From b433d0a22bd100b9ee054ba8acfe55219c7f0232 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 9 Aug 2023 09:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/11xxx/CVE-2018-11206.json | 5 ++ 2018/17xxx/CVE-2018-17233.json | 5 ++ 2018/17xxx/CVE-2018-17234.json | 5 ++ 2018/17xxx/CVE-2018-17237.json | 5 ++ 2018/17xxx/CVE-2018-17434.json | 5 ++ 2018/17xxx/CVE-2018-17437.json | 5 ++ 2023/22xxx/CVE-2023-22378.json | 123 +++++++++++++++++++++++++++++++-- 2023/22xxx/CVE-2023-22843.json | 123 +++++++++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23574.json | 123 +++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24471.json | 123 +++++++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38211.json | 103 +++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38212.json | 103 +++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38213.json | 103 +++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3632.json | 89 ++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4269.json | 18 +++++ 15 files changed, 906 insertions(+), 32 deletions(-) create mode 100644 2023/4xxx/CVE-2023-4269.json diff --git a/2018/11xxx/CVE-2018-11206.json b/2018/11xxx/CVE-2018-11206.json index 87a6db9a256..bd7d636e771 100644 --- a/2018/11xxx/CVE-2018-11206.json +++ b/2018/11xxx/CVE-2018-11206.json @@ -61,6 +61,11 @@ "name": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5", "refsource": "MISC", "url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230809 [SECURITY] [DLA 3522-1] hdf5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html" } ] } diff --git a/2018/17xxx/CVE-2018-17233.json b/2018/17xxx/CVE-2018-17233.json index d631b4b6b60..0869c05b85e 100644 --- a/2018/17xxx/CVE-2018-17233.json +++ b/2018/17xxx/CVE-2018-17233.json @@ -56,6 +56,11 @@ "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero", "refsource": "MISC", "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230809 [SECURITY] [DLA 3522-1] hdf5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html" } ] } diff --git a/2018/17xxx/CVE-2018-17234.json b/2018/17xxx/CVE-2018-17234.json index cf54075779f..88622d2538b 100644 --- a/2018/17xxx/CVE-2018-17234.json +++ b/2018/17xxx/CVE-2018-17234.json @@ -56,6 +56,11 @@ "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak", "refsource": "MISC", "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230809 [SECURITY] [DLA 3522-1] hdf5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html" } ] } diff --git a/2018/17xxx/CVE-2018-17237.json b/2018/17xxx/CVE-2018-17237.json index 67cc6eb3424..543a40defac 100644 --- a/2018/17xxx/CVE-2018-17237.json +++ b/2018/17xxx/CVE-2018-17237.json @@ -56,6 +56,11 @@ "name": "https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero", "refsource": "MISC", "url": "https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230809 [SECURITY] [DLA 3522-1] hdf5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html" } ] } diff --git a/2018/17xxx/CVE-2018-17434.json b/2018/17xxx/CVE-2018-17434.json index 6754a8a30da..1e9c753b143 100644 --- a/2018/17xxx/CVE-2018-17434.json +++ b/2018/17xxx/CVE-2018-17434.json @@ -56,6 +56,11 @@ "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters", "refsource": "MISC", "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230809 [SECURITY] [DLA 3522-1] hdf5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html" } ] } diff --git a/2018/17xxx/CVE-2018-17437.json b/2018/17xxx/CVE-2018-17437.json index 135ad90d98f..5e9db101474 100644 --- a/2018/17xxx/CVE-2018-17437.json +++ b/2018/17xxx/CVE-2018-17437.json @@ -56,6 +56,11 @@ "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper", "refsource": "MISC", "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230809 [SECURITY] [DLA 3522-1] hdf5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html" } ] } diff --git a/2023/22xxx/CVE-2023-22378.json b/2023/22xxx/CVE-2023-22378.json index 65adf06c7be..68e64312e2d 100644 --- a/2023/22xxx/CVE-2023-22378.json +++ b/2023/22xxx/CVE-2023-22378.json @@ -1,17 +1,132 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nozomi Networks", + "product": { + "product_data": [ + { + "product_name": "Guardian", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + }, + { + "product_name": "CMC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.nozominetworks.com/NN-2023:2-01", + "refsource": "MISC", + "name": "https://security.nozominetworks.com/NN-2023:2-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Use internal firewall features to limit access to the web management interface.

" + } + ], + "value": "Use internal firewall features to limit access to the web management interface.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Upgrade to v22.6.2 or later.

