From ba4119898fb39c3d8318b052c7a1570b5b2d3237 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Feb 2023 20:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/32xxx/CVE-2022-32212.json | 55 +++----------------------- 2022/32xxx/CVE-2022-32222.json | 18 ++------- 2022/3xxx/CVE-2022-3219.json | 70 ++++++++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46786.json | 61 ++++++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4492.json | 55 ++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0044.json | 55 ++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0597.json | 50 ++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0992.json | 18 +++++++++ 2023/0xxx/CVE-2023-0993.json | 18 +++++++++ 2023/20xxx/CVE-2023-20011.json | 4 +- 2023/20xxx/CVE-2023-20012.json | 4 +- 2023/20xxx/CVE-2023-20015.json | 4 +- 2023/20xxx/CVE-2023-20016.json | 4 +- 2023/20xxx/CVE-2023-20050.json | 4 +- 2023/20xxx/CVE-2023-20089.json | 4 +- 2023/23xxx/CVE-2023-23914.json | 50 ++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23915.json | 50 ++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23916.json | 50 ++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23917.json | 50 ++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23918.json | 50 ++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23919.json | 55 ++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23920.json | 50 ++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24317.json | 66 +++++++++++++++++++++++++++++--- 2023/26xxx/CVE-2023-26325.json | 50 ++++++++++++++++++++++-- 2023/26xxx/CVE-2023-26326.json | 50 ++++++++++++++++++++++-- 25 files changed, 818 insertions(+), 127 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0992.json create mode 100644 2023/0xxx/CVE-2023-0993.json diff --git a/2022/32xxx/CVE-2022-32212.json b/2022/32xxx/CVE-2022-32212.json index 17648b1a39e..b96aa531bf4 100644 --- a/2022/32xxx/CVE-2022-32212.json +++ b/2022/32xxx/CVE-2022-32212.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Fixed in 14.20.0+, 16.20.0+,18.5.0+" + "version_value": "Fixed in 14.20.1+, 16.17.1+,18.9.1+" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "OS Command Injection (CWE-78)" + "value": "Improper Access Control - Generic (CWE-284)" } ] } @@ -46,53 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884" - }, - { - "refsource": "MISC", - "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160" - }, - { - "refsource": "MISC", - "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", - "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220915-0001/", - "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" - }, - { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update", - "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-52dec6351a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-1667f7b60a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-de515f765f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/" - }, - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" - }, - { - "refsource": "DEBIAN", - "name": "DSA-5326", - "url": "https://www.debian.org/security/2023/dsa-5326" + "name": "https://hackerone.com/reports/1632921", + "url": "https://hackerone.com/reports/1632921" } ] }, @@ -100,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.16.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks." + "value": "A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks." } ] } diff --git a/2022/32xxx/CVE-2022-32222.json b/2022/32xxx/CVE-2022-32222.json index c772f7ed528..b5e97164d36 100644 --- a/2022/32xxx/CVE-2022-32222.json +++ b/2022/32xxx/CVE-2022-32222.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Vulnerable between v18.0.0 and 18.4.0. Fixed in v18.5.0." + "version_value": "Fixed in 18.9.1+" } ] } @@ -46,18 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", - "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220915-0001/", - "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" - }, - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" + "name": "https://hackerone.com/reports/1695596", + "url": "https://hackerone.com/reports/1695596" } ] }, @@ -65,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.4.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3." + "value": "A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3." } ] } diff --git a/2022/3xxx/CVE-2022-3219.json b/2022/3xxx/CVE-2022-3219.json index b14c9367afc..1efaf562359 100644 --- a/2022/3xxx/CVE-2022-3219.json +++ b/2022/3xxx/CVE-2022-3219.