diff --git a/2014/125xxx/CVE-2014-125026.json b/2014/125xxx/CVE-2014-125026.json index 0b787699523..84a81f323ac 100644 --- a/2014/125xxx/CVE-2014-125026.json +++ b/2014/125xxx/CVE-2014-125026.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "0.0.0-20140711154735-199f5f787806" } ] } diff --git a/2017/20xxx/CVE-2017-20146.json b/2017/20xxx/CVE-2017-20146.json index 2a3678383db..7333c5bf260 100644 --- a/2017/20xxx/CVE-2017-20146.json +++ b/2017/20xxx/CVE-2017-20146.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "1.3.0" } ] } diff --git a/2020/28xxx/CVE-2020-28367.json b/2020/28xxx/CVE-2020-28367.json index 6a78227e54a..557630772b9 100644 --- a/2020/28xxx/CVE-2020-28367.json +++ b/2020/28xxx/CVE-2020-28367.json @@ -45,7 +45,7 @@ }, { "version_affected": "<", - "version_name": "1.15.0", + "version_name": "1.15.0-0", "version_value": "1.15.5" } ] diff --git a/2020/36xxx/CVE-2020-36562.json b/2020/36xxx/CVE-2020-36562.json index a26a52041f2..fcea4616863 100644 --- a/2020/36xxx/CVE-2020-36562.json +++ b/2020/36xxx/CVE-2020-36562.json @@ -39,8 +39,10 @@ "version": { "version_data": [ { - "version_value": "n/a", - "version_affected": "?" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } } ] } diff --git a/2020/36xxx/CVE-2020-36564.json b/2020/36xxx/CVE-2020-36564.json index a2cad99aa57..a55ab4d4ee2 100644 --- a/2020/36xxx/CVE-2020-36564.json +++ b/2020/36xxx/CVE-2020-36564.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.1" } ] } diff --git a/2020/36xxx/CVE-2020-36565.json b/2020/36xxx/CVE-2020-36565.json index d2603def3d2..35840bfd6b6 100644 --- a/2020/36xxx/CVE-2020-36565.json +++ b/2020/36xxx/CVE-2020-36565.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "4.1.18-0.20201215153152-4422e3b66b9f" } ] } diff --git a/2020/36xxx/CVE-2020-36568.json b/2020/36xxx/CVE-2020-36568.json index e8738c6c97d..4b84a532704 100644 --- a/2020/36xxx/CVE-2020-36568.json +++ b/2020/36xxx/CVE-2020-36568.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.0" } ] } diff --git a/2021/4xxx/CVE-2021-4235.json b/2021/4xxx/CVE-2021-4235.json index 72c61ecd6b0..72051ab1c18 100644 --- a/2021/4xxx/CVE-2021-4235.json +++ b/2021/4xxx/CVE-2021-4235.json @@ -39,8 +39,29 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "2.2.3" + } + ] + } + } + ] + } + }, + { + "vendor_name": "github.com/go-yaml/yaml", + "product": { + "product_data": [ + { + "product_name": "github.com/go-yaml/yaml", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } } ] } diff --git a/2021/4xxx/CVE-2021-4236.json b/2021/4xxx/CVE-2021-4236.json index 6b2dc4f5817..0d104a6f3d6 100644 --- a/2021/4xxx/CVE-2021-4236.json +++ b/2021/4xxx/CVE-2021-4236.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "1.4.0", - "version_affected": "=" + "version_affected": "<", + "version_name": "1.4.0", + "version_value": "1.5.2" } ] } diff --git a/2021/4xxx/CVE-2021-4238.json b/2021/4xxx/CVE-2021-4238.json index ff041fddfa0..7f6ce9e1975 100644 --- a/2021/4xxx/CVE-2021-4238.json +++ b/2021/4xxx/CVE-2021-4238.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.1" } ] } diff --git a/2021/4xxx/CVE-2021-4239.json b/2021/4xxx/CVE-2021-4239.json index e448cd0b210..6c62555af1e 100644 --- a/2021/4xxx/CVE-2021-4239.json +++ b/2021/4xxx/CVE-2021-4239.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.0" } ] } diff --git a/2022/2xxx/CVE-2022-2582.json b/2022/2xxx/CVE-2022-2582.json index a0d20ed9946..4f20ca1ce62 100644 --- a/2022/2xxx/CVE-2022-2582.json +++ b/2022/2xxx/CVE-2022-2582.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "1.34.0" } ] } diff --git a/2022/2xxx/CVE-2022-2583.json b/2022/2xxx/CVE-2022-2583.json index 47bdcc69d90..77eafb30b2f 100644 --- a/2022/2xxx/CVE-2022-2583.json +++ b/2022/2xxx/CVE-2022-2583.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "0.7.2" } ] } diff --git a/2022/2xxx/CVE-2022-2584.json b/2022/2xxx/CVE-2022-2584.json index cbaa7b0ebe7..7f3388d19e4 100644 --- a/2022/2xxx/CVE-2022-2584.json +++ b/2022/2xxx/CVE-2022-2584.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "1.3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3064.json b/2022/3xxx/CVE-2022-3064.json index bfbdc2efb91..10a68e3989c 100644 --- a/2022/3xxx/CVE-2022-3064.json +++ b/2022/3xxx/CVE-2022-3064.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "2.2.4" } ] } diff --git a/2022/3xxx/CVE-2022-3346.json b/2022/3xxx/CVE-2022-3346.json index c640e73ee0f..2b0da3ac57c 100644 --- a/2022/3xxx/CVE-2022-3346.json +++ b/2022/3xxx/CVE-2022-3346.json @@ -39,8 +39,10 @@ "version": { "version_data": [ { - "version_value": "n/a", - "version_affected": "?" