diff --git a/2022/39xxx/CVE-2022-39189.json b/2022/39xxx/CVE-2022-39189.json index 62ca01e643a..ade7898c23c 100644 --- a/2022/39xxx/CVE-2022-39189.json +++ b/2022/39xxx/CVE-2022-39189.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-5480", "url": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2022/4xxx/CVE-2022-4269.json b/2022/4xxx/CVE-2022-4269.json index 49780b6808d..7fc43f0dbd9 100644 --- a/2022/4xxx/CVE-2022-4269.json +++ b/2022/4xxx/CVE-2022-4269.json @@ -68,6 +68,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230929-0001/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230929-0001/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/1xxx/CVE-2023-1206.json b/2023/1xxx/CVE-2023-1206.json index a979bc18d22..7e1b6ccd118 100644 --- a/2023/1xxx/CVE-2023-1206.json +++ b/2023/1xxx/CVE-2023-1206.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230929-0006/", "url": "https://security.netapp.com/advisory/ntap-20230929-0006/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/1xxx/CVE-2023-1380.json b/2023/1xxx/CVE-2023-1380.json index ef0154e4f39..dfd12a9b371 100644 --- a/2023/1xxx/CVE-2023-1380.json +++ b/2023/1xxx/CVE-2023-1380.json @@ -83,6 +83,11 @@ "refsource": "DEBIAN", "name": "DSA-5480", "url": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/20xxx/CVE-2023-20588.json b/2023/20xxx/CVE-2023-20588.json index 73844ed7162..137432a800a 100644 --- a/2023/20xxx/CVE-2023-20588.json +++ b/2023/20xxx/CVE-2023-20588.json @@ -266,6 +266,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21255.json b/2023/21xxx/CVE-2023-21255.json index 57b619eb500..e898372021f 100644 --- a/2023/21xxx/CVE-2023-21255.json +++ b/2023/21xxx/CVE-2023-21255.json @@ -67,6 +67,11 @@ "url": "https://www.debian.org/security/2023/dsa-5480", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/21xxx/CVE-2023-21400.json b/2023/21xxx/CVE-2023-21400.json index 3f997c00dbc..ca699d5ee00 100644 --- a/2023/21xxx/CVE-2023-21400.json +++ b/2023/21xxx/CVE-2023-21400.json @@ -87,6 +87,11 @@ "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html", "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/2xxx/CVE-2023-2002.json b/2023/2xxx/CVE-2023-2002.json index a8d98e76375..a5305c088e9 100644 --- a/2023/2xxx/CVE-2023-2002.json +++ b/2023/2xxx/CVE-2023-2002.json @@ -58,6 +58,11 @@ "refsource": "DEBIAN", "name": "DSA-5480", "url": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2007.json b/2023/2xxx/CVE-2023-2007.json index 2d00ce75a86..5a90797866f 100644 --- a/2023/2xxx/CVE-2023-2007.json +++ b/2023/2xxx/CVE-2023-2007.json @@ -58,6 +58,11 @@ "refsource": "DEBIAN", "name": "DSA-5480", "url": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2124.json b/2023/2xxx/CVE-2023-2124.json index 51d3c81b350..db1b099d35c 100644 --- a/2023/2xxx/CVE-2023-2124.json +++ b/2023/2xxx/CVE-2023-2124.json @@ -68,6 +68,11 @@ "refsource": "DEBIAN", "name": "DSA-5480", "url": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2269.json b/2023/2xxx/CVE-2023-2269.json index 3e3e3800e03..a33a7dd1241 100644 --- a/2023/2xxx/CVE-2023-2269.json +++ b/2023/2xxx/CVE-2023-2269.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230929-0004/", "url": "https://security.netapp.com/advisory/ntap-20230929-0004/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2898.json b/2023/2xxx/CVE-2023-2898.json index 6edc3b44ffc..fb205091590 100644 --- a/2023/2xxx/CVE-2023-2898.json +++ b/2023/2xxx/CVE-2023-2898.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230929-0002/", "url": "https://security.netapp.com/advisory/ntap-20230929-0002/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/31xxx/CVE-2023-31046.json b/2023/31xxx/CVE-2023-31046.json index 7961d82c31e..3cf391035cf 100644 --- a/2023/31xxx/CVE-2023-31046.json +++ b/2023/31xxx/CVE-2023-31046.