diff --git a/2023/42xxx/CVE-2023-42052.json b/2023/42xxx/CVE-2023-42052.json
index 55eb46564bb..2f63958acc7 100644
--- a/2023/42xxx/CVE-2023-42052.json
+++ b/2023/42xxx/CVE-2023-42052.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42052",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20925."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1368/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1368/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42053.json b/2023/42xxx/CVE-2023-42053.json
index 10f05a0e7ee..395d016e69d 100644
--- a/2023/42xxx/CVE-2023-42053.json
+++ b/2023/42xxx/CVE-2023-42053.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42053",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20926."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1367/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1367/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42054.json b/2023/42xxx/CVE-2023-42054.json
index 0f8286ce987..4ab06dee4c9 100644
--- a/2023/42xxx/CVE-2023-42054.json
+++ b/2023/42xxx/CVE-2023-42054.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42054",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20927."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1366/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1366/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42055.json b/2023/42xxx/CVE-2023-42055.json
index 15287e5e1f2..e2c9d96e3da 100644
--- a/2023/42xxx/CVE-2023-42055.json
+++ b/2023/42xxx/CVE-2023-42055.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42055",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20928."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1365/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1365/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42056.json b/2023/42xxx/CVE-2023-42056.json
index ccb3c70bd4f..f0fd26afc58 100644
--- a/2023/42xxx/CVE-2023-42056.json
+++ b/2023/42xxx/CVE-2023-42056.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42056",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20929."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-457: Use of Uninitialized Variable",
+ "cweId": "CWE-457"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1364/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1364/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42057.json b/2023/42xxx/CVE-2023-42057.json
index 5be5ae9984c..87f3e6088f7 100644
--- a/2023/42xxx/CVE-2023-42057.json
+++ b/2023/42xxx/CVE-2023-42057.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42057",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20930."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1363/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1363/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42058.json b/2023/42xxx/CVE-2023-42058.json
index 2d609d1ada5..e7c4fb2799f 100644
--- a/2023/42xxx/CVE-2023-42058.json
+++ b/2023/42xxx/CVE-2023-42058.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42058",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files.\nThe issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20931."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1362/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1362/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42059.json b/2023/42xxx/CVE-2023-42059.json
index 5a3bd339539..a00ebad1bb6 100644
--- a/2023/42xxx/CVE-2023-42059.json
+++ b/2023/42xxx/CVE-2023-42059.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42059",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20932."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-416: Use After Free",
+ "cweId": "CWE-416"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1361/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1361/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42060.json b/2023/42xxx/CVE-2023-42060.json
index deaa2df6c3b..659ae5ec2f3 100644
--- a/2023/42xxx/CVE-2023-42060.json
+++ b/2023/42xxx/CVE-2023-42060.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42060",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20933."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1359/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1359/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42061.json b/2023/42xxx/CVE-2023-42061.json
index 48af51be34f..9117edc8936 100644
--- a/2023/42xxx/CVE-2023-42061.json
+++ b/2023/42xxx/CVE-2023-42061.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42061",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20934."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1358/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1358/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42062.json b/2023/42xxx/CVE-2023-42062.json
index 8f9cf28b943..e1fef1b095e 100644
--- a/2023/42xxx/CVE-2023-42062.json
+++ b/2023/42xxx/CVE-2023-42062.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42062",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20935."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-457: Use of Uninitialized Variable",
+ "cweId": "CWE-457"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1347/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1347/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42063.json b/2023/42xxx/CVE-2023-42063.json
index af5221e86ed..0c65c9d103c 100644
--- a/2023/42xxx/CVE-2023-42063.json
+++ b/2023/42xxx/CVE-2023-42063.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42063",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20943."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1357/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1357/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42064.json b/2023/42xxx/CVE-2023-42064.json
index c023d657aa2..71904afb767 100644
--- a/2023/42xxx/CVE-2023-42064.json
+++ b/2023/42xxx/CVE-2023-42064.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42064",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20944."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125: Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "PDF-XChange",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF-XChange Editor",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.5.368.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1346/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1346/"
+ },
+ {
+ "url": "https://www.tracker-software.com/support/security-bulletins.html",
+ "refsource": "MISC",
+ "name": "https://www.tracker-software.com/support/security-bulletins.html"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Mat Powell of Trend Micro Zero Day Initiative"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/47xxx/CVE-2023-47220.json b/2023/47xxx/CVE-2023-47220.json
index baf8863371f..f4599317b27 100644
--- a/2023/47xxx/CVE-2023-47220.json
+++ b/2023/47xxx/CVE-2023-47220.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47220",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@qnap.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "QNAP Systems Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Media Streaming add-on ",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "500.1.x",
+ "version_value": "500.1.1.5 ( 2024/01/22 )"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-24-15",
+ "refsource": "MISC",
+ "name": "https://www.qnap.com/en/security-advisory/qsa-24-15"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "QSA-24-15",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "We have already fixed the vulnerability in the following version:
Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
"
+ }
+ ],
+ "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "YingMuo (@YingMuo), working with DEVCORE Internship Program"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/51xxx/CVE-2023-51628.json b/2023/51xxx/CVE-2023-51628.json
index 0c9165ad1e9..c0d3d6b20e6 100644
--- a/2023/51xxx/CVE-2023-51628.json
+++ b/2023/51xxx/CVE-2023-51628.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51628",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of the SetHostName ONVIF call. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21322."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-121: Stack-based Buffer Overflow",
+ "cweId": "CWE-121"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "D-Link",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DCS-8300LHV2",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.06.01"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-048/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-048/"
+ },
+ {
+ "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10370",
+ "refsource": "MISC",
+ "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10370"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2023/51xxx/CVE-2023-51629.json b/2023/51xxx/CVE-2023-51629.json
index fc08005d525..526b2c372f6 100644
--- a/2023/51xxx/CVE-2023-51629.json
+++ b/2023/51xxx/CVE-2023-51629.json
@@ -1,17 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51629",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-259: Use of Hard-coded Password",
+ "cweId": "CWE-259"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "D-Link",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DCS-8300LHV2",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.06.01"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-049/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-049/"
+ },
+ {
+ "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10370",
+ "refsource": "MISC",
+ "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10370"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/51xxx/CVE-2023-51633.json b/2023/51xxx/CVE-2023-51633.json
index 6aef1e8fcef..380dba9f340 100644
--- a/2023/51xxx/CVE-2023-51633.json
+++ b/2023/51xxx/CVE-2023-51633.json
@@ -1,17 +1,77 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51633",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Centreon",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Centreon",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "23.04"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-416/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-416/"
+ }
+ ]
+ },
+ "source": {
+ "lang": "en",
+ "value": "Andreas Finstad"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
}
]
}