From a65b14de581fc94a1ab236df166c6be6387b68f6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 28 Jun 2023 21:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4143.json | 90 +++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21512.json | 77 ++++++++++++++++++++++++--- 2023/21xxx/CVE-2023-21513.json | 77 ++++++++++++++++++++++++--- 2023/21xxx/CVE-2023-21517.json | 77 ++++++++++++++++++++++++--- 2023/21xxx/CVE-2023-21518.json | 77 ++++++++++++++++++++++++--- 2023/28xxx/CVE-2023-28500.json | 10 ++-- 2023/2xxx/CVE-2023-2232.json | 84 +++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2235.json | 5 -- 2023/32xxx/CVE-2023-32222.json | 97 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32223.json | 91 ++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32224.json | 91 ++++++++++++++++++++++++++++--- 2023/34xxx/CVE-2023-34650.json | 61 ++++++++++++++++++--- 2023/34xxx/CVE-2023-34651.json | 61 ++++++++++++++++++--- 2023/34xxx/CVE-2023-34652.json | 61 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37213.json | 18 +++++++ 2023/37xxx/CVE-2023-37214.json | 18 +++++++ 2023/37xxx/CVE-2023-37215.json | 18 +++++++ 2023/37xxx/CVE-2023-37216.json | 18 +++++++ 2023/37xxx/CVE-2023-37217.json | 18 +++++++ 2023/37xxx/CVE-2023-37218.json | 18 +++++++ 2023/37xxx/CVE-2023-37219.json | 18 +++++++ 2023/37xxx/CVE-2023-37220.json | 18 +++++++ 2023/37xxx/CVE-2023-37221.json | 18 +++++++ 2023/37xxx/CVE-2023-37222.json | 18 +++++++ 2023/3xxx/CVE-2023-3138.json | 65 +++++++++++++++++++++-- 2023/3xxx/CVE-2023-3243.json | 95 +++++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3355.json | 50 ++++++++++++++++-- 2023/3xxx/CVE-2023-3390.json | 84 +++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3439.json | 55 +++++++++++++++++-- 2023/3xxx/CVE-2023-3453.json | 18 +++++++ 30 files changed, 1411 insertions(+), 95 deletions(-) create mode 100644 2023/37xxx/CVE-2023-37213.json create mode 100644 2023/37xxx/CVE-2023-37214.json create mode 100644 2023/37xxx/CVE-2023-37215.json create mode 100644 2023/37xxx/CVE-2023-37216.json create mode 100644 2023/37xxx/CVE-2023-37217.json create mode 100644 2023/37xxx/CVE-2023-37218.json create mode 100644 2023/37xxx/CVE-2023-37219.json create mode 100644 2023/37xxx/CVE-2023-37220.json create mode 100644 2023/37xxx/CVE-2023-37221.json create mode 100644 2023/37xxx/CVE-2023-37222.json create mode 100644 2023/3xxx/CVE-2023-3453.json diff --git a/2022/4xxx/CVE-2022-4143.json b/2022/4xxx/CVE-2022-4143.json index 3e274e64f43..d861cc34206 100644 --- a/2022/4xxx/CVE-2022-4143.json +++ b/2022/4xxx/CVE-2022-4143.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4143", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.7, <15.8.5" + }, + { + "version_value": ">=15.9, <15.9.4" + }, + { + "version_value": ">=15.10, <15.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check time-of-use (toctou) race condition in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/383776", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383776", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1767639", + "url": "https://hackerone.com/reports/1767639", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [zzyzxd](https://hackerone.com/zzyzxd) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21512.json b/2023/21xxx/CVE-2023-21512.json index 9ec2584de8c..1ae9ee751c1 100644 --- a/2023/21xxx/CVE-2023-21512.json +++ b/2023/21xxx/CVE-2023-21512.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Android 11, 12, 13", + "version_value": "SMR Jun-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": "2.4", + "baseSeverity": "Low", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21513.json b/2023/21xxx/CVE-2023-21513.json index 16edc8b88ac..0064490d325 100644 --- a/2023/21xxx/CVE-2023-21513.json +++ b/2023/21xxx/CVE-2023-21513.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Android 11, 12, 13", + "version_value": "SMR Jun-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": "6.1", + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21517.json b/2023/21xxx/CVE-2023-21517.json index c60ff4818ef..d679881eb3d 100644 --- a/2023/21xxx/CVE-2023-21517.json +++ b/2023/21xxx/CVE-2023-21517.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Select devices using Exynos CP chipsets", + "version_value": "SMR Jun-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": "8.8", + "baseSeverity": "High", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21518.json b/2023/21xxx/CVE-2023-21518.json index 86857597cfd..f8548db7579 100644 --- a/2023/21xxx/CVE-2023-21518.json +++ b/2023/21xxx/CVE-2023-21518.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung SearchWidget", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "3.3" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": "4.4", + "baseSeverity": "Medium", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=06", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=06" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28500.json b/2023/28xxx/CVE-2023-28500.json index 4a6207d61f8..08e5ebe9fcd 100644 --- a/2023/28xxx/CVE-2023-28500.json +++ b/2023/28xxx/CVE-2023-28500.json @@ -4,28 +4,28 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28500", - "ASSIGNER": "psirt@adobe.com", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "Adobe", "product": { "product_data": [ { - "product_name": "LiveCycle ES4", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "11.0 and earlier" + "version_value": "n/a" } ] } } ] - } + }, + "vendor_name": "n/a" } ] } diff --git a/2023/2xxx/CVE-2023-2232.json b/2023/2xxx/CVE-2023-2232.json index bb9e604b238..53030c345d0 100644 --- a/2023/2xxx/CVE-2023-2232.json +++ b/2023/2xxx/CVE-2023-2232.