diff --git a/2022/38xxx/CVE-2022-38795.json b/2022/38xxx/CVE-2022-38795.json index 9f8f42d2516..c3f5182ffb6 100644 --- a/2022/38xxx/CVE-2022-38795.json +++ b/2022/38xxx/CVE-2022-38795.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-38795", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-38795", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Gitea through 1.17.1, repo cloning can occur in the migration function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/go-gitea/gitea/pull/20869", + "url": "https://github.com/go-gitea/gitea/pull/20869" + }, + { + "refsource": "MISC", + "name": "https://github.com/go-gitea/gitea/pull/20892", + "url": "https://github.com/go-gitea/gitea/pull/20892" + }, + { + "refsource": "MISC", + "name": "https://blog.gitea.com/release-of-1.17.2/", + "url": "https://blog.gitea.com/release-of-1.17.2/" } ] } diff --git a/2023/30xxx/CVE-2023-30146.json b/2023/30xxx/CVE-2023-30146.json index 460fadf66b5..b24b454c43b 100644 --- a/2023/30xxx/CVE-2023-30146.json +++ b/2023/30xxx/CVE-2023-30146.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials." + "value": "Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials." } ] }, diff --git a/2023/36xxx/CVE-2023-36220.json b/2023/36xxx/CVE-2023-36220.json index c96c5e23f08..9be7bc95a8a 100644 --- a/2023/36xxx/CVE-2023-36220.json +++ b/2023/36xxx/CVE-2023-36220.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36220", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36220", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://textpattern.com/", + "refsource": "MISC", + "name": "https://textpattern.com/" + }, + { + "url": "https://textpattern.com/file_download/118/textpattern-4.8.8.zip", + "refsource": "MISC", + "name": "https://textpattern.com/file_download/118/textpattern-4.8.8.zip" + }, + { + "url": "https://release-demo.textpattern.co/", + "refsource": "MISC", + "name": "https://release-demo.textpattern.co/" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html", + "url": "https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html" } ] } diff --git a/2023/36xxx/CVE-2023-36499.json b/2023/36xxx/CVE-2023-36499.json new file mode 100644 index 00000000000..2355752f833 --- /dev/null +++ b/2023/36xxx/CVE-2023-36499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-36499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38412.json b/2023/38xxx/CVE-2023-38412.json new file mode 100644 index 00000000000..8ca2a6c7f85 --- /dev/null +++ b/2023/38xxx/CVE-2023-38412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38591.json b/2023/38xxx/CVE-2023-38591.json new file mode 100644 index 00000000000..d06fe2df550 --- /dev/null +++ b/2023/38xxx/CVE-2023-38591.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38591", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39220.json b/2023/39xxx/CVE-2023-39220.json new file mode 100644 index 00000000000..63d080d6502 --- /dev/null +++ b/2023/39xxx/CVE-2023-39220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39428.json b/2023/39xxx/CVE-2023-39428.json new file mode 100644 index 00000000000..d0ae384849b --- /dev/null +++ b/2023/39xxx/CVE-2023-39428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39451.json b/2023/39xxx/CVE-2023-39451.json new file mode 100644 index 00000000000..18a566281d9 --- /dev/null +++ b/2023/39xxx/CVE-2023-39451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39927.json b/2023/39xxx/CVE-2023-39927.json new file mode 100644 index 00000000000..490abe27807 --- /dev/null +++ b/2023/39xxx/CVE-2023-39927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39934.json b/2023/39xxx/CVE-2023-39934.json new file mode 100644 index 00000000000..e936b0a1d35 --- /dev/null +++ b/2023/39xxx/CVE-2023-39934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4052.json b/2023/4xxx/CVE-2023-4052.json index 6022684fc93..c4d31b015f9 100644 --- a/2023/4xxx/CVE-2023-4052.json +++ b/2023/4xxx/CVE-2023-4052.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1." + "value": "The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1." } ] }, @@ -57,6 +57,18 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.1" + } + ] + } } ] } @@ -80,6 +92,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2023-31/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-33/" } ] }, diff --git a/2023/4xxx/CVE-2023-4054.json b/2023/4xxx/CVE-2023-4054.json index c0f7471335e..13cc45393af 100644 --- a/2023/4xxx/CVE-2023-4054.json +++ b/2023/4xxx/CVE-2023-4054.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1." + "value": "When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1." } ] }, @@ -57,6 +57,18 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "102.14" + } + ] + } } ] } @@ -85,6 +97,16 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2023-31/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-32/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-32/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-33/" } ] }, diff --git a/2023/4xxx/CVE-2023-4057.json b/2023/4xxx/CVE-2023-4057.json index d5e8990443f..e9dfaad88f5 100644 --- a/2023/4xxx/CVE-2023-4057.json +++ b/2023/4xxx/CVE-2023-4057.