diff --git a/2016/6xxx/CVE-2016-6153.json b/2016/6xxx/CVE-2016-6153.json
index af49499bd5e..67a30d2b427 100644
--- a/2016/6xxx/CVE-2016-6153.json
+++ b/2016/6xxx/CVE-2016-6153.json
@@ -111,6 +111,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-49f80a78bc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
+ },
+ {
+ "refsource": "MLIST",
+ "name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
+ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
]
}
diff --git a/2018/8xxx/CVE-2018-8740.json b/2018/8xxx/CVE-2018-8740.json
index 4414bf750b5..3c6b0412f7c 100644
--- a/2018/8xxx/CVE-2018-8740.json
+++ b/2018/8xxx/CVE-2018-8740.json
@@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
+ },
+ {
+ "refsource": "MLIST",
+ "name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3431-1] sqlite security update",
+ "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html"
}
]
}
diff --git a/2023/26xxx/CVE-2023-26116.json b/2023/26xxx/CVE-2023-26116.json
index 3c3870b62bd..b3d01b2ea54 100644
--- a/2023/26xxx/CVE-2023-26116.json
+++ b/2023/26xxx/CVE-2023-26116.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
+ "value": "Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
}
]
},
@@ -37,6 +37,42 @@
"product_data": [
{
"product_name": "angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.2.21",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.bower:angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.2.21",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.npm:angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.2.23",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.bowergithub.angular:angular",
"version": {
"version_data": [
{
@@ -60,6 +96,21 @@
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044"
},
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320"
+ },
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321"
+ },
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322"
+ },
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos",
"refsource": "MISC",
@@ -80,7 +131,6 @@
"impact": {
"cvss": [
{
- "version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@@ -91,7 +141,8 @@
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
+ "version": "3.1"
}
]
}
diff --git a/2023/26xxx/CVE-2023-26117.json b/2023/26xxx/CVE-2023-26117.json
index 2a80033cfe3..5214a5ad37f 100644
--- a/2023/26xxx/CVE-2023-26117.json
+++ b/2023/26xxx/CVE-2023-26117.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
+ "value": "Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
}
]
},
@@ -37,6 +37,42 @@
"product_data": [
{
"product_name": "angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.0.0",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.bower:angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.0.0",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.npm:angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.0.0",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.bowergithub.angular:angular",
"version": {
"version_data": [
{
@@ -60,6 +96,21 @@
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045"
},
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323"
+ },
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324"
+ },
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325"
+ },
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos",
"refsource": "MISC",
@@ -80,7 +131,6 @@
"impact": {
"cvss": [
{
- "version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@@ -91,7 +141,8 @@
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
+ "version": "3.1"
}
]
}
diff --git a/2023/26xxx/CVE-2023-26118.json b/2023/26xxx/CVE-2023-26118.json
index 8948a60ed0e..a6d1b9192bc 100644
--- a/2023/26xxx/CVE-2023-26118.json
+++ b/2023/26xxx/CVE-2023-26118.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
+ "value": "Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking."
}
]
},
@@ -37,6 +37,42 @@
"product_data": [
{
"product_name": "angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.4.9",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.bower:angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.4.9",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.npm:angular",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.4.9",
+ "version_value": "*"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "org.webjars.bowergithub.angular:angular",
"version": {
"version_data": [
{
@@ -60,6 +96,21 @@
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046"
},
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326"
+ },
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327"
+ },
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328"
+ },
{
"url": "https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos",
"refsource": "MISC",
@@ -80,7 +131,6 @@
"impact": {
"cvss": [
{
- "version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@@ -91,7 +141,8 @@
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
+ "version": "3.1"
}
]
}
diff --git a/2023/2xxx/CVE-2023-2835.json b/2023/2xxx/CVE-2023-2835.json
new file mode 100644
index 00000000000..b9ac0827e7f
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2835.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2835",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/2xxx/CVE-2023-2836.json b/2023/2xxx/CVE-2023-2836.json
new file mode 100644
index 00000000000..8b64af94fd9
--- /dev/null
+++ b/2023/2xxx/CVE-2023-2836.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-2836",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/31xxx/CVE-2023-31058.json b/2023/31xxx/CVE-2023-31058.json
index 40965866fba..35d6deb43f2 100644
--- a/2023/31xxx/CVE-2023-31058.json
+++ b/2023/31xxx/CVE-2023-31058.json
@@ -1,18 +1,85 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31058",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@apache.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the\n'autoDeserialize' option filtering by adding\u00a0blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n\n\n[1] \n\n https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 \n\n\n\n\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-502 Deserialization of Untrusted Data",
+ "cweId": "CWE-502"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache InLong",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.4.0",
+ "version_value": "1.6.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z",
+ "refsource": "MISC",
+ "name": "https://lists.apache.org/thread/bkcgbn9l61croxfyspf7xd42qb189s3z"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "sw0rd1ight of Caiji Sec Team"
+ },
+ {
+ "lang": "en",
+ "value": "4ra1n of Chaitin Tech"
+ },
+ {
+ "lang": "en",
+ "value": "H Ming"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/31xxx/CVE-2023-31779.json b/2023/31xxx/CVE-2023-31779.json
index 82a0ac23476..d6db65ffd05 100644
--- a/2023/31xxx/CVE-2023-31779.json
+++ b/2023/31xxx/CVE-2023-31779.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-31779",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-31779",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in \"Reaction to comment\" feature."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/wekan/wekan/blob/master/CHANGELOG.md",
+ "refsource": "MISC",
+ "name": "https://github.com/wekan/wekan/blob/master/CHANGELOG.md"
+ },
+ {
+ "url": "https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279",
+ "refsource": "MISC",
+ "name": "https://github.com/wekan/wekan/commit/47ac33d6c234359c31d9b5eae49ed3e793907279"
}
]
}