diff --git a/2023/26xxx/CVE-2023-26369.json b/2023/26xxx/CVE-2023-26369.json
index 8a1e69130dc..0b0945f9446 100644
--- a/2023/26xxx/CVE-2023-26369.json
+++ b/2023/26xxx/CVE-2023-26369.json
@@ -1,17 +1,112 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26369",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@adobe.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Out-of-bounds Write (CWE-787)",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Adobe",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Acrobat Reader",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "20.005.30514",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-34.html",
+ "refsource": "MISC",
+ "name": "https://helpx.adobe.com/security/products/acrobat/apsb23-34.html"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 7.8,
+ "environmentalSeverity": "HIGH",
+ "exploitCodeMaturity": "NOT_DEFINED",
+ "integrityImpact": "HIGH",
+ "integrityRequirement": "NOT_DEFINED",
+ "modifiedAttackComplexity": "LOW",
+ "modifiedAttackVector": "LOCAL",
+ "modifiedAvailabilityImpact": "HIGH",
+ "modifiedConfidentialityImpact": "HIGH",
+ "modifiedIntegrityImpact": "HIGH",
+ "modifiedPrivilegesRequired": "NONE",
+ "modifiedScope": "NOT_DEFINED",
+ "modifiedUserInteraction": "REQUIRED",
+ "privilegesRequired": "NONE",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "scope": "UNCHANGED",
+ "temporalScore": 7.8,
+ "temporalSeverity": "HIGH",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/29xxx/CVE-2023-29305.json b/2023/29xxx/CVE-2023-29305.json
index dba72ec2aea..b475b2c7bbf 100644
--- a/2023/29xxx/CVE-2023-29305.json
+++ b/2023/29xxx/CVE-2023-29305.json
@@ -1,17 +1,112 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29305",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@adobe.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Cross-site Scripting (Reflected XSS) (CWE-79)",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Adobe",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe Connect",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "12.3",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://helpx.adobe.com/security/products/connect/apsb23-33.html",
+ "refsource": "MISC",
+ "name": "https://helpx.adobe.com/security/products/connect/apsb23-33.html"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 6.1,
+ "environmentalSeverity": "MEDIUM",
+ "exploitCodeMaturity": "NOT_DEFINED",
+ "integrityImpact": "LOW",
+ "integrityRequirement": "NOT_DEFINED",
+ "modifiedAttackComplexity": "LOW",
+ "modifiedAttackVector": "NETWORK",
+ "modifiedAvailabilityImpact": "NONE",
+ "modifiedConfidentialityImpact": "LOW",
+ "modifiedIntegrityImpact": "LOW",
+ "modifiedPrivilegesRequired": "NONE",
+ "modifiedScope": "NOT_DEFINED",
+ "modifiedUserInteraction": "REQUIRED",
+ "privilegesRequired": "NONE",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "scope": "CHANGED",
+ "temporalScore": 6.1,
+ "temporalSeverity": "MEDIUM",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/29xxx/CVE-2023-29306.json b/2023/29xxx/CVE-2023-29306.json
index 2e39e6c85b7..793e0917a65 100644
--- a/2023/29xxx/CVE-2023-29306.json
+++ b/2023/29xxx/CVE-2023-29306.json
@@ -1,17 +1,112 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29306",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@adobe.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Cross-site Scripting (Reflected XSS) (CWE-79)",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Adobe",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe Connect",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "12.3",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://helpx.adobe.com/security/products/connect/apsb23-33.html",
+ "refsource": "MISC",
+ "name": "https://helpx.adobe.com/security/products/connect/apsb23-33.html"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "availabilityRequirement": "NOT_DEFINED",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "environmentalScore": 6.1,
+ "environmentalSeverity": "MEDIUM",
+ "exploitCodeMaturity": "NOT_DEFINED",
+ "integrityImpact": "LOW",
+ "integrityRequirement": "NOT_DEFINED",
+ "modifiedAttackComplexity": "LOW",
+ "modifiedAttackVector": "NETWORK",
+ "modifiedAvailabilityImpact": "NONE",
+ "modifiedConfidentialityImpact": "LOW",
+ "modifiedIntegrityImpact": "LOW",
+ "modifiedPrivilegesRequired": "NONE",
+ "modifiedScope": "NOT_DEFINED",
+ "modifiedUserInteraction": "REQUIRED",
+ "privilegesRequired": "NONE",
+ "remediationLevel": "NOT_DEFINED",
+ "reportConfidence": "NOT_DEFINED",
+ "scope": "CHANGED",
+ "temporalScore": 6.1,
+ "temporalSeverity": "MEDIUM",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42751.json b/2023/42xxx/CVE-2023-42751.json
new file mode 100644
index 00000000000..a36a4a93df5
--- /dev/null
+++ b/2023/42xxx/CVE-2023-42751.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-42751",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4039.json b/2023/4xxx/CVE-2023-4039.json
index d6ea0169887..92aba3f1efb 100644
--- a/2023/4xxx/CVE-2023-4039.json
+++ b/2023/4xxx/CVE-2023-4039.json
@@ -1,17 +1,150 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4039",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "arm-security@arm.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-693 Protection Mechanism Failure",
+ "cweId": "CWE-693"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Arm Ltd",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Arm GNU Toolchain",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "All versions where option -fstack-protector is used"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "GNU",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GCC",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All versions of GCC that target AArch64 when option -fstack-protector is used"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64",
+ "refsource": "MISC",
+ "name": "https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64"
+ },
+ {
+ "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf",
+ "refsource": "MISC",
+ "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\nThe specific conditions where the stack-protector fails to give the desired level of protection are when:\n\n\n\n - using GCC (all unpatched versions) targeting AArch64
\n - and when the -fstack-protector option is used
\n - and when the program uses C99-style dynamically-sized local variables or alloca()
\n
\nAnd to be exploitable there must also be a prior vulnerability in the\n program such that an attacker can cause a buffer overflow in these \nlocal variables that overwrites saved register values in the stack.
\n\n
"
+ }
+ ],
+ "value": "The specific conditions where the stack-protector fails to give the desired level of protection are when:\n\n\n\n * using GCC (all unpatched versions) targeting AArch64\n\n * and when the -fstack-protector option is used\n\n * and when the program uses C99-style dynamically-sized local variables or alloca()\n\n\n\n\nAnd to be exploitable there must also be a prior vulnerability in the\n program such that an attacker can cause a buffer overflow in these \nlocal variables that overwrites saved register values in the stack.\n\n\n\n\n"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\nRecompile vulnerable code using an updated toolchain.\n\n
"
+ }
+ ],
+ "value": "Recompile vulnerable code using an updated toolchain.\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Tom Hebb from Meta Red Team X and Maria Markstedter from Azeria Labs"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}