diff --git a/2022/1xxx/CVE-2022-1274.json b/2022/1xxx/CVE-2022-1274.json index d587d48f5b4..56cae6c150b 100644 --- a/2022/1xxx/CVE-2022-1274.json +++ b/2022/1xxx/CVE-2022-1274.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" + }, + { + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/usd-2021-0033/", + "url": "https://herolab.usd.de/security-advisories/usd-2021-0033/" } ] }, diff --git a/2022/39xxx/CVE-2022-39337.json b/2022/39xxx/CVE-2022-39337.json index 40aeb5046d0..a9ce8a5d63d 100644 --- a/2022/39xxx/CVE-2022-39337.json +++ b/2022/39xxx/CVE-2022-39337.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dromara", + "product": { + "product_data": [ + { + "product_name": "hertzbeat", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6", + "refsource": "MISC", + "name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-434f-f5cw-3rj6" + }, + { + "url": "https://github.com/dromara/hertzbeat/issues/377", + "refsource": "MISC", + "name": "https://github.com/dromara/hertzbeat/issues/377" + }, + { + "url": "https://github.com/dromara/hertzbeat/pull/382", + "refsource": "MISC", + "name": "https://github.com/dromara/hertzbeat/pull/382" + }, + { + "url": "https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876", + "refsource": "MISC", + "name": "https://github.com/dromara/hertzbeat/commit/ac5970c6ceb64fafe237fc895243df5f21e40876" + } + ] + }, + "source": { + "advisory": "GHSA-434f-f5cw-3rj6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42465.json b/2023/42xxx/CVE-2023-42465.json index 823e698ff1d..3251d98c881 100644 --- a/2023/42xxx/CVE-2023-42465.json +++ b/2023/42xxx/CVE-2023-42465.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-42465", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-42465", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sudo.ws/releases/changelog/", + "refsource": "MISC", + "name": "https://www.sudo.ws/releases/changelog/" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2023/12/21/9", + "url": "https://www.openwall.com/lists/oss-security/2023/12/21/9" + }, + { + "refsource": "MISC", + "name": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f", + "url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f" + }, + { + "refsource": "MISC", + "name": "https://arxiv.org/abs/2309.02545", + "url": "https://arxiv.org/abs/2309.02545" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15", + "url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15" } ] } diff --git a/2023/45xxx/CVE-2023-45165.json b/2023/45xxx/CVE-2023-45165.json index 548e46ba8f1..b2389f2cc87 100644 --- a/2023/45xxx/CVE-2023-45165.json +++ b/2023/45xxx/CVE-2023-45165.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45165", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "AIX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.2, 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7100970", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7100970" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267963", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267963" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45957.json b/2023/45xxx/CVE-2023-45957.json index 12a15efce60..0462964fef9 100644 --- a/2023/45xxx/CVE-2023-45957.json +++ b/2023/45xxx/CVE-2023-45957.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45957", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45957", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zigrin.com/advisories/thirty-bees-stored-cross-site-scripting-xss/", + "refsource": "MISC", + "name": "https://zigrin.com/advisories/thirty-bees-stored-cross-site-scripting-xss/" + }, + { + "url": "https://github.com/thirtybees/thirtybees/commit/f5b2c1e0094ce53fded1443bab99a604ae8e2968", + "refsource": "MISC", + "name": "https://github.com/thirtybees/thirtybees/commit/f5b2c1e0094ce53fded1443bab99a604ae8e2968" + }, + { + "refsource": "MISC", + "name": "https://github.com/thirtybees/thirtybees/compare/1.4.0...1.5.0", + "url": "https://github.com/thirtybees/thirtybees/compare/1.4.0...1.5.0" } ] } diff --git a/2023/48xxx/CVE-2023-48670.json b/2023/48xxx/CVE-2023-48670.json index 510156bd951..99af0cea942 100644 --- a/2023/48xxx/CVE-2023-48670.json +++ b/2023/48xxx/CVE-2023-48670.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "SupportAssist Client Consumer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.14.2.45116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000220677/dsa-2023-468-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000220677/dsa-2023-468-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dell would like to thank Dohyun Lee (@l33d0hyun) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48704.json b/2023/48xxx/CVE-2023-48704.json index c7d8629d3b2..14037d8bca4 100644 --- a/2023/48xxx/CVE-2023-48704.json +++ b/2023/48xxx/CVE-2023-48704.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ClickHouse", + "product": { + "product_data": [ + { + "product_name": "ClickHouse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 23.9.2.47551" + }, + { + "version_affected": "=", + "version_value": "< 23.10.5.20" + }, + { + "version_affected": "=", + "version_value": "< 23.3.18.15" + }, + { + "version_affected": "=", + "version_value": "< 23.8.8.20" + }, + { + "version_affected": "=", + "version_value": "< 23.9.6.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63", + "refsource": "MISC", + "name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63" + }, + { + "url": "https://github.com/ClickHouse/ClickHouse/pull/57107", + "refsource": "MISC", + "name": "https://github.com/ClickHouse/ClickHouse/pull/57107" + } + ] + }, + "source": { + "advisory": "GHSA-5rmf-5g48-xv63", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6817.json b/2023/6xxx/CVE-2023-6817.json index 915a6e351c1..550da3ca599 100644 --- a/2023/6xxx/CVE-2023-6817.json +++ b/2023/6xxx/CVE-2023-6817.json @@ -64,6 +64,11 @@ "url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a", "refsource": "MISC", "name": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/22/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/22/6" } ] },