diff --git a/2022/39xxx/CVE-2022-39135.json b/2022/39xxx/CVE-2022-39135.json index 8aa09eefeb0..4cbddf82922 100644 --- a/2022/39xxx/CVE-2022-39135.json +++ b/2022/39xxx/CVE-2022-39135.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@apache.org", "ID": "CVE-2022-39135", - "STATE": "PUBLIC", - "TITLE": "Apache Calcite: potential XEE attacks" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Apache Software Foundation", "product": { "product_data": [ { @@ -17,69 +41,42 @@ "version_data": [ { "version_affected": "<", - "version_name": "Apache Calcite", + "version_name": "1.22.0", "version_value": "1.32.0" } ] } } ] - }, - "vendor_name": "Apache Software Foundation" + } } ] } }, - "credit": [ - { - "lang": "eng", - "value": "Apache Calcite would like to thank David Handermann for reporting this issue" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators." + "url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2022/11/21/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/11/21/3" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": [ - {} - ], - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-611 Improper Restriction of XML External Entity Reference" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082", - "name": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20221121 Apache Solr is vulnerable to CVE-2022-39135 via /sql handler", - "url": "http://www.openwall.com/lists/oss-security/2022/11/21/3" - } - ] - }, "source": { "discovery": "UNKNOWN" - } + }, + "credits": [ + { + "lang": "en", + "value": "Apache Calcite would like to thank David Handermann for reporting this issue" + } + ] } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20594.json b/2023/20xxx/CVE-2023-20594.json index de47af5e730..81a979ed847 100644 --- a/2023/20xxx/CVE-2023-20594.json +++ b/2023/20xxx/CVE-2023-20594.json @@ -1,18 +1,344 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "3rd Gen AMD EPYC\u2122 Processors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-4007", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20597.json b/2023/20xxx/CVE-2023-20597.json index c7de7acbf9d..8f4508c832b 100644 --- a/2023/20xxx/CVE-2023-20597.json +++ b/2023/20xxx/CVE-2023-20597.json @@ -1,18 +1,249 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\nImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "various " + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-4007", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39044.json b/2023/39xxx/CVE-2023-39044.json index ea4c8eb6a6d..8f88f5b1d9b 100644 --- a/2023/39xxx/CVE-2023-39044.json +++ b/2023/39xxx/CVE-2023-39044.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39044", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39044", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39044.md", + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39044.md" } ] } diff --git a/2023/40xxx/CVE-2023-40618.json b/2023/40xxx/CVE-2023-40618.json index 013710bfb69..771b927d70e 100644 --- a/2023/40xxx/CVE-2023-40618.json +++ b/2023/40xxx/CVE-2023-40618.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2023-40618", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618", + "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'." } ] } diff --git a/2023/40xxx/CVE-2023-40619.json b/2023/40xxx/CVE-2023-40619.json index e62e82358db..4751431dc83 100644 --- a/2023/40xxx/CVE-2023-40619.json +++ b/2023/40xxx/CVE-2023-40619.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2023-40619", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619", + "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized." } ] } diff --git a/2023/43xxx/CVE-2023-43494.json b/2023/43xxx/CVE-2023-43494.json index 0a49be4d739..54fc0366fd8 100644 --- a/2023/43xxx/CVE-2023-43494.json +++ b/2023/43xxx/CVE-2023-43494.json @@ -79,6 +79,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43495.json b/2023/43xxx/CVE-2023-43495.json index 139b689d5e3..5ff4820bc23 100644 --- a/2023/43xxx/CVE-2023-43495.json +++ b/2023/43xxx/CVE-2023-43495.json @@ -73,6 +73,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43496.json b/2023/43xxx/CVE-2023-43496.json index 7f4b6be5edf..47456074d35 100644 --- a/2023/43xxx/CVE-2023-43496.json +++ b/2023/43xxx/CVE-2023-43496.json @@ -73,6 +73,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43497.json b/2023/43xxx/CVE-2023-43497.json index fe63bd41598..a21b2bb4a29 100644 --- a/2023/43xxx/CVE-2023-43497.json +++ b/2023/43xxx/CVE-2023-43497.json @@ -73,6 +73,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43498.json b/2023/43xxx/CVE-2023-43498.json index b6a3b11e07a..5e786276f5d 100644 --- a/2023/43xxx/CVE-2023-43498.json +++ b/2023/43xxx/CVE-2023-43498.json @@ -73,6 +73,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43499.json b/2023/43xxx/CVE-2023-43499.json index 270b7d74e46..cec25252444 100644 --- a/2023/43xxx/CVE-2023-43499.json +++ b/2023/43xxx/CVE-2023-43499.json @@ -58,6 +58,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43500.json b/2023/43xxx/CVE-2023-43500.json index 70487cf114a..08a22e25ec8 100644 --- a/2023/43xxx/CVE-2023-43500.json +++ b/2023/43xxx/CVE-2023-43500.json @@ -58,6 +58,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43501.json b/2023/43xxx/CVE-2023-43501.json index 4c4242e3383..5054b82f608 100644 --- a/2023/43xxx/CVE-2023-43501.json +++ b/2023/43xxx/CVE-2023-43501.json @@ -58,6 +58,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/43xxx/CVE-2023-43502.json b/2023/43xxx/CVE-2023-43502.json index f1b340d9e65..b5af605c804 100644 --- a/2023/43xxx/CVE-2023-43502.json +++ b/2023/43xxx/CVE-2023-43502.json @@ -58,6 +58,11 @@ "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239", "refsource": "MISC", "name": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/20/5" } ] } diff --git a/2023/4xxx/CVE-2023-4881.json b/2023/4xxx/CVE-2023-4881.json index b0fdf955e31..494ed42fdb7 100644 --- a/2023/4xxx/CVE-2023-4881.json +++ b/2023/4xxx/CVE-2023-4881.json @@ -5,181 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-4881", "ASSIGNER": "secalert@redhat.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Out-of-bounds Write", - "cweId": "CWE-787" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "kernel", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - }, - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - }, - { - "vendor_name": "Fedora", - "product": { - "product_data": [ - { - "product_name": "Fedora", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://access.redhat.com/security/cve/CVE-2023-4881", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2023-4881" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238312", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2238312" - } - ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "version": "3.1" + "value": "** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team." } ] } diff --git a/2023/5xxx/CVE-2023-5093.json b/2023/5xxx/CVE-2023-5093.json new file mode 100644 index 00000000000..71a0ec0ee9b --- /dev/null +++ b/2023/5xxx/CVE-2023-5093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5094.json b/2023/5xxx/CVE-2023-5094.json new file mode 100644 index 00000000000..dcb8344b3d9 --- /dev/null +++ b/2023/5xxx/CVE-2023-5094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5095.json b/2023/5xxx/CVE-2023-5095.json new file mode 100644 index 00000000000..47a733721a4 --- /dev/null +++ b/2023/5xxx/CVE-2023-5095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5096.json b/2023/5xxx/CVE-2023-5096.json new file mode 100644 index 00000000000..0253d697d56 --- /dev/null +++ b/2023/5xxx/CVE-2023-5096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file