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1." + "value": "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1." } ] }, @@ -57,6 +57,18 @@ } ] } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.1" + } + ] + } } ] } @@ -80,6 +92,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2023-31/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2023-31/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-33/" } ] }, diff --git a/2023/4xxx/CVE-2023-4147.json b/2023/4xxx/CVE-2023-4147.json index 448f0ede4a1..9201002a311 100644 --- a/2023/4xxx/CVE-2023-4147.json +++ b/2023/4xxx/CVE-2023-4147.json @@ -1,17 +1,213 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4147", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw was found in the Linux kernel\u2019s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5-rc4", + "status": "unaffected" + } + ] + } + } + ] + } + }, + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4147", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4147" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211" + }, + { + "url": "https://www.spinics.net/lists/stable/msg671573.html", + "refsource": "MISC", + "name": "https://www.spinics.net/lists/stable/msg671573.html" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4194.json b/2023/4xxx/CVE-2023-4194.json index 45350de66c8..d3b04495d5c 100644 --- a/2023/4xxx/CVE-2023-4194.json +++ b/2023/4xxx/CVE-2023-4194.json @@ -1,17 +1,230 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (\"tun: tun_chr_open(): correctly initialize socket uid\"), - 66b2c338adce (\"tap: tap_open(): correctly initialize socket uid\"), pass \"inode->i_uid\" to sock_init_data_uid() as the last parameter and that turns out to not be accurate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Resource Using Incompatible Type ('Type Confusion')", + "cweId": "CWE-843" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5-rc5", + "status": "unaffected" + } + ] + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4194", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4194" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229498", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2229498" + }, + { + "url": "https://lore.kernel.org/all/20230731164237.48365-1-lersek@redhat.com/", + "refsource": "MISC", + "name": "https://lore.kernel.org/all/20230731164237.48365-1-lersek@redhat.com/" + }, + { + "url": "https://lore.kernel.org/all/20230731164237.48365-2-lersek@redhat.com/", + "refsource": "MISC", + "name": "https://lore.kernel.org/all/20230731164237.48365-2-lersek@redhat.com/" + }, + { + "url": "https://lore.kernel.org/all/20230731164237.48365-3-lersek@redhat.com/", + "refsource": "MISC", + "name": "https://lore.kernel.org/all/20230731164237.48365-3-lersek@redhat.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Laszlo Ersek (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4205.json b/2023/4xxx/CVE-2023-4205.json index dbcbf18c857..fb9f0adfd01 100644 --- a/2023/4xxx/CVE-2023-4205.json +++ b/2023/4xxx/CVE-2023-4205.json @@ -1,17 +1,177 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s do_journal_end function when the fails array-index-out-of-bounds in fs/reiserfs/journal.c could happen. This flaw allows a local user to crash the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4205", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4205" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228101", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2228101" + }, + { + "url": "https://www.spinics.net/lists/kernel/msg4876594.html", + "refsource": "MISC", + "name": "https://www.spinics.net/lists/kernel/msg4876594.html" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Zhiyu Zhang for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4206.json b/2023/4xxx/CVE-2023-4206.json new file mode 100644 index 00000000000..8653041fdaf --- /dev/null +++ b/2023/4xxx/CVE-2023-4206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4207.json b/2023/4xxx/CVE-2023-4207.json new file mode 100644 index 00000000000..ed124533dfa --- /dev/null +++ b/2023/4xxx/CVE-2023-4207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4208.json b/2023/4xxx/CVE-2023-4208.json new file mode 100644 index 00000000000..61c2eda0ba6 --- /dev/null +++ b/2023/4xxx/CVE-2023-4208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4209.json b/2023/4xxx/CVE-2023-4209.json new file mode 100644 index 00000000000..96556a59d40 --- /dev/null +++ b/2023/4xxx/CVE-2023-4209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file