From b82246cc98ebffb06c7420ad1be0d0802ead9546 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Feb 2024 06:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/29xxx/CVE-2021-29633.json | 8 +- 2021/29xxx/CVE-2021-29634.json | 8 +- 2021/29xxx/CVE-2021-29635.json | 8 +- 2021/29xxx/CVE-2021-29636.json | 8 +- 2021/29xxx/CVE-2021-29637.json | 8 +- 2021/29xxx/CVE-2021-29638.json | 8 +- 2021/29xxx/CVE-2021-29639.json | 8 +- 2021/29xxx/CVE-2021-29640.json | 8 +- 2022/23xxx/CVE-2022-23087.json | 82 +++++++++++++- 2022/23xxx/CVE-2022-23088.json | 82 +++++++++++++- 2022/23xxx/CVE-2022-23089.json | 78 +++++++++++++- 2022/23xxx/CVE-2022-23090.json | 78 +++++++++++++- 2022/23xxx/CVE-2022-23091.json | 78 +++++++++++++- 2022/23xxx/CVE-2022-23092.json | 73 ++++++++++++- 2022/23xxx/CVE-2022-23093.json | 78 +++++++++++++- 2023/46xxx/CVE-2023-46595.json | 12 +-- 2023/47xxx/CVE-2023-47218.json | 5 + 2023/4xxx/CVE-2023-4625.json | 189 ++++++++++++++++++++++++++++++++- 2023/50xxx/CVE-2023-50358.json | 10 ++ 2023/50xxx/CVE-2023-50782.json | 2 +- 2023/51xxx/CVE-2023-51787.json | 56 ++++++++-- 2024/1xxx/CVE-2024-1485.json | 2 +- 2024/1xxx/CVE-2024-1488.json | 163 +++++++++++++++++++++++++++- 23 files changed, 966 insertions(+), 86 deletions(-) diff --git a/2021/29xxx/CVE-2021-29633.json b/2021/29xxx/CVE-2021-29633.json index e31b749cce5..773cbba8349 100644 --- a/2021/29xxx/CVE-2021-29633.json +++ b/2021/29xxx/CVE-2021-29633.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2021/29xxx/CVE-2021-29634.json b/2021/29xxx/CVE-2021-29634.json index 99eb3567090..05386138c20 100644 --- a/2021/29xxx/CVE-2021-29634.json +++ b/2021/29xxx/CVE-2021-29634.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2021/29xxx/CVE-2021-29635.json b/2021/29xxx/CVE-2021-29635.json index 0e2e200d909..9cb22f26f9d 100644 --- a/2021/29xxx/CVE-2021-29635.json +++ b/2021/29xxx/CVE-2021-29635.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2021/29xxx/CVE-2021-29636.json b/2021/29xxx/CVE-2021-29636.json index 0d59678f744..4c0a1e661d2 100644 --- a/2021/29xxx/CVE-2021-29636.json +++ b/2021/29xxx/CVE-2021-29636.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2021/29xxx/CVE-2021-29637.json b/2021/29xxx/CVE-2021-29637.json index 61a4dbb6c3d..1690631ef0d 100644 --- a/2021/29xxx/CVE-2021-29637.json +++ b/2021/29xxx/CVE-2021-29637.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2021/29xxx/CVE-2021-29638.json b/2021/29xxx/CVE-2021-29638.json index 29eb4475890..aacadfed103 100644 --- a/2021/29xxx/CVE-2021-29638.json +++ b/2021/29xxx/CVE-2021-29638.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2021/29xxx/CVE-2021-29639.json b/2021/29xxx/CVE-2021-29639.json index 03c1c781f51..dcd612fa071 100644 --- a/2021/29xxx/CVE-2021-29639.json +++ b/2021/29xxx/CVE-2021-29639.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2021/29xxx/CVE-2021-29640.json b/2021/29xxx/CVE-2021-29640.json index 9f45fa5a71c..eebafd0fcfb 100644 --- a/2021/29xxx/CVE-2021-29640.json +++ b/2021/29xxx/CVE-2021-29640.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021." } ] } diff --git a/2022/23xxx/CVE-2022-23087.json b/2022/23xxx/CVE-2022-23087.json index d66a51a7212..82e7a638eac 100644 --- a/2022/23xxx/CVE-2022-23087.json +++ b/2022/23xxx/CVE-2022-23087.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23087", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload (\"TSO\"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets.\n\nWhen checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types.\n\nA misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context.\n\nThe bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RC1", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p11" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:05.bhyve.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:05.bhyve.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Mehdi Talbi" + }, + { + "lang": "en", + "value": "Synacktiv" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23088.json b/2022/23xxx/CVE-2022-23088.json index b56878d9733..e45f7d94246 100644 --- a/2022/23xxx/CVE-2022-23088.json +++ b/2022/23xxx/CVE-2022-23088.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.\n\nWhile a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RC1", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p11" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "m00nbsd" + }, + { + "lang": "en", + "value": "Trend Micro Zero Day Initiative" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23089.json b/2022/23xxx/CVE-2022-23089.json index a615be455ed..6c35581a1d0 100644 --- a/2022/23xxx/CVE-2022-23089.json +++ b/2022/23xxx/CVE-2022-23089.