From b75fbda0fc320015c4d2688de430b36cbc6d4381 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Dec 2023 15:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12614.json | 61 ++++++++++++++++++++++++++++++---- 2020/28xxx/CVE-2020-28369.json | 61 ++++++++++++++++++++++++++++++---- 2023/46xxx/CVE-2023-46454.json | 56 +++++++++++++++++++++++++++---- 2023/46xxx/CVE-2023-46455.json | 61 ++++++++++++++++++++++++++++++---- 2023/46xxx/CVE-2023-46456.json | 61 ++++++++++++++++++++++++++++++---- 2023/50xxx/CVE-2023-50495.json | 61 ++++++++++++++++++++++++++++++---- 2023/6xxx/CVE-2023-6593.json | 60 ++++++++++++++++++++++++++++++--- 2023/6xxx/CVE-2023-6730.json | 18 ++++++++++ 2023/6xxx/CVE-2023-6731.json | 18 ++++++++++ 2023/6xxx/CVE-2023-6732.json | 18 ++++++++++ 10 files changed, 435 insertions(+), 40 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6730.json create mode 100644 2023/6xxx/CVE-2023-6731.json create mode 100644 2023/6xxx/CVE-2023-6732.json diff --git a/2020/12xxx/CVE-2020-12614.json b/2020/12xxx/CVE-2020-12614.json index d8396869221..6d70b855cca 100644 --- a/2020/12xxx/CVE-2020-12614.json +++ b/2020/12xxx/CVE-2020-12614.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12614", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12614", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1", + "refsource": "MISC", + "name": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1" + }, + { + "refsource": "MISC", + "name": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10", + "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10" } ] } diff --git a/2020/28xxx/CVE-2020-28369.json b/2020/28xxx/CVE-2020-28369.json index 2ee219aefe9..c4f134c5895 100644 --- a/2020/28xxx/CVE-2020-28369.json +++ b/2020/28xxx/CVE-2020-28369.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28369", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28369", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.beyondtrust.com/privilege-management/windows-mac", + "refsource": "MISC", + "name": "https://www.beyondtrust.com/privilege-management/windows-mac" + }, + { + "refsource": "MISC", + "name": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08", + "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08" } ] } diff --git a/2023/46xxx/CVE-2023-46454.json b/2023/46xxx/CVE-2023-46454.json index 7c1d30f2198..ca4db02a133 100644 --- a/2023/46xxx/CVE-2023-46454.json +++ b/2023/46xxx/CVE-2023-46454.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46454", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46454", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/", + "url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/" } ] } diff --git a/2023/46xxx/CVE-2023-46455.json b/2023/46xxx/CVE-2023-46455.json index d7a63641d9d..ffdcc48c4ae 100644 --- a/2023/46xxx/CVE-2023-46455.json +++ b/2023/46xxx/CVE-2023-46455.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46455", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46455", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gl-inet.com/", + "refsource": "MISC", + "name": "https://www.gl-inet.com/" + }, + { + "refsource": "MISC", + "name": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/", + "url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/" } ] } diff --git a/2023/46xxx/CVE-2023-46456.json b/2023/46xxx/CVE-2023-46456.json index 62d8ae3adc1..36e2a7bb6ee 100644 --- a/2023/46xxx/CVE-2023-46456.json +++ b/2023/46xxx/CVE-2023-46456.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46456", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46456", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gl-inet.com/", + "refsource": "MISC", + "name": "https://www.gl-inet.com/" + }, + { + "refsource": "MISC", + "name": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/", + "url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/" } ] } diff --git a/2023/50xxx/CVE-2023-50495.json b/2023/50xxx/CVE-2023-50495.json index ca383210ce0..48fa7107339 100644 --- a/2023/50xxx/CVE-2023-50495.json +++ b/2023/50xxx/CVE-2023-50495.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50495", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50495", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html" + }, + { + "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html" } ] } diff --git a/2023/6xxx/CVE-2023-6593.json b/2023/6xxx/CVE-2023-6593.json index 147e204c80f..a72bb384bda 100644 --- a/2023/6xxx/CVE-2023-6593.json +++ b/2023/6xxx/CVE-2023-6593.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\nClient side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.\n\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2023.3.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2023-0023/", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2023-0023/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6730.json b/2023/6xxx/CVE-2023-6730.json new file mode 100644 index 00000000000..ee7e358857d --- /dev/null +++ b/2023/6xxx/CVE-2023-6730.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6730", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6731.json b/2023/6xxx/CVE-2023-6731.json new file mode 100644 index 00000000000..974f307658f --- /dev/null +++ b/2023/6xxx/CVE-2023-6731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6732.json b/2023/6xxx/CVE-2023-6732.json new file mode 100644 index 00000000000..6a0eaca25bf --- /dev/null +++ b/2023/6xxx/CVE-2023-6732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file