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an attacker to achieve read-only access to the server's filesystem." + "value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with \"GET /ui/static/..//..\" reach getStaticContent in UIContentResource.class in the static-content-files servlet." } ] }, @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://research.aurainfosec.io/disclosure/papercut/", "url": "https://research.aurainfosec.io/disclosure/papercut/" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/", + "url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/" } ] } diff --git a/2023/31xxx/CVE-2023-31084.json b/2023/31xxx/CVE-2023-31084.json index 0ada4614036..1ebc9f10135 100644 --- a/2023/31xxx/CVE-2023-31084.json +++ b/2023/31xxx/CVE-2023-31084.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230929-0003/", "url": "https://security.netapp.com/advisory/ntap-20230929-0003/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/34xxx/CVE-2023-34256.json b/2023/34xxx/CVE-2023-34256.json index 63fba00f782..8ac8316ddc1 100644 --- a/2023/34xxx/CVE-2023-34256.json +++ b/2023/34xxx/CVE-2023-34256.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/34xxx/CVE-2023-34319.json b/2023/34xxx/CVE-2023-34319.json index c41c149711d..526504ac168 100644 --- a/2023/34xxx/CVE-2023-34319.json +++ b/2023/34xxx/CVE-2023-34319.json @@ -65,6 +65,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-438.html", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-438.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/35xxx/CVE-2023-35788.json b/2023/35xxx/CVE-2023-35788.json index 45e49efbc7f..afff703667d 100644 --- a/2023/35xxx/CVE-2023-35788.json +++ b/2023/35xxx/CVE-2023-35788.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/35xxx/CVE-2023-35823.json b/2023/35xxx/CVE-2023-35823.json index bda0d04d4be..137d17b9407 100644 --- a/2023/35xxx/CVE-2023-35823.json +++ b/2023/35xxx/CVE-2023-35823.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230803-0002/", "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/35xxx/CVE-2023-35824.json b/2023/35xxx/CVE-2023-35824.json index f2363ddafb6..cb2aa023731 100644 --- a/2023/35xxx/CVE-2023-35824.json +++ b/2023/35xxx/CVE-2023-35824.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230803-0002/", "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/39xxx/CVE-2023-39731.json b/2023/39xxx/CVE-2023-39731.json index b3734176627..d38f5a83003 100644 --- a/2023/39xxx/CVE-2023-39731.json +++ b/2023/39xxx/CVE-2023-39731.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39731", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39731", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md", + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md" } ] } diff --git a/2023/3xxx/CVE-2023-3090.json b/2023/3xxx/CVE-2023-3090.json index 36f1514b881..d3a65d3253b 100644 --- a/2023/3xxx/CVE-2023-3090.json +++ b/2023/3xxx/CVE-2023-3090.json @@ -94,6 +94,11 @@ "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html", "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3111.json b/2023/3xxx/CVE-2023-3111.json index b941174ee66..fb92317c2d1 100644 --- a/2023/3xxx/CVE-2023-3111.json +++ b/2023/3xxx/CVE-2023-3111.json @@ -63,6 +63,11 @@ "refsource": "DEBIAN", "name": "DSA-5480", "url": "https://www.debian.org/security/2023/dsa-5480" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3141.json b/2023/3xxx/CVE-2023-3141.json index 8b45ffa38f4..d983b8b9541 100644 --- a/2023/3xxx/CVE-2023-3141.json +++ b/2023/3xxx/CVE-2023-3141.json @@ -68,6 +68,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3212.json b/2023/3xxx/CVE-2023-3212.json index 25c4d84696f..4cf33970032 100644 --- a/2023/3xxx/CVE-2023-3212.json +++ b/2023/3xxx/CVE-2023-3212.