From 8ef4ab25b01d901b657788bda795be602ea9dbc5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 24 Apr 2023 13:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/48xxx/CVE-2022-48476.json | 83 ++++++++++++++++++++++++++++++++++ 2022/48xxx/CVE-2022-48477.json | 83 ++++++++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1371.json | 2 +- 2023/1xxx/CVE-2023-1406.json | 2 +- 2023/29xxx/CVE-2023-29578.json | 61 ++++++++++++++++++++++--- 2023/29xxx/CVE-2023-29579.json | 61 ++++++++++++++++++++++--- 2023/29xxx/CVE-2023-29582.json | 61 ++++++++++++++++++++++--- 2023/29xxx/CVE-2023-29583.json | 61 ++++++++++++++++++++++--- 2023/2xxx/CVE-2023-2250.json | 18 ++++++++ 9 files changed, 406 insertions(+), 26 deletions(-) create mode 100644 2022/48xxx/CVE-2022-48476.json create mode 100644 2022/48xxx/CVE-2022-48477.json create mode 100644 2023/2xxx/CVE-2023-2250.json diff --git a/2022/48xxx/CVE-2022-48476.json b/2022/48xxx/CVE-2022-48476.json new file mode 100644 index 00000000000..45efb0878fc --- /dev/null +++ b/2022/48xxx/CVE-2022-48476.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-48476", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "Ktor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2022/48xxx/CVE-2022-48477.json b/2022/48xxx/CVE-2022-48477.json new file mode 100644 index 00000000000..ee52c52464d --- /dev/null +++ b/2022/48xxx/CVE-2022-48477.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-48477", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2023.1.15725" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1371.json b/2023/1xxx/CVE-2023-1371.json index 741c2ed07c5..f2d2aecfebb 100644 --- a/2023/1xxx/CVE-2023-1371.json +++ b/2023/1xxx/CVE-2023-1371.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-200 Information Exposure" + "value": "CWE-862 Missing Authorization" } ] } diff --git a/2023/1xxx/CVE-2023-1406.json b/2023/1xxx/CVE-2023-1406.json index 6599b22b9ac..f1b25c2c51d 100644 --- a/2023/1xxx/CVE-2023-1406.json +++ b/2023/1xxx/CVE-2023-1406.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" } ] } diff --git a/2023/29xxx/CVE-2023-29578.json b/2023/29xxx/CVE-2023-29578.json index 148f5907d2c..a4d0790ca62 100644 --- a/2023/29xxx/CVE-2023-29578.json +++ b/2023/29xxx/CVE-2023-29578.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29578", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29578", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TechSmith/mp4v2/issues/74", + "refsource": "MISC", + "name": "https://github.com/TechSmith/mp4v2/issues/74" + }, + { + "url": "https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/mp4property.cpp/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/mp4property.cpp/readme.md" } ] } diff --git a/2023/29xxx/CVE-2023-29579.json b/2023/29xxx/CVE-2023-29579.json index 715a9ddd8a1..c8bb88cf335 100644 --- a/2023/29xxx/CVE-2023-29579.json +++ b/2023/29xxx/CVE-2023-29579.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29579", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29579", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yasm/yasm/issues/214", + "refsource": "MISC", + "name": "https://github.com/yasm/yasm/issues/214" + }, + { + "url": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-buffer-overflow/yasm/readmd.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-buffer-overflow/yasm/readmd.md" } ] } diff --git a/2023/29xxx/CVE-2023-29582.json b/2023/29xxx/CVE-2023-29582.json index adf7f3c16d0..e0f912bff45 100644 --- a/2023/29xxx/CVE-2023-29582.json +++ b/2023/29xxx/CVE-2023-29582.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29582", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29582", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yasm/yasm/issues/217", + "refsource": "MISC", + "name": "https://github.com/yasm/yasm/issues/217" + }, + { + "url": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/readme.md" } ] } diff --git a/2023/29xxx/CVE-2023-29583.json b/2023/29xxx/CVE-2023-29583.json index bba5395b302..33ca6033ec8 100644 --- a/2023/29xxx/CVE-2023-29583.json +++ b/2023/29xxx/CVE-2023-29583.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29583", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29583", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yasm/yasm/issues/218", + "refsource": "MISC", + "name": "https://github.com/yasm/yasm/issues/218" + }, + { + "url": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr5/readme.md", + "refsource": "MISC", + "name": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr5/readme.md" } ] } diff --git a/2023/2xxx/CVE-2023-2250.json b/2023/2xxx/CVE-2023-2250.json new file mode 100644 index 00000000000..b8be24450ef --- /dev/null +++ b/2023/2xxx/CVE-2023-2250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file