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } } ] } diff --git a/2022/3xxx/CVE-2022-3347.json b/2022/3xxx/CVE-2022-3347.json index b05fa4cf238..9dff8d5a2fe 100644 --- a/2022/3xxx/CVE-2022-3347.json +++ b/2022/3xxx/CVE-2022-3347.json @@ -39,8 +39,10 @@ "version": { "version_data": [ { - "version_value": "n/a", - "version_affected": "?" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } } ] } diff --git a/2022/41xxx/CVE-2022-41719.json b/2022/41xxx/CVE-2022-41719.json index 5460d8568d7..ca56f7da20a 100644 --- a/2022/41xxx/CVE-2022-41719.json +++ b/2022/41xxx/CVE-2022-41719.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "2.1.1" } ] } diff --git a/2022/41xxx/CVE-2022-41721.json b/2022/41xxx/CVE-2022-41721.json index 153d6813a2e..8db8c80ca83 100644 --- a/2022/41xxx/CVE-2022-41721.json +++ b/2022/41xxx/CVE-2022-41721.json @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0.0.0-20220524220425-1d687d428aca", - "version_affected": "=" + "version_affected": "<", + "version_name": "0.0.0-20220524220425-1d687d428aca", + "version_value": "0.1.1-0.20221104162952-702349b0e862" } ] } diff --git a/2022/43xxx/CVE-2022-43777.json b/2022/43xxx/CVE-2022-43777.json index b022045f806..881b559b988 100644 --- a/2022/43xxx/CVE-2022-43777.json +++ b/2022/43xxx/CVE-2022-43777.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43777", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43778.json b/2022/43xxx/CVE-2022-43778.json index b771df1aadc..a991a10a416 100644 --- a/2022/43xxx/CVE-2022-43778.json +++ b/2022/43xxx/CVE-2022-43778.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43778", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.13" } } \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4141.json b/2022/4xxx/CVE-2022-4141.json index a3a4d921b3f..fe3b00574c7 100644 --- a/2022/4xxx/CVE-2022-4141.json +++ b/2022/4xxx/CVE-2022-4141.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202305-16", "url": "https://security.gentoo.org/glsa/202305-16" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html" } ] }, diff --git a/2023/0xxx/CVE-2023-0054.json b/2023/0xxx/CVE-2023-0054.json index 58bdb71045f..c5b4a4b7313 100644 --- a/2023/0xxx/CVE-2023-0054.json +++ b/2023/0xxx/CVE-2023-0054.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202305-16", "url": "https://security.gentoo.org/glsa/202305-16" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1175.json b/2023/1xxx/CVE-2023-1175.json index f5bfc91a4f9..44990baced7 100644 --- a/2023/1xxx/CVE-2023-1175.json +++ b/2023/1xxx/CVE-2023-1175.json @@ -94,6 +94,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-030318ca00", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1897.json b/2023/1xxx/CVE-2023-1897.json index 4db052eba74..efc3cb93f75 100644 --- a/2023/1xxx/CVE-2023-1897.json +++ b/2023/1xxx/CVE-2023-1897.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user\u2019s browser, which could allow an attacker with access to the user\u2019s computer to gain credential information of the controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlas Copco", + "product": { + "product_data": [ + { + "product_name": "Power Focus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01" + } + ] + }, + "generator": { + "engine": "VINCE 2.1.2", + "env": "prod", + "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1897" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/1xxx/CVE-2023-1898.json b/2023/1xxx/CVE-2023-1898.json index 953e3caf782..f9f5638ee2d 100644 --- a/2023/1xxx/CVE-2023-1898.json +++ b/2023/1xxx/CVE-2023-1898.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user\u2019s session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-334 Small Space of Random Values" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlas Copco", + "product": { + "product_data": [ + { + "product_name": "Power Focus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01" + } + ] + }, + "generator": { + "engine": "VINCE 2.1.2", + "env": "prod", + "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1898" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/1xxx/CVE-2023-1899.json b/2023/1xxx/CVE-2023-1899.json index c0da26390df..ec5e96462b4 100644 --- a/2023/1xxx/CVE-2023-1899.json +++ b/2023/1xxx/CVE-2023-1899.