diff --git a/2023/21xxx/CVE-2023-21520.json b/2023/21xxx/CVE-2023-21520.json index 75147b9767e..b85daa78a7e 100644 --- a/2023/21xxx/CVE-2023-21520.json +++ b/2023/21xxx/CVE-2023-21520.json @@ -1,18 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@blackberry.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA PII Enumeration via Credential Recovery in the Self Service\u00a0(Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BlackBerry", + "product": { + "product_data": [ + { + "product_name": "AtHoc", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406", + "refsource": "MISC", + "name": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21522.json b/2023/21xxx/CVE-2023-21522.json index 0d944272fe4..8b062964952 100644 --- a/2023/21xxx/CVE-2023-21522.json +++ b/2023/21xxx/CVE-2023-21522.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of Blackberry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.\u00a0" + "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.\u00a0" } ] }, diff --git a/2023/21xxx/CVE-2023-21523.json b/2023/21xxx/CVE-2023-21523.json index bdc32f1acd3..0fc76acbc27 100644 --- a/2023/21xxx/CVE-2023-21523.json +++ b/2023/21xxx/CVE-2023-21523.json @@ -1,18 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@blackberry.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.\n\n\n\n\n\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BlackBerry", + "product": { + "product_data": [ + { + "product_name": "AtHoc", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406", + "refsource": "MISC", + "name": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39201.json b/2023/39xxx/CVE-2023-39201.json index dec02fbc07c..7536a451e50 100644 --- a/2023/39xxx/CVE-2023-39201.json +++ b/2023/39xxx/CVE-2023-39201.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426 Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "CleanZoom", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before file date 07/24/2023" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39208.json b/2023/39xxx/CVE-2023-39208.json index 77bcdfbb1e1..42424e351b7 100644 --- a/2023/39xxx/CVE-2023-39208.json +++ b/2023/39xxx/CVE-2023-39208.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Desktop Client for Linux", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 5.15.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39215.json b/2023/39xxx/CVE-2023-39215.json index 81e7f2e0c1f..616d1168a78 100644 --- a/2023/39xxx/CVE-2023-39215.json +++ b/2023/39xxx/CVE-2023-39215.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39215", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Clients", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": " see reference" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "refsource": "MISC", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3710.json b/2023/3xxx/CVE-2023-3710.json index 366c9a8158b..d7fe73d1830 100644 --- a/2023/3xxx/CVE-2023-3710.json +++ b/2023/3xxx/CVE-2023-3710.json @@ -1,17 +1,201 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@honeywell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Honeywell", + "product": { + "product_data": [ + { + "product_name": "PM23/43", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "P10.19.050004" + } + ] + } + }, + { + "product_name": "PM42", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "T10.19.050004" + } + ] + } + }, + { + "product_name": "PX4ie/6ie", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "A10.19.050004" + } + ] + } + }, + { + "product_name": "PX45/65", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "B10.19.050004" + } + ] + } + }, + { + "product_name": "PD45, PX240", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "F10.19.050004" + } + ] + } + }, + { + "product_name": "PX940", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "H10.19.050004" + } + ] + } + }, + { + "product_name": "PM45", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "J10.19.050004" + } + ] + } + }, + { + "product_name": "RP2f/RP4f", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "M10.19.050006" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Honeywell ", + "product": { + "product_data": [ + { + "product_name": "PC23/43, PD43", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "K10.19.050004" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.honeywell.com/us/en/product-security", + "refsource": "MISC", + "name": "https://www.honeywell.com/us/en/product-security" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", + "refsource": "MISC", + "name": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", + "refsource": "MISC", + "name": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3711.json b/2023/3xxx/CVE-2023-3711.json index ede1ccfd93e..9c2aec96569 100644 --- a/2023/3xxx/CVE-2023-3711.json +++ b/2023/3xxx/CVE-2023-3711.json @@ -1,17 +1,201 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@honeywell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-384 Session Fixation", + "cweId": "CWE-384" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Honeywell", + "product": { + "product_data": [ + { + "product_name": "PM23/43", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "P10.19.050004" + } + ] + } + }, + { + "product_name": "PM42", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "T10.19.050004" + } + ] + } + }, + { + "product_name": "PX4ie/6ie", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "A10.19.050004" + } + ] + } + }, + { + "product_name": "PX45/65", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "B10.19.050004" + } + ] + } + }, + { + "product_name": "PD45, PX240", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "F10.19.050004" + } + ] + } + }, + { + "product_name": "PX940", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "H10.19.050004" + } + ] + } + }, + { + "product_name": "PM45", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "J10.19.050004" + } + ] + } + }, + { + "product_name": "RP2f/RP4f", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "M10.19.050006" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Honeywell ", + "product": { + "product_data": [ + { + "product_name": "PC23/43, PD43", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "K10.19.050004" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.honeywell.com/us/en/product-security", + "refsource": "MISC", + "name": "https://www.honeywell.com/us/en/product-security" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", + "refsource": "MISC", + "name": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", + "refsource": "MISC", + "name": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3712.json b/2023/3xxx/CVE-2023-3712.json index bb2c6e00432..25d99f5aea7 100644 --- a/2023/3xxx/CVE-2023-3712.json +++ b/2023/3xxx/CVE-2023-3712.json @@ -1,17 +1,201 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@honeywell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 Files or Directories Accessible to External Parties", + "cweId": "CWE-552" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Honeywell", + "product": { + "product_data": [ + { + "product_name": "PM23/43", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "P10.19.050004" + } + ] + } + }, + { + "product_name": "PM42", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "T10.19.050004" + } + ] + } + }, + { + "product_name": "PX4ie/6ie", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "A10.19.050004" + } + ] + } + }, + { + "product_name": "PX45/65", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "B10.19.050004" + } + ] + } + }, + { + "product_name": "PD45, PX240", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "F10.19.050004" + } + ] + } + }, + { + "product_name": "PX940", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "H10.19.050004" + } + ] + } + }, + { + "product_name": "PM45", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "J10.19.050004" + } + ] + } + }, + { + "product_name": "RP2f/RP4f", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "M10.19.050006" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Honeywell ", + "product": { + "product_data": [ + { + "product_name": "PC23/43, PD43", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "K10.19.050004" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.honeywell.com/us/en/product-security", + "refsource": "MISC", + "name": "https://www.honeywell.com/us/en/product-security" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", + "refsource": "MISC", + "name": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", + "refsource": "MISC", + "name": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41331.json b/2023/41xxx/CVE-2023-41331.json index 82d1bcbbf01..70af3791996 100644 --- a/2023/41xxx/CVE-2023-41331.json +++ b/2023/41xxx/CVE-2023-41331.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully\ncrafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + "cweId": "CWE-917" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sofastack", + "product": { + "product_data": [ + { + "product_name": "sofa-rpc", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 5.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-chv2-7hxj-2j86", + "refsource": "MISC", + "name": "https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-chv2-7hxj-2j86" + }, + { + "url": "https://github.com/sofastack/sofa-rpc/releases/tag/v5.11.0", + "refsource": "MISC", + "name": "https://github.com/sofastack/sofa-rpc/releases/tag/v5.11.0" + } + ] + }, + "source": { + "advisory": "GHSA-chv2-7hxj-2j86", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42470.json b/2023/42xxx/CVE-2023-42470.json index 8a4c96fb823..a28c389e452 100644 --- a/2023/42xxx/CVE-2023-42470.json +++ b/2023/42xxx/CVE-2023-42470.json @@ -61,6 +61,11 @@ "url": "https://github.com/actuator/imou/blob/main/poc.apk", "refsource": "MISC", "name": "https://github.com/actuator/imou/blob/main/poc.apk" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/CVE-2023-42470", + "url": "https://github.com/actuator/cve/blob/main/CVE-2023-42470" } ] } diff --git a/2023/42xxx/CVE-2023-42663.json b/2023/42xxx/CVE-2023-42663.json new file mode 100644 index 00000000000..38a3aa31137 --- /dev/null +++ b/2023/42xxx/CVE-2023-42663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-42663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4918.json b/2023/4xxx/CVE-2023-4918.json index bbd9410afc0..11f1e1d75c2 100644 --- a/2023/4xxx/CVE-2023-4918.json +++ b/2023/4xxx/CVE-2023-4918.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the \"password\" and \"password-confirm\" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Plaintext Storage of a Password", + "cweId": "CWE-256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "22.0.3", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Single Sign-On 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4918", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4918" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238588", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2238588" + }, + { + "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5q66-v53q-pm35", + "refsource": "MISC", + "name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5q66-v53q-pm35" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Upstream acknowledges Niko K\u00f6bler as the original reporter." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4921.json b/2023/4xxx/CVE-2023-4921.json new file mode 100644 index 00000000000..dd652a637dd --- /dev/null +++ b/2023/4xxx/CVE-2023-4921.json @@ -0,0 +1,100 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-4921", + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.8", + "version_value": "6.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8" + }, + { + "url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8", + "refsource": "MISC", + "name": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "valis" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4922.json b/2023/4xxx/CVE-2023-4922.json new file mode 100644 index 00000000000..ba2e49e27bc --- /dev/null +++ b/2023/4xxx/CVE-2023-4922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file