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23089", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.\n\nAn out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RELEASE", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p12" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Josef 'Jeff' Sipek" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23090.json b/2022/23xxx/CVE-2022-23090.json index 23b586ed721..eb2c31e8ce9 100644 --- a/2022/23xxx/CVE-2022-23090.json +++ b/2022/23xxx/CVE-2022-23090.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.\n\nAn attacker may cause the reference count to overflow, leading to a use after free (UAF)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RELEASE", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p12" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Chris J-D " + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23091.json b/2022/23xxx/CVE-2022-23091.json index 2d6c7051317..91c58e3876a 100644 --- a/2022/23xxx/CVE-2022-23091.json +++ b/2022/23xxx/CVE-2022-23091.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RELEASE", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p12" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Mark Johnston" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23092.json b/2022/23xxx/CVE-2022-23092.json index f242b601ac5..e9a79f79769 100644 --- a/2022/23xxx/CVE-2022-23092.json +++ b/2022/23xxx/CVE-2022-23092.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.\n\nThe bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RELEASE", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Robert Morris" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23093.json b/2022/23xxx/CVE-2022-23093.json index 1ae9f61480e..b23a5e06697 100644 --- a/2022/23xxx/CVE-2022-23093.json +++ b/2022/23xxx/CVE-2022-23093.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to\u00a0reconstruct the IP header, the ICMP header and if present a \"quoted\u00a0packet,\" which represents the packet that generated an ICMP error. The\u00a0quoted packet again has an IP header and an ICMP header.\n\nThe pr_pack() copies received IP and ICMP headers into stack buffers\u00a0for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.\n\nThe memory safety bugs described above can be triggered by a remote\u00a0host, causing the ping program to crash.\n\nThe ping process runs in a capability mode sandbox on all affected\u00a0versions of FreeBSD and is thus very constrained in how it can interact\u00a0with the rest of the system at the point where the bug can occur." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RELEASE", + "version_value": "p5" + }, + { + "version_affected": "<", + "version_name": "12.4-RC2", + "version_value": "p2" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "NetApp, Inc." + } + ] } \ No newline at end of file diff --git a/2023/46xxx/CVE-2023-46595.json b/2023/46xxx/CVE-2023-46595.json index 314a04d7c4a..8789d211b4a 100644 --- a/2023/46xxx/CVE-2023-46595.json +++ b/2023/46xxx/CVE-2023-46595.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above),\u00a0\n\nA32.50 (b400 and above),\u00a0\n\nA32.60 (b220 and above)\n\n" + "value": "Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks.\n\n" } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "A32.20, A32.50, A32.60" + "version_value": "A32.20, A32.50" } ] } @@ -55,9 +55,9 @@ "references": { "reference_data": [ { - "url": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm", + "url": "https://cwe.mitre.org/data/definitions/79.html", "refsource": "MISC", - "name": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm" + "name": "https://cwe.mitre.org/data/definitions/79.html" } ] }, @@ -74,10 +74,10 @@ { "base64": false, "type": "text/html", - "value": "Upgrade ASMS suite to A32.20 (b570 or above), \n\nA32.50 (b400 and above), \n\nA32.60 (b220 and above)\n\n
https://portal.algosec.com/en/downloads/hotfix_releases
" + "value": "Upgrade ASMS suite to A32.20 (b570 or above),  A32.50 (b390 or above)
https://portal.algosec.com/en/downloads/hotfix_releases