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlas Copco", + "product": { + "product_data": [ + { + "product_name": "Power Focus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01" + } + ] + }, + "generator": { + "engine": "VINCE 2.1.2", + "env": "prod", + "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1899" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/24xxx/CVE-2023-24534.json b/2023/24xxx/CVE-2023-24534.json index d25d78f4e61..6ed5fddcfcb 100644 --- a/2023/24xxx/CVE-2023-24534.json +++ b/2023/24xxx/CVE-2023-24534.json @@ -45,7 +45,7 @@ }, { "version_affected": "<", - "version_name": "1.20.0", + "version_name": "1.20.0-0", "version_value": "1.20.3" } ] diff --git a/2023/24xxx/CVE-2023-24536.json b/2023/24xxx/CVE-2023-24536.json index 8f0c822bef9..29a87f1f635 100644 --- a/2023/24xxx/CVE-2023-24536.json +++ b/2023/24xxx/CVE-2023-24536.json @@ -45,7 +45,7 @@ }, { "version_affected": "<", - "version_name": "1.20.0", + "version_name": "1.20.0-0", "version_value": "1.20.3" } ] @@ -62,7 +62,7 @@ }, { "version_affected": "<", - "version_name": "1.20.0", + "version_name": "1.20.0-0", "version_value": "1.20.3" } ] diff --git a/2023/28xxx/CVE-2023-28478.json b/2023/28xxx/CVE-2023-28478.json index 78dd8225c61..598fdaa190a 100644 --- a/2023/28xxx/CVE-2023-28478.json +++ b/2023/28xxx/CVE-2023-28478.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-28478", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-28478", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0006.md", + "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0006.md" } ] } diff --git a/2023/2xxx/CVE-2023-2118.json b/2023/2xxx/CVE-2023-2118.json index acd270e7bee..89241c33bb8 100644 --- a/2023/2xxx/CVE-2023-2118.json +++ b/2023/2xxx/CVE-2023-2118.json @@ -66,5 +66,11 @@ }, "source": { "discovery": "UNKNOWN" - } + }, + "credits": [ + { + "lang": "en", + "value": "Jico" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2610.json b/2023/2xxx/CVE-2023-2610.json index 7ad07a9f9df..298708f3f73 100644 --- a/2023/2xxx/CVE-2023-2610.json +++ b/2023/2xxx/CVE-2023-2610.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-99d2eaac80", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230612 [SECURITY] [DLA 3453-1] vim security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html" } ] }, diff --git a/2023/31xxx/CVE-2023-31475.json b/2023/31xxx/CVE-2023-31475.json index 56e8c3fa4e6..62556f65484 100644 --- a/2023/31xxx/CVE-2023-31475.json +++ b/2023/31xxx/CVE-2023-31475.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md" + }, + { + "refsource": "MISC", + "name": "https://justinapplegate.me/2023/glinet-CVE-2023-31475/", + "url": "https://justinapplegate.me/2023/glinet-CVE-2023-31475/" } ] } diff --git a/2023/33xxx/CVE-2023-33622.json b/2023/33xxx/CVE-2023-33622.json index eb8feb5f3f5..f7b7a62c8b2 100644 --- a/2023/33xxx/CVE-2023-33622.json +++ b/2023/33xxx/CVE-2023-33622.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-33622", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31475. Reason: This record is a reservation duplicate of CVE-2023-31475. Notes: All CVE users should reference CVE-2023-31475 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." } ] } diff --git a/2023/33xxx/CVE-2023-33623.json b/2023/33xxx/CVE-2023-33623.json index ce47d2e4d40..1ce1b378e55 100644 --- a/2023/33xxx/CVE-2023-33623.json +++ b/2023/33xxx/CVE-2023-33623.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-33623", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31478. Reason: This record is a reservation duplicate of CVE-2023-31478. Notes: All CVE users should reference CVE-2023-31478 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." } ] } diff --git a/2023/33xxx/CVE-2023-33624.json b/2023/33xxx/CVE-2023-33624.json index 54cc217ba15..5d2b1c7161f 100644 --- a/2023/33xxx/CVE-2023-33624.json +++ b/2023/33xxx/CVE-2023-33624.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-33624", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31472. Reason: This record is a reservation duplicate of CVE-2023-31472. Notes: All CVE users should reference CVE-2023-31472 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." } ] } diff --git a/2023/33xxx/CVE-2023-33625.json b/2023/33xxx/CVE-2023-33625.json index 98de10f2784..116108e8e0c 100644 --- a/2023/33xxx/CVE-2023-33625.json +++ b/2023/33xxx/CVE-2023-33625.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33625", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33625", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection", + "refsource": "MISC", + "name": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection" + }, + { + "refsource": "MISC", + "name": "https://hackmd.io/@naihsin/By2datZD2", + "url": "https://hackmd.io/@naihsin/By2datZD2" + }, + { + "refsource": "MISC", + "name": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md", + "url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md" } ] } diff --git a/2023/33xxx/CVE-2023-33626.json b/2023/33xxx/CVE-2023-33626.json index 99c28b3784b..31514cf5cd5 100644 --- a/2023/33xxx/CVE-2023-33626.json +++ b/2023/33xxx/CVE-2023-33626.