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gnupg", + "version": { + "version_data": [ + { + "version_value": "gnupg2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://dev.gnupg.org/D556", + "url": "https://dev.gnupg.org/D556" + }, + { + "refsource": "MISC", + "name": "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "url": "https://marc.info/?l=oss-security&m=165696590211434&w=4" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-3219", + "url": "https://access.redhat.com/security/cve/CVE-2022-3219" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010" + }, + { + "refsource": "MISC", + "name": "https://dev.gnupg.org/T5993", + "url": "https://dev.gnupg.org/T5993" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB." } ] } diff --git a/2022/46xxx/CVE-2022-46786.json b/2022/46xxx/CVE-2022-46786.json index 0dfe2b05c2b..0161bf376f6 100644 --- a/2022/46xxx/CVE-2022-46786.json +++ b/2022/46xxx/CVE-2022-46786.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46786", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46786", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.squaredup.com", + "refsource": "MISC", + "name": "https://support.squaredup.com" + }, + { + "refsource": "MISC", + "name": "https://scomsupport.squaredup.com/hc/en-us/articles/9476419759005-CVE-2022-46786-Stored-Cross-Site-Scripting", + "url": "https://scomsupport.squaredup.com/hc/en-us/articles/9476419759005-CVE-2022-46786-Stored-Cross-Site-Scripting" } ] } diff --git a/2022/4xxx/CVE-2022-4492.json b/2022/4xxx/CVE-2022-4492.json index acc1617e9cb..d49b2dbe995 100644 --- a/2022/4xxx/CVE-2022-4492.json +++ b/2022/4xxx/CVE-2022-4492.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "ssrf" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-4492", + "url": "https://access.redhat.com/security/cve/CVE-2022-4492" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol." } ] } diff --git a/2023/0xxx/CVE-2023-0044.json b/2023/0xxx/CVE-2023-0044.json index cc09d120592..c5329ec2d98 100644 --- a/2023/0xxx/CVE-2023-0044.json +++ b/2023/0xxx/CVE-2023-0044.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "quarkus-vertx-http", + "version": { + "version_data": [ + { + "version_value": "1.11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-0044", + "url": "https://access.redhat.com/security/cve/CVE-2023-0044" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2158081", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158081" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature." } ] } diff --git a/2023/0xxx/CVE-2023-0597.json b/2023/0xxx/CVE-2023-0597.json index 43c825cae39..c51e688f665 100644 --- a/2023/0xxx/CVE-2023-0597.json +++ b/2023/0xxx/CVE-2023-0597.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 6.2-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80", + "url": "https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory." } ] } diff --git a/2023/0xxx/CVE-2023-0992.json b/2023/0xxx/CVE-2023-0992.json new file mode 100644 index 00000000000..b6534469688 --- /dev/null +++ b/2023/0xxx/CVE-2023-0992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0993.json b/2023/0xxx/CVE-2023-0993.json new file mode 100644 index 00000000000..80d53b8f7b3 --- /dev/null +++ b/2023/0xxx/CVE-2023-0993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20011.json b/2023/20xxx/CVE-2023-20011.json index 30ac8375f8b..e1422b02ed5 100644 --- a/2023/20xxx/CVE-2023-20011.json +++ b/2023/20xxx/CVE-2023-20011.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.\r " + "value": "A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20012.json b/2023/20xxx/CVE-2023-20012.json index 505d35a1199..ba8cf22c5a0 100644 --- a/2023/20xxx/CVE-2023-20012.json +++ b/2023/20xxx/CVE-2023-20012.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication.\r This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.\r " + "value": "A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20015.json b/2023/20xxx/CVE-2023-20015.json index 1f101163ddb..3a20c1c0278 100644 --- a/2023/20xxx/CVE-2023-20015.json +++ b/2023/20xxx/CVE-2023-20015.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands.\r This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.\r " + "value": "A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20016.json b/2023/20xxx/CVE-2023-20016.json index fc9873829b2..f4f779b3b0a 100644 --- a/2023/20xxx/CVE-2023-20016.json +++ b/2023/20xxx/CVE-2023-20016.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files.\r This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.\r " + "value": "A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20050.json b/2023/20xxx/CVE-2023-20050.json index 071a2e206d8..f7c191b2ed0 100644 --- a/2023/20xxx/CVE-2023-20050.json +++ b/2023/20xxx/CVE-2023-20050.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.\r This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.