" } ], - "value": "Upgrade ASMS suite to\u00a0A32.20 (b570 or above),\u00a0\n\nA32.50 (b400 and above), \n\nA32.60 (b220 and above)\n\n\n https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases \n" + "value": "Upgrade ASMS suite to\u00a0A32.20 (b570 or above),\u00a0 A32.50 (b390 or above)\n https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases \n" } ], "credits": [ diff --git a/2023/47xxx/CVE-2023-47218.json b/2023/47xxx/CVE-2023-47218.json index 1028b3d3fff..cbb726d86e6 100644 --- a/2023/47xxx/CVE-2023-47218.json +++ b/2023/47xxx/CVE-2023-47218.json @@ -114,6 +114,11 @@ "url": "https://www.qnap.com/en/security-advisory/qsa-23-57", "refsource": "MISC", "name": "https://www.qnap.com/en/security-advisory/qsa-23-57" + }, + { + "url": "https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/", + "refsource": "MISC", + "name": "https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/" } ] }, diff --git a/2023/4xxx/CVE-2023-4625.json b/2023/4xxx/CVE-2023-4625.json index ce4528218d9..07bb298ccbf 100644 --- a/2023/4xxx/CVE-2023-4625.json +++ b/2023/4xxx/CVE-2023-4625.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login." + "value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login." } ] }, @@ -823,6 +823,193 @@ } ] } + }, + { + "product_name": "MELSEC iQ-R Series R00CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 05 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R01CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 05 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R02CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 05 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R04CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R08CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R16CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R32CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R120CPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R04ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R08ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R16ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R32ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R120ENCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 35 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R08PCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 37 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R16PCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 37 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R32PCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 37 or later" + } + ] + } + }, + { + "product_name": "MELSEC iQ-R Series R120PCPU", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 37 or later" + } + ] + } } ] } diff --git a/2023/50xxx/CVE-2023-50358.json b/2023/50xxx/CVE-2023-50358.json index a894a4f401e..09ba18d28af 100644 --- a/2023/50xxx/CVE-2023-50358.json +++ b/2023/50xxx/CVE-2023-50358.json @@ -113,6 +113,16 @@ "url": "https://www.qnap.com/en/security-advisory/qsa-23-57", "refsource": "MISC", "name": "https://www.qnap.com/en/security-advisory/qsa-23-57" + }, + { + "url": "https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/", + "refsource": "MISC", + "name": "https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/" + }, + { + "url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032", + "refsource": "MISC", + "name": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032" } ] }, diff --git a/2023/50xxx/CVE-2023-50782.json b/2023/50xxx/CVE-2023-50782.json index 9d0fcf399d7..54d74948a12 100644 --- a/2023/50xxx/CVE-2023-50782.json +++ b/2023/50xxx/CVE-2023-50782.json @@ -191,7 +191,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } } ] diff --git a/2023/51xxx/CVE-2023-51787.json b/2023/51xxx/CVE-2023-51787.json index 9c4919e6c1f..66dadb45eb2 100644 --- a/2023/51xxx/CVE-2023-51787.json +++ b/2023/51xxx/CVE-2023-51787.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51787", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51787", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787", + "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787" } ] } diff --git a/2024/1xxx/CVE-2024-1485.json b/2024/1xxx/CVE-2024-1485.json index e1adda3b586..33eac85a7c5 100644 --- a/2024/1xxx/CVE-2024-1485.json +++ b/2024/1xxx/CVE-2024-1485.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope." + "value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope." } ] }, diff --git a/2024/1xxx/CVE-2024-1488.json b/2024/1xxx/CVE-2024-1488.json index babb716c134..93c6ecdb716 100644 --- a/2024/1xxx/CVE-2024-1488.json +++ b/2024/1xxx/CVE-2024-1488.json @@ -1,17 +1,172 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "External Control of System or Configuration Setting", + "cweId": "CWE-15" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "unbound", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "1.19.1-2.fc40", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-1488", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-1488" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "version": "3.1" } ] }