diff --git a/2022/32xxx/CVE-2022-32885.json b/2022/32xxx/CVE-2022-32885.json index 6ec759dac5b..3aad4506691 100644 --- a/2022/32xxx/CVE-2022-32885.json +++ b/2022/32xxx/CVE-2022-32885.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-32885", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213345", + "name": "https://support.apple.com/en-us/HT213345" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213346", + "name": "https://support.apple.com/en-us/HT213346" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213341", + "name": "https://support.apple.com/en-us/HT213341" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." + "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution" } ] } diff --git a/2023/25xxx/CVE-2023-25001.json b/2023/25xxx/CVE-2023-25001.json index 3ec0ecb67de..a1b01c92b25 100644 --- a/2023/25xxx/CVE-2023-25001.json +++ b/2023/25xxx/CVE-2023-25001.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Navisworks", + "version": { + "version_data": [ + { + "version_value": "2023, 2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution." } ] } diff --git a/2023/25xxx/CVE-2023-25002.json b/2023/25xxx/CVE-2023-25002.json index c5598761611..c2e5b67ea2b 100644 --- a/2023/25xxx/CVE-2023-25002.json +++ b/2023/25xxx/CVE-2023-25002.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Multiple", + "version": { + "version_data": [ + { + "version_value": "2023, 2022, 2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution." } ] } diff --git a/2023/3xxx/CVE-2023-3327.json b/2023/3xxx/CVE-2023-3327.json index 54e4590c838..365bdce0504 100644 --- a/2023/3xxx/CVE-2023-3327.json +++ b/2023/3xxx/CVE-2023-3327.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-3327", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] }