From 8bcbd5de944e5dead4c55e51b2a8f7f8a306d41f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 5 Jun 2023 22:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/10xxx/CVE-2013-10030.json | 96 +++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21741.json | 2 +- 2022/48xxx/CVE-2022-48181.json | 97 +++++++++++++++++++++++-- 2022/48xxx/CVE-2022-48188.json | 97 +++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24510.json | 126 +++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2704.json | 5 ++ 2023/2xxx/CVE-2023-2706.json | 5 ++ 2023/3xxx/CVE-2023-3027.json | 50 ++++++++++++- 2023/3xxx/CVE-2023-3079.json | 59 +++++++++++++-- 9 files changed, 510 insertions(+), 27 deletions(-) diff --git a/2013/10xxx/CVE-2013-10030.json b/2013/10xxx/CVE-2013-10030.json index 645aaa31814..c6c2eb515f3 100644 --- a/2013/10xxx/CVE-2013-10030.json +++ b/2013/10xxx/CVE-2013-10030.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2013-10030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Exit Box Lite Plugin bis 1.06 f\u00fcr WordPress entdeckt. Dies betrifft einen unbekannten Teil der Datei wordpress-exit-box-lite.php. Mit der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.10 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fad26701addb862c51baf85c6e3cc136aa79c309 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Disclosure", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Exit Box Lite Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.230672", + "refsource": "MISC", + "name": "https://vuldb.com/?id.230672" + }, + { + "url": "https://vuldb.com/?ctiid.230672", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.230672" + }, + { + "url": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2021/21xxx/CVE-2021-21741.json b/2021/21xxx/CVE-2021-21741.json index 1dd69e2cab6..091be307d93 100644 --- a/2021/21xxx/CVE-2021-21741.json +++ b/2021/21xxx/CVE-2021-21741.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor's java object service is enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending a deserialized payload to port 5001." + "value": "There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command." } ] } diff --git a/2022/48xxx/CVE-2022-48181.json b/2022/48xxx/CVE-2022-48181.json index da96a709600..c565343f800 100644 --- a/2022/48xxx/CVE-2022-48181.json +++ b/2022/48xxx/CVE-2022-48181.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-48181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "ThinkStation BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-124495", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-124495" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo product security advisory: https://support.lenovo.com/us/en/product_security/LEN-124495" + } + ], + "value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo product security advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-124495 https://support.lenovo.com/us/en/product_security/LEN-124495 " + } + ], + "credits": [ + { + "lang": "en", + "value": "Lenovo thanks River Li and Fangtao Cao for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/48xxx/CVE-2022-48188.json b/2022/48xxx/CVE-2022-48188.json index 557d24542f0..83db1f272c4 100644 --- a/2022/48xxx/CVE-2022-48188.json +++ b/2022/48xxx/CVE-2022-48188.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-48188", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "ThinkStation BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-124495", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-124495" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory: https://support.lenovo.com/us/en/product_security/LEN-124495" + } + ], + "value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-124495 https://support.lenovo.com/us/en/product_security/LEN-124495 " + } + ], + "credits": [ + { + "lang": "en", + "value": "Lenovo thanks River Li and Fangtao Cao for reporting this issue. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24510.json b/2023/24xxx/CVE-2023-24510.json index d62bfcb4eb4..3ba212c3768 100644 --- a/2023/24xxx/CVE-2023-24510.json +++ b/2023/24xxx/CVE-2023-24510.json @@ -1,18 +1,130 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@arista.com", + "DATE_PUBLIC": "2023-05-31T15:00:00.000Z", "ID": "CVE-2023-24510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Arista EOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.25.0F", + "version_value": "4.25.10M" + }, + { + "version_affected": "<=", + "version_name": "4.26.0F", + "version_value": "4.26.9M" + }, + { + "version_affected": "<=", + "version_name": "4.27.0F", + "version_value": "4.27.9M" + }, + { + "version_affected": "<=", + "version_name": "4.28.0F", + "version_value": "4.28.6.1M" + }, + { + "version_affected": "<=", + "version_name": "4.29.0F", + "version_value": "4.29.1F" + } + ] + } + } + ] + }, + "vendor_name": "Arista Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "In order to be vulnerable to CVE-2023-24510, the following condition must be met:\nAt least two \u201cip helper-address\u201d commands for the DHCP server are configured on the same interface.\n \u2013 Scenario One: One command uses \u201csource-interface\u201d, with or without being in a VRF. The second command does not use a source-interface and does not use a VRF.\n \u2013 Scenario Two: One command is run inside of a VRF. The second command does not use a source-interface and does not use a VRF." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755 Improper Handling of Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "CVE-2023-24510 has been fixed in the following releases:\n - 4.29.2F and later releases in the 4.29.x train\n - 4.28.7M and later releases in the 4.28.x train\n - 4.27.10M and later releases in the 4.27.x train\n - 4.26.10M and later releases in the 4.26.x train" + } + ], + "source": { + "advisory": "Security Advisory 0087", + "defect": [ + "BUG753188" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "The hotfix https://www.arista.com/support/advisories-notices/sa-download?sa=87-SecurityAdvisory87_Hotfix.swix can be used to remediate CVE-2023-24510. The hotfix only applies to the releases listed below and no other releases:\n - 4.29.1F and below releases in the 4.29.x train\n - 4.28.6.1M and below releases in the 4.28.x train\n - 4.27.9M and below releases in the 4.27.x train\n - 4.26.9M and below releases in the 4.26.x train\n - 4.25.10M and below releases in the 4.25.x train" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2704.json b/2023/2xxx/CVE-2023-2704.json index 720a0662f14..f86b343690d 100644 --- a/2023/2xxx/CVE-2023-2704.json +++ b/2023/2xxx/CVE-2023-2704.json @@ -73,6 +73,11 @@ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2914042%40bp-social-connect%2Ftrunk&old=1904372%40bp-social-connect%2Ftrunk&sfp_email=&sfph_mail=#file6", "refsource": "MISC", "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2914042%40bp-social-connect%2Ftrunk&old=1904372%40bp-social-connect%2Ftrunk&sfp_email=&sfph_mail=#file6" + }, + { + "url": "https://lana.codes/lanavdb/1bd0dfd9-ffec-4d69-bc55-286751300cab/", + "refsource": "MISC", + "name": "https://lana.codes/lanavdb/1bd0dfd9-ffec-4d69-bc55-286751300cab/" } ] }, diff --git a/2023/2xxx/CVE-2023-2706.json b/2023/2xxx/CVE-2023-2706.json index 760a144b0f7..46f25456c39 100644 --- a/2023/2xxx/CVE-2023-2706.json +++ b/2023/2xxx/CVE-2023-2706.json @@ -68,6 +68,11 @@ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2912731%40mobile-login-woocommerce&new=2912731%40mobile-login-woocommerce&sfp_email=&sfph_mail=", "refsource": "MISC", "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2912731%40mobile-login-woocommerce&new=2912731%40mobile-login-woocommerce&sfp_email=&sfph_mail=" + }, + { + "url": "https://lana.codes/lanavdb/87b5e80e-fd5b-47c3-bf82-088bdf4573b5/", + "refsource": "MISC", + "name": "https://lana.codes/lanavdb/87b5e80e-fd5b-47c3-bf82-088bdf4573b5/" } ] }, diff --git a/2023/3xxx/CVE-2023-3027.json b/2023/3xxx/CVE-2023-3027.json index 21a41d07211..9c53208402f 100644 --- a/2023/3xxx/CVE-2023-3027.json +++ b/2023/3xxx/CVE-2023-3027.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "RHACM", + "version": { + "version_data": [ + { + "version_value": "2.5, 2.6, 2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211468#c0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created." } ] } diff --git a/2023/3xxx/CVE-2023-3079.json b/2023/3xxx/CVE-2023-3079.json index 89d8e3c12c9..a0dbc96ca33 100644 --- a/2023/3xxx/CVE-2023-3079.json +++ b/2023/3xxx/CVE-2023-3079.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3079", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "114.0.5735.110", + "version_value": "114.0.5735.110" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1450481", + "refsource": "MISC", + "name": "https://crbug.com/1450481" } ] }