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2232", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=15.10, <16.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/408352", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408352", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1934802", + "url": "https://hackerone.com/reports/1934802", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2232.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2232.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2235.json b/2023/2xxx/CVE-2023-2235.json index 3903bb8d8c5..da63fe5854f 100644 --- a/2023/2xxx/CVE-2023-2235.json +++ b/2023/2xxx/CVE-2023-2235.json @@ -64,11 +64,6 @@ "url": "https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2", "refsource": "MISC", "name": "https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20230609-0002/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20230609-0002/" } ] }, diff --git a/2023/32xxx/CVE-2023-32222.json b/2023/32xxx/CVE-2023-32222.json index bd6bbc4733f..dc3bdbb5002 100644 --- a/2023/32xxx/CVE-2023-32222.json +++ b/2023/32xxx/CVE-2023-32222.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2023-06-28T07:54:00.000Z", "ID": "CVE-2023-32222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " D-Link DSL-G256DG firmware version vBZ_1.00.27 Authentication Bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DSL-G256DG firmware version vBZ_1.00.27", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "All version", + "version_value": "Manufacturer recommends replacing the unit." + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Levi" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The product reached EOL/EOS. Manufacturer recommends replacing the unit." + } + ], + "source": { + "defect": [ + "ILVN-2023-0109" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32223.json b/2023/32xxx/CVE-2023-32223.json index 597e587e1d2..2effa81c317 100644 --- a/2023/32xxx/CVE-2023-32223.json +++ b/2023/32xxx/CVE-2023-32223.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2023-06-28T07:54:00.000Z", "ID": "CVE-2023-32223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " D-Link DSL-224 firmware version 3.0.10 post authentication command execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DSL-224 firmware version 3.0.10", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "All version", + "version_value": "Update to the latest version" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Nerya Zadkani" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "source": { + "defect": [ + "ILVN-2023-0110" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32224.json b/2023/32xxx/CVE-2023-32224.json index 101387422a4..cfd9a15e0ad 100644 --- a/2023/32xxx/CVE-2023-32224.json +++ b/2023/32xxx/CVE-2023-32224.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cna@cyber.gov.il", + "DATE_PUBLIC": "2023-06-28T07:54:00.000Z", "ID": "CVE-2023-32224", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DSL-224 firmware version 3.0.10", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "All version", + "version_value": "Update to the latest version" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Nerya Zadkani" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "source": { + "defect": [ + "ILVN-2023-0111" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/34xxx/CVE-2023-34650.json b/2023/34xxx/CVE-2023-34650.json index 726f7c71619..0c84bf8b040 100644 --- a/2023/34xxx/CVE-2023-34650.json +++ b/2023/34xxx/CVE-2023-34650.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/small-crm-php/", + "refsource": "MISC", + "name": "https://phpgurukul.com/small-crm-php/" + }, + { + "refsource": "MISC", + "name": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34650", + "url": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34650" } ] } diff --git a/2023/34xxx/CVE-2023-34651.json b/2023/34xxx/CVE-2023-34651.json index e881f8009d1..71bd9eb2d5c 100644 --- a/2023/34xxx/CVE-2023-34651.json +++ b/2023/34xxx/CVE-2023-34651.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34651", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34651", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/hospital-management-system-in-php/", + "refsource": "MISC", + "name": "https://phpgurukul.com/hospital-management-system-in-php/" + }, + { + "refsource": "MISC", + "name": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34651", + "url": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34651" } ] } diff --git a/2023/34xxx/CVE-2023-34652.json b/2023/34xxx/CVE-2023-34652.json index 48c5702148c..f8e824d436c 100644 --- a/2023/34xxx/CVE-2023-34652.json +++ b/2023/34xxx/CVE-2023-34652.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34652", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34652", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phpgurukul.com/hostel-management-system/", + "refsource": "MISC", + "name": "https://phpgurukul.com/hostel-management-system/" + }, + { + "refsource": "MISC", + "name": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34652", + "url": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34652" } ] } diff --git a/2023/37xxx/CVE-2023-37213.json b/2023/37xxx/CVE-2023-37213.json new file mode 100644 index 00000000000..49aec0dbfa9 --- /dev/null +++ b/2023/37xxx/CVE-2023-37213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37214.json b/2023/37xxx/CVE-2023-37214.json new file mode 100644 index 00000000000..004f1e11011 --- /dev/null +++ b/2023/37xxx/CVE-2023-37214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37215.json b/2023/37xxx/CVE-2023-37215.json new file mode 100644 index 00000000000..b3e4ff57876 --- /dev/null +++ b/2023/37xxx/CVE-2023-37215.