\r " + "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user." } ] }, @@ -87,4 +87,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20089.json b/2023/20xxx/CVE-2023-20089.json index f6476ab1cce..7aeefc8ae8b 100644 --- a/2023/20xxx/CVE-2023-20089.json +++ b/2023/20xxx/CVE-2023-20089.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device.\r This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads.\r Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.\r " + "value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23914.json b/2023/23xxx/CVE-2023-23914.json index 386200df2b5..db24decc3db 100644 --- a/2023/23xxx/CVE-2023-23914.json +++ b/2023/23xxx/CVE-2023-23914.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23914", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/curl/curl", + "version": { + "version_data": [ + { + "version_value": "Fixed in 7.88.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Transmission of Sensitive Information (CWE-319)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1813864", + "url": "https://hackerone.com/reports/1813864" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext transmission of sensitive information vulnerability exists in curl 5.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1631258", + "url": "https://hackerone.com/reports/1631258" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well." } ] } diff --git a/2023/23xxx/CVE-2023-23918.json b/2023/23xxx/CVE-2023-23918.json index 16be725318f..274900ad657 100644 --- a/2023/23xxx/CVE-2023-23918.json +++ b/2023/23xxx/CVE-2023-23918.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 19.6.1, 18.14.1, 16.19.1, 14.21.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy." } ] } diff --git a/2023/23xxx/CVE-2023-23919.json b/2023/23xxx/CVE-2023-23919.json index f02ea4af251..96d8372f8ba 100644 --- a/2023/23xxx/CVE-2023-23919.json +++ b/2023/23xxx/CVE-2023-23919.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 19.2.0, 18.14.1, 16.19.1, 14.21.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues - Generic (CWE-310)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1808596", + "url": "https://hackerone.com/reports/1808596" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service." } ] } diff --git a/2023/23xxx/CVE-2023-23920.json b/2023/23xxx/CVE-2023-23920.json index ef69a0504f6..d5838e57fc5 100644 --- a/2023/23xxx/CVE-2023-23920.json +++ b/2023/23xxx/CVE-2023-23920.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 19.6.1, 18.14.1, 16.19.1, 14.21.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Search Path (CWE-426)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges." } ] } diff --git a/2023/24xxx/CVE-2023-24317.json b/2023/24xxx/CVE-2023-24317.json index 6aa18ef739d..de8b5604b60 100644 --- a/2023/24xxx/CVE-2023-24317.json +++ b/2023/24xxx/CVE-2023-24317.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24317", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24317", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sourcecodester.com", + "refsource": "MISC", + "name": "http://sourcecodester.com" + }, + { + "url": "http://judging.com", + "refsource": "MISC", + "name": "http://judging.com" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/170205/Judging-Management-System-1.0-Shell-Upload.html", + "url": "https://packetstormsecurity.com/files/170205/Judging-Management-System-1.0-Shell-Upload.html" } ] } diff --git a/2023/26xxx/CVE-2023-26325.json b/2023/26xxx/CVE-2023-26325.json index 97fb7ea3c62..475432493cd 100644 --- a/2023/26xxx/CVE-2023-26325.json +++ b/2023/26xxx/CVE-2023-26325.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26325", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ReviewX WordPress Plugin", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.6.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2023-2", + "url": "https://www.tenable.com/security/research/tra-2023-2" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The 'rx_export_review' action in the ReviewX WordPress Plugin version < 1.6.4, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters." } ] } diff --git a/2023/26xxx/CVE-2023-26326.json b/2023/26xxx/CVE-2023-26326.json index 95a22776ec3..02d9dc58ad0 100644 --- a/2023/26xxx/CVE-2023-26326.json +++ b/2023/26xxx/CVE-2023-26326.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26326", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BuddyForms WordPress Plugin", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 2.7.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2023-7", + "url": "https://www.tenable.com/security/research/tra-2023-7" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present." } ] }