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33626", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33626", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow", + "refsource": "MISC", + "name": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow" + }, + { + "refsource": "MISC", + "name": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md", + "url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md" } ] } diff --git a/2023/34xxx/CVE-2023-34940.json b/2023/34xxx/CVE-2023-34940.json index b5e4c8858d0..f2052c9757c 100644 --- a/2023/34xxx/CVE-2023-34940.json +++ b/2023/34xxx/CVE-2023-34940.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34940", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34940", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/URLFilterList_Stack_BOF.md", + "refsource": "MISC", + "name": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/URLFilterList_Stack_BOF.md" } ] } diff --git a/2023/34xxx/CVE-2023-34941.json b/2023/34xxx/CVE-2023-34941.json index a98bfd3495a..b15556d2c9c 100644 --- a/2023/34xxx/CVE-2023-34941.json +++ b/2023/34xxx/CVE-2023-34941.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34941", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34941", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/StoredXSS_FirewallURLFilter.md", + "refsource": "MISC", + "name": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/StoredXSS_FirewallURLFilter.md" } ] } diff --git a/2023/34xxx/CVE-2023-34942.json b/2023/34xxx/CVE-2023-34942.json index 7354dc60adf..6031fadf315 100644 --- a/2023/34xxx/CVE-2023-34942.json +++ b/2023/34xxx/CVE-2023-34942.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34942", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34942", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/MAC_Address_StackBOF.md", + "refsource": "MISC", + "name": "https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10LX_2.0.0.39/MAC_Address_StackBOF.md" } ] } diff --git a/2023/35xxx/CVE-2023-35064.json b/2023/35xxx/CVE-2023-35064.json new file mode 100644 index 00000000000..ce3dc9f801c --- /dev/null +++ b/2023/35xxx/CVE-2023-35064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35065.json b/2023/35xxx/CVE-2023-35065.json new file mode 100644 index 00000000000..28de3254164 --- /dev/null +++ b/2023/35xxx/CVE-2023-35065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35066.json b/2023/35xxx/CVE-2023-35066.json new file mode 100644 index 00000000000..ca7d35ff5f3 --- /dev/null +++ b/2023/35xxx/CVE-2023-35066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35067.json b/2023/35xxx/CVE-2023-35067.json new file mode 100644 index 00000000000..2690a00c9ce --- /dev/null +++ b/2023/35xxx/CVE-2023-35067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35068.json b/2023/35xxx/CVE-2023-35068.json new file mode 100644 index 00000000000..f537b017188 --- /dev/null +++ b/2023/35xxx/CVE-2023-35068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35069.json b/2023/35xxx/CVE-2023-35069.json new file mode 100644 index 00000000000..7967a0be32a --- /dev/null +++ b/2023/35xxx/CVE-2023-35069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35070.json b/2023/35xxx/CVE-2023-35070.json new file mode 100644 index 00000000000..6db88960016 --- /dev/null +++ b/2023/35xxx/CVE-2023-35070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35071.json b/2023/35xxx/CVE-2023-35071.json new file mode 100644 index 00000000000..8abe8fa7dda --- /dev/null +++ b/2023/35xxx/CVE-2023-35071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35072.json b/2023/35xxx/CVE-2023-35072.json new file mode 100644 index 00000000000..382c8a6b9dc --- /dev/null +++ b/2023/35xxx/CVE-2023-35072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/35xxx/CVE-2023-35073.json b/2023/35xxx/CVE-2023-35073.json new file mode 100644 index 00000000000..09ad916731d --- /dev/null +++ b/2023/35xxx/CVE-2023-35073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3161.json b/2023/3xxx/CVE-2023-3161.json index a3b9d7de381..5ba1b0b5118 100644 --- a/2023/3xxx/CVE-2023-3161.json +++ b/2023/3xxx/CVE-2023-3161.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Linux Kernel (fbcon)", + "version": { + "version_data": [ + { + "version_value": "Fixed in kernel 6.2-rc7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1335" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be", + "url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service." } ] }