diff --git a/2012/5xxx/CVE-2012-5639.json b/2012/5xxx/CVE-2012-5639.json index 3824bcc8d61..60feca05b07 100644 --- a/2012/5xxx/CVE-2012-5639.json +++ b/2012/5xxx/CVE-2012-5639.json @@ -82,6 +82,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/28/6", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/12/28/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/03/6" } ] } diff --git a/2022/43xxx/CVE-2022-43680.json b/2022/43xxx/CVE-2022-43680.json index 082d4fe7b04..9c9b09f2931 100644 --- a/2022/43xxx/CVE-2022-43680.json +++ b/2022/43xxx/CVE-2022-43680.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", "url": "http://www.openwall.com/lists/oss-security/2023/12/28/5" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/5" } ] } diff --git a/2022/47xxx/CVE-2022-47502.json b/2022/47xxx/CVE-2022-47502.json index 3ed3bca2f0c..18cc0d5e0e4 100644 --- a/2022/47xxx/CVE-2022-47502.json +++ b/2022/47xxx/CVE-2022-47502.json @@ -78,6 +78,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/28/3", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/12/28/3" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/03/3" } ] }, diff --git a/2023/1xxx/CVE-2023-1183.json b/2023/1xxx/CVE-2023-1183.json index 32f4f8f93fc..6d79b0a7515 100644 --- a/2023/1xxx/CVE-2023-1183.json +++ b/2023/1xxx/CVE-2023-1183.json @@ -163,6 +163,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/28/4", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/12/28/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/03/4" } ] }, diff --git a/2023/39xxx/CVE-2023-39655.json b/2023/39xxx/CVE-2023-39655.json index fbf0d4c0752..c141c89d5de 100644 --- a/2023/39xxx/CVE-2023-39655.json +++ b/2023/39xxx/CVE-2023-39655.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39655", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39655", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/package/@perfood/couch-auth", + "refsource": "MISC", + "name": "https://www.npmjs.com/package/@perfood/couch-auth" + }, + { + "refsource": "MISC", + "name": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-39655", + "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-39655" } ] } diff --git a/2023/47xxx/CVE-2023-47804.json b/2023/47xxx/CVE-2023-47804.json index 859f5b33586..d372b2e2cfd 100644 --- a/2023/47xxx/CVE-2023-47804.json +++ b/2023/47xxx/CVE-2023-47804.json @@ -73,6 +73,11 @@ "url": "https://www.openoffice.org/security/cves/CVE-2023-47804.html", "refsource": "MISC", "name": "https://www.openoffice.org/security/cves/CVE-2023-47804.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/03/3" } ] }, diff --git a/2023/4xxx/CVE-2023-4320.json b/2023/4xxx/CVE-2023-4320.json index c7a3a0eb639..712859bf229 100644 --- a/2023/4xxx/CVE-2023-4320.json +++ b/2023/4xxx/CVE-2023-4320.json @@ -99,14 +99,14 @@ "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", - "baseScore": 6, - "baseSeverity": "MEDIUM", + "baseScore": 7.6, + "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", + "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" } ] diff --git a/2023/4xxx/CVE-2023-4692.json b/2023/4xxx/CVE-2023-4692.json index 98ef19a8c2b..a0c4c59d290 100644 --- a/2023/4xxx/CVE-2023-4692.json +++ b/2023/4xxx/CVE-2023-4692.json @@ -164,15 +164,15 @@ { "attackComplexity": "HIGH", "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2023/51xxx/CVE-2023-51784.json b/2023/51xxx/CVE-2023-51784.json index 8f80b8f5db8..247c09a2c19 100644 --- a/2023/51xxx/CVE-2023-51784.json +++ b/2023/51xxx/CVE-2023-51784.json @@ -59,6 +59,11 @@ "url": "https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j", "refsource": "MISC", "name": "https://lists.apache.org/thread/4nxbyl6mh5jgh0plk0qposbxwn6w9h8j" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/03/1" } ] }, diff --git a/2023/51xxx/CVE-2023-51785.json b/2023/51xxx/CVE-2023-51785.json index fbbf3931584..47f5e11cdfa 100644 --- a/2023/51xxx/CVE-2023-51785.json +++ b/2023/51xxx/CVE-2023-51785.json @@ -59,6 +59,11 @@ "url": "https://lists.apache.org/thread/g0yjmtjqvp8bnf1j0tdsk0nhfozjdjno", "refsource": "MISC", "name": "https://lists.apache.org/thread/g0yjmtjqvp8bnf1j0tdsk0nhfozjdjno" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/03/2" } ] }, diff --git a/2023/7xxx/CVE-2023-7202.json b/2023/7xxx/CVE-2023-7202.json new file mode 100644 index 00000000000..039a2131cc4 --- /dev/null +++ b/2023/7xxx/CVE-2023-7202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-7202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file