" + } + ], + "value": "Upgrade to v22.6.2 or later.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/22xxx/CVE-2023-22843.json b/2023/22xxx/CVE-2023-22843.json index fcaeaef73a7..4795a370aba 100644 --- a/2023/22xxx/CVE-2023-22843.json +++ b/2023/22xxx/CVE-2023-22843.json @@ -1,17 +1,132 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.\nAn attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.\nThe injected code will be executed in the context of the authenticated victim's session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nozomi Networks", + "product": { + "product_data": [ + { + "product_name": "Guardian", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + }, + { + "product_name": "CMC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.nozominetworks.com/NN-2023:4-01", + "refsource": "MISC", + "name": "https://security.nozominetworks.com/NN-2023:4-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Use internal firewall features to limit access to the web management interface.

" + } + ], + "value": "Use internal firewall features to limit access to the web management interface.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Upgrade to v22.6.2 or later.

" + } + ], + "value": "Upgrade to v22.6.2 or later.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23574.json b/2023/23xxx/CVE-2023-23574.json index 0c12ec6d642..3a11a021b70 100644 --- a/2023/23xxx/CVE-2023-23574.json +++ b/2023/23xxx/CVE-2023-23574.json @@ -1,17 +1,132 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\n\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nozomi Networks", + "product": { + "product_data": [ + { + "product_name": "Guardian", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + }, + { + "product_name": "CMC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.nozominetworks.com/NN-2023:3-01", + "refsource": "MISC", + "name": "https://security.nozominetworks.com/NN-2023:3-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Use internal firewall features to limit access to the web management interface.

" + } + ], + "value": "Use internal firewall features to limit access to the web management interface.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Upgrade to v22.6.2 or later.

" + } + ], + "value": "Upgrade to v22.6.2 or later.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24471.json b/2023/24xxx/CVE-2023-24471.json index b9131a48da3..2a68d6dbae9 100644 --- a/2023/24xxx/CVE-2023-24471.json +++ b/2023/24xxx/CVE-2023-24471.json @@ -1,17 +1,132 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24471", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.\n\nAn authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nozomi Networks", + "product": { + "product_data": [ + { + "product_name": "Guardian", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + }, + { + "product_name": "CMC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "22.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.nozominetworks.com/NN-2023:5-01", + "refsource": "MISC", + "name": "https://security.nozominetworks.com/NN-2023:5-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Use internal firewall features to limit access to the web management interface.

" + } + ], + "value": "Use internal firewall features to limit access to the web management interface.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Upgrade to v22.6.2 or later.

" + } + ], + "value": "Upgrade to v22.6.2 or later.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38211.json b/2023/38xxx/CVE-2023-38211.json index 9c8d8ea7e8f..05aa6f7aac8 100644 --- a/2023/38xxx/CVE-2023-38211.json +++ b/2023/38xxx/CVE-2023-38211.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.4.9", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/dimension/apsb23-44.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/dimension/apsb23-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38212.json b/2023/38xxx/CVE-2023-38212.json index 35d85ed7662..ae8e2fd57b7 100644 --- a/2023/38xxx/CVE-2023-38212.json +++ b/2023/38xxx/CVE-2023-38212.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.4.9", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/dimension/apsb23-44.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/dimension/apsb23-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38213.json b/2023/38xxx/CVE-2023-38213.json index 1671e578686..ce45d4e943b 100644 --- a/2023/38xxx/CVE-2023-38213.json +++ b/2023/38xxx/CVE-2023-38213.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Dimension", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.4.9", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/dimension/apsb23-44.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/dimension/apsb23-44.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.5, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "NONE", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 5.5, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3632.json b/2023/3xxx/CVE-2023-3632.json index dbc54e84d4c..8a422299c34 100644 --- a/2023/3xxx/CVE-2023-3632.json +++ b/2023/3xxx/CVE-2023-3632.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321 Use of Hard-coded Cryptographic Key", + "cweId": "CWE-321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sifir Bes Education and Informatics", + "product": { + "product_data": [ + { + "product_name": "Kunduz - Homework Helper App", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0446", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0446" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0446", + "defect": [ + "TR-23-0446" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Gokhan CICEK" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4269.json b/2023/4xxx/CVE-2023-4269.json new file mode 100644 index 00000000000..b942c15d5cc --- /dev/null +++ b/2023/4xxx/CVE-2023-4269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file