybb.com/versions/1.8.36/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5", + "url": "https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch", + "url": "https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch" } ] } diff --git a/2023/41xxx/CVE-2023-41376.json b/2023/41xxx/CVE-2023-41376.json new file mode 100644 index 00000000000..be8a270c4ec --- /dev/null +++ b/2023/41xxx/CVE-2023-41376.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-41376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling", + "refsource": "MISC", + "name": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling" + }, + { + "url": "https://news.ycombinator.com/item?id=37305800", + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=37305800" + }, + { + "url": "https://www.nokia.com/networks/technologies/service-router-operating-system/", + "refsource": "MISC", + "name": "https://www.nokia.com/networks/technologies/service-router-operating-system/" + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4569.json b/2023/4xxx/CVE-2023-4569.json index 9b23c276007..811ec36b29a 100644 --- a/2023/4xxx/CVE-2023-4569.json +++ b/2023/4xxx/CVE-2023-4569.json @@ -99,7 +99,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { diff --git a/2023/4xxx/CVE-2023-4602.json b/2023/4xxx/CVE-2023-4602.json new file mode 100644 index 00000000000..e2d1b26c9dd --- /dev/null +++ b/2023/4xxx/CVE-2023-4602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4603.json b/2023/4xxx/CVE-2023-4603.json new file mode 100644 index 00000000000..10f2154ed14 --- /dev/null +++ b/2023/4xxx/CVE-2023-4603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4604.json b/2023/4xxx/CVE-2023-4604.json new file mode 100644 index 00000000000..9a3eebcb371 --- /dev/null +++ b/2023/4xxx/CVE-2023-4604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4605.json b/2023/4xxx/CVE-2023-4605.json new file mode 100644 index 00000000000..b62b83fa4b0 --- /dev/null +++ b/2023/4xxx/CVE-2023-4605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4606.json b/2023/4xxx/CVE-2023-4606.json new file mode 100644 index 00000000000..293cfea3096 --- /dev/null +++ b/2023/4xxx/CVE-2023-4606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4607.json b/2023/4xxx/CVE-2023-4607.json new file mode 100644 index 00000000000..1f70c978e9d --- /dev/null +++ b/2023/4xxx/CVE-2023-4607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4608.json b/2023/4xxx/CVE-2023-4608.json new file mode 100644 index 00000000000..b67706ab39b --- /dev/null +++ b/2023/4xxx/CVE-2023-4608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file