From 9cfc1db22eb632c72d51568284a12bf6bbf46f9c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Jul 2023 15:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/24xxx/CVE-2022-24834.json | 93 ++++++++++++++++++++++++++++++++-- 2023/31xxx/CVE-2023-31704.json | 61 +++++++++++++++++++--- 2023/31xxx/CVE-2023-31705.json | 61 +++++++++++++++++++--- 2023/31xxx/CVE-2023-31821.json | 61 +++++++++++++++++++--- 2023/31xxx/CVE-2023-31823.json | 61 +++++++++++++++++++--- 2023/31xxx/CVE-2023-31824.json | 66 +++++++++++++++++++++--- 2023/3xxx/CVE-2023-3664.json | 18 +++++++ 2023/3xxx/CVE-2023-3665.json | 18 +++++++ 8 files changed, 405 insertions(+), 34 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3664.json create mode 100644 2023/3xxx/CVE-2023-3665.json diff --git a/2022/24xxx/CVE-2022-24834.json b/2022/24xxx/CVE-2022-24834.json index cadd4a15498..965fdfb49e6 100644 --- a/2022/24xxx/CVE-2022-24834.json +++ b/2022/24xxx/CVE-2022-24834.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-24834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-680: Integer Overflow to Buffer Overflow", + "cweId": "CWE-680" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "redis", + "product": { + "product_data": [ + { + "product_name": "redis", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 7.0.0, < 7.0.12" + }, + { + "version_affected": "=", + "version_value": ">= 6.2.0, < 6.2.13" + }, + { + "version_affected": "=", + "version_value": ">= 6.0.0, < 6.0.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838", + "refsource": "MISC", + "name": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838" + } + ] + }, + "source": { + "advisory": "GHSA-p8x2-9v9q-c838", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31704.json b/2023/31xxx/CVE-2023-31704.json index 998aea47393..c88adefb1fa 100644 --- a/2023/31xxx/CVE-2023-31704.json +++ b/2023/31xxx/CVE-2023-31704.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31704", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31704", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/d34dun1c02n/CVE-2023-31704", + "url": "https://github.com/d34dun1c02n/CVE-2023-31704" } ] } diff --git a/2023/31xxx/CVE-2023-31705.json b/2023/31xxx/CVE-2023-31705.json index ca4cf961981..04a66e63f65 100644 --- a/2023/31xxx/CVE-2023-31705.json +++ b/2023/31xxx/CVE-2023-31705.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31705", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31705", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/download-code?nid=16451&title=Task+Reminder+System+in+PHP+and+MySQL+Source+Code+Free+Download" + }, + { + "refsource": "MISC", + "name": "https://github.com/d34dun1c02n/CVE-2023-31705", + "url": "https://github.com/d34dun1c02n/CVE-2023-31705" } ] } diff --git a/2023/31xxx/CVE-2023-31821.json b/2023/31xxx/CVE-2023-31821.json index f4ddc0249c1..c468819159d 100644 --- a/2023/31xxx/CVE-2023-31821.json +++ b/2023/31xxx/CVE-2023-31821.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31821", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31821", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://albis.com", + "refsource": "MISC", + "name": "http://albis.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31821.md", + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31821.md" } ] } diff --git a/2023/31xxx/CVE-2023-31823.json b/2023/31xxx/CVE-2023-31823.json index 009b44ce918..c104a36babb 100644 --- a/2023/31xxx/CVE-2023-31823.json +++ b/2023/31xxx/CVE-2023-31823.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31823", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31823", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://marui.com", + "refsource": "MISC", + "name": "http://marui.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31823.md", + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31823.md" } ] } diff --git a/2023/31xxx/CVE-2023-31824.json b/2023/31xxx/CVE-2023-31824.json index df3faf1ec46..673dd5156f4 100644 --- a/2023/31xxx/CVE-2023-31824.json +++ b/2023/31xxx/CVE-2023-31824.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31824", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://delicia.com", + "refsource": "MISC", + "name": "http://delicia.com" + }, + { + "url": "http://dericia.com", + "refsource": "MISC", + "name": "http://dericia.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31824.md", + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31824.md" } ] } diff --git a/2023/3xxx/CVE-2023-3664.json b/2023/3xxx/CVE-2023-3664.json new file mode 100644 index 00000000000..1c27772eb3e --- /dev/null +++ b/2023/3xxx/CVE-2023-3664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3665.json b/2023/3xxx/CVE-2023-3665.json new file mode 100644 index 00000000000..d569c7d0da5 --- /dev/null +++ b/2023/3xxx/CVE-2023-3665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file