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37215", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37216.json b/2023/37xxx/CVE-2023-37216.json new file mode 100644 index 00000000000..8415c69be28 --- /dev/null +++ b/2023/37xxx/CVE-2023-37216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37217.json b/2023/37xxx/CVE-2023-37217.json new file mode 100644 index 00000000000..ace5bb5402a --- /dev/null +++ b/2023/37xxx/CVE-2023-37217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37218.json b/2023/37xxx/CVE-2023-37218.json new file mode 100644 index 00000000000..adae5257bb2 --- /dev/null +++ b/2023/37xxx/CVE-2023-37218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37219.json b/2023/37xxx/CVE-2023-37219.json new file mode 100644 index 00000000000..3d4faff6826 --- /dev/null +++ b/2023/37xxx/CVE-2023-37219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37220.json b/2023/37xxx/CVE-2023-37220.json new file mode 100644 index 00000000000..fa66fc5e69b --- /dev/null +++ b/2023/37xxx/CVE-2023-37220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37221.json b/2023/37xxx/CVE-2023-37221.json new file mode 100644 index 00000000000..757a0961b33 --- /dev/null +++ b/2023/37xxx/CVE-2023-37221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/37xxx/CVE-2023-37222.json b/2023/37xxx/CVE-2023-37222.json new file mode 100644 index 00000000000..e145167d471 --- /dev/null +++ b/2023/37xxx/CVE-2023-37222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-37222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3138.json b/2023/3xxx/CVE-2023-3138.json index 68f6f14745a..ff5255f4e91 100644 --- a/2023/3xxx/CVE-2023-3138.json +++ b/2023/3xxx/CVE-2023-3138.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3138", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libX11", + "version": { + "version_data": [ + { + "version_value": "libX11 1.8.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-3138", + "url": "https://access.redhat.com/security/cve/CVE-2023-3138" + }, + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c", + "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c" + }, + { + "refsource": "MISC", + "name": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html", + "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html" + }, + { + "refsource": "MISC", + "name": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html", + "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption." } ] } diff --git a/2023/3xxx/CVE-2023-3243.json b/2023/3xxx/CVE-2023-3243.json index 18b045d87d8..367f70d6aa9 100644 --- a/2023/3xxx/CVE-2023-3243.json +++ b/2023/3xxx/CVE-2023-3243.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3243", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@honeywell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** \n** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash\nand utilize it to create new sessions. The hash is also a poorly salted MD5\nhash, which could result in a successful brute force password attack.\u00a0Recommended fix: Upgrade to a supported product such\nas Alerton\nACM.] Out of an abundance of caution, this CVE ID is being assigned to \nbetter serve our customers and ensure all who are still running this product understand \nthat the product is end of life and should be removed or upgraded.\u00a0\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Alerton", + "product": { + "product_data": [ + { + "product_name": "BCM-WEB", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "3.3.X" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.honeywell.com/us/en/product-security", + "refsource": "MISC", + "name": "https://www.honeywell.com/us/en/product-security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3355.json b/2023/3xxx/CVE-2023-3355.json index 51a42b4a8b4..23ec5f271f6 100644 --- a/2023/3xxx/CVE-2023-3355.json +++ b/2023/3xxx/CVE-2023-3355.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "kernel 6.1-rc8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system." } ] } diff --git a/2023/3xxx/CVE-2023-3390.json b/2023/3xxx/CVE-2023-3390.json index 6e18d843520..8be30f70a0e 100644 --- a/2023/3xxx/CVE-2023-3390.json +++ b/2023/3xxx/CVE-2023-3390.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit\u00a01240eb93f0616b21c675416516ff3d74798fdc97." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux Kernel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.16", + "version_value": "6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97" + }, + { + "url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97", + "refsource": "MISC", + "name": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3439.json b/2023/3xxx/CVE-2023-3439.json index 195c0416ab4..3b8361a001f 100644 --- a/2023/3xxx/CVE-2023-3439.json +++ b/2023/3xxx/CVE-2023-3439.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Linux Kernel (mctp)", + "version": { + "version_data": [ + { + "version_value": "Fixed in kernel 5.18-rc5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2217915", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217915" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269", + "url": "https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service." } ] } diff --git a/2023/3xxx/CVE-2023-3453.json b/2023/3xxx/CVE-2023-3453.json new file mode 100644 index 00000000000..04c86ad009f --- /dev/null +++ b/2023/3xxx/CVE-2023-3453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file