From b35a1629406cecfc83dd02742afd2fa548054de6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Oct 2023 22:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/20xxx/CVE-2023-20900.json | 5 ++ 2023/38xxx/CVE-2023-38039.json | 5 ++ 2023/3xxx/CVE-2023-3341.json | 5 ++ 2023/4xxx/CVE-2023-4236.json | 5 ++ 2023/4xxx/CVE-2023-4257.json | 88 ++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4802.json | 6 +-- 2023/4xxx/CVE-2023-4803.json | 6 +-- 2023/4xxx/CVE-2023-4828.json | 14 +++--- 2023/4xxx/CVE-2023-4911.json | 5 ++ 9 files changed, 122 insertions(+), 17 deletions(-) diff --git a/2023/20xxx/CVE-2023-20900.json b/2023/20xxx/CVE-2023-20900.json index 680eb3524ad..c29f7688fd5 100644 --- a/2023/20xxx/CVE-2023-20900.json +++ b/2023/20xxx/CVE-2023-20900.json @@ -118,6 +118,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231013-0002/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231013-0002/" } ] }, diff --git a/2023/38xxx/CVE-2023-38039.json b/2023/38xxx/CVE-2023-38039.json index 465717d8a05..6e456aa01bf 100644 --- a/2023/38xxx/CVE-2023-38039.json +++ b/2023/38xxx/CVE-2023-38039.json @@ -92,6 +92,11 @@ "url": "https://security.gentoo.org/glsa/202310-12", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202310-12" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231013-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231013-0005/" } ] } diff --git a/2023/3xxx/CVE-2023-3341.json b/2023/3xxx/CVE-2023-3341.json index 4b5b1bec077..2355c47e055 100644 --- a/2023/3xxx/CVE-2023-3341.json +++ b/2023/3xxx/CVE-2023-3341.json @@ -98,6 +98,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231013-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231013-0003/" } ] }, diff --git a/2023/4xxx/CVE-2023-4236.json b/2023/4xxx/CVE-2023-4236.json index af3632d64c8..35742d1342d 100644 --- a/2023/4xxx/CVE-2023-4236.json +++ b/2023/4xxx/CVE-2023-4236.json @@ -83,6 +83,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231013-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231013-0004/" } ] }, diff --git a/2023/4xxx/CVE-2023-4257.json b/2023/4xxx/CVE-2023-4257.json index e949870be2d..19fd45507de 100644 --- a/2023/4xxx/CVE-2023-4257.json +++ b/2023/4xxx/CVE-2023-4257.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-131 Incorrect Calculation of Buffer Size", + "cweId": "CWE-131" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zephyrproject-rtos", + "product": { + "product_data": [ + { + "product_name": "Zephyr", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j", + "refsource": "MISC", + "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4802.json b/2023/4xxx/CVE-2023-4802.json index c6d1ed8e3ed..fcbbf5f613a 100644 --- a/2023/4xxx/CVE-2023-4802.json +++ b/2023/4xxx/CVE-2023-4802.json @@ -88,15 +88,15 @@ { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.9, + "availabilityImpact": "NONE", + "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } ] diff --git a/2023/4xxx/CVE-2023-4803.json b/2023/4xxx/CVE-2023-4803.json index 345d9e5df8c..55d51b98e8b 100644 --- a/2023/4xxx/CVE-2023-4803.json +++ b/2023/4xxx/CVE-2023-4803.json @@ -88,15 +88,15 @@ { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.9, + "availabilityImpact": "NONE", + "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } ] diff --git a/2023/4xxx/CVE-2023-4828.json b/2023/4xxx/CVE-2023-4828.json index 853db7f566c..1014b0d738a 100644 --- a/2023/4xxx/CVE-2023-4828.json +++ b/2023/4xxx/CVE-2023-4828.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the configuration of any already-registered agent so that all future agent communications are sent to an attacker-chosen URL. An attacker must first successfully obtain valid agent credentials and target agent hostname. All versions prior to 7.14.3.69 are affected." + "value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected." } ] }, @@ -86,17 +86,17 @@ "impact": { "cvss": [ { - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" } ] diff --git a/2023/4xxx/CVE-2023-4911.json b/2023/4xxx/CVE-2023-4911.json index 777590daff6..9c4c5e31578 100644 --- a/2023/4xxx/CVE-2023-4911.json +++ b/2023/4xxx/CVE-2023-4911.json @@ -337,6 +337,11 @@ "url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html", "refsource": "MISC", "name": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231013-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231013-0006/" } ] },