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230929-0005/", "url": "https://security.netapp.com/advisory/ntap-20230929-0005/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3268.json b/2023/3xxx/CVE-2023-3268.json index a9ba00acd97..5f83a9c45a6 100644 --- a/2023/3xxx/CVE-2023-3268.json +++ b/2023/3xxx/CVE-2023-3268.json @@ -78,6 +78,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230824-0006/", "url": "https://security.netapp.com/advisory/ntap-20230824-0006/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3338.json b/2023/3xxx/CVE-2023-3338.json index 2ce6b626274..94bdca24d79 100644 --- a/2023/3xxx/CVE-2023-3338.json +++ b/2023/3xxx/CVE-2023-3338.json @@ -187,6 +187,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230824-0005/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230824-0005/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3389.json b/2023/3xxx/CVE-2023-3389.json index 6d024a727f2..7a1a9f85c1c 100644 --- a/2023/3xxx/CVE-2023-3389.json +++ b/2023/3xxx/CVE-2023-3389.json @@ -104,6 +104,11 @@ "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html", "refsource": "MISC", "name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3609.json b/2023/3xxx/CVE-2023-3609.json index fc9f76919e1..3de9e06053f 100644 --- a/2023/3xxx/CVE-2023-3609.json +++ b/2023/3xxx/CVE-2023-3609.json @@ -79,6 +79,11 @@ "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html", "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3611.json b/2023/3xxx/CVE-2023-3611.json index cc788d48b3b..f5d481a5a60 100644 --- a/2023/3xxx/CVE-2023-3611.json +++ b/2023/3xxx/CVE-2023-3611.json @@ -79,6 +79,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3772.json b/2023/3xxx/CVE-2023-3772.json index 0e862148735..1b8565abcaa 100644 --- a/2023/3xxx/CVE-2023-3772.json +++ b/2023/3xxx/CVE-2023-3772.json @@ -177,6 +177,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3773.json b/2023/3xxx/CVE-2023-3773.json index 8e37d4be3ff..d2e4fd11bad 100644 --- a/2023/3xxx/CVE-2023-3773.json +++ b/2023/3xxx/CVE-2023-3773.json @@ -167,6 +167,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3776.json b/2023/3xxx/CVE-2023-3776.json index fb6909fe09d..fe6d76cb8f3 100644 --- a/2023/3xxx/CVE-2023-3776.json +++ b/2023/3xxx/CVE-2023-3776.json @@ -79,6 +79,11 @@ "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html", "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/3xxx/CVE-2023-3863.json b/2023/3xxx/CVE-2023-3863.json index e729671ce17..4207c3186ed 100644 --- a/2023/3xxx/CVE-2023-3863.json +++ b/2023/3xxx/CVE-2023-3863.json @@ -182,6 +182,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/40xxx/CVE-2023-40283.json b/2023/40xxx/CVE-2023-40283.json index 5cd1538f3b4..3a7e1fa87cc 100644 --- a/2023/40xxx/CVE-2023-40283.json +++ b/2023/40xxx/CVE-2023-40283.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html", "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } diff --git a/2023/41xxx/CVE-2023-41893.json b/2023/41xxx/CVE-2023-41893.json index 82d6e04ddc7..7f802f6d5b4 100644 --- a/2023/41xxx/CVE-2023-41893.json +++ b/2023/41xxx/CVE-2023-41893.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41893", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Home assistant is an open source home automation. The audit team\u2019s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim\u2019s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim\u2019s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "home-assistant", + "product": { + "product_data": [ + { + "product_name": "core", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2023.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5", + "refsource": "MISC", + "name": "https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5" + }, + { + "url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/", + "refsource": "MISC", + "name": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/" + } + ] + }, + "source": { + "advisory": "GHSA-qhhj-7hrc-gqj5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41894.json b/2023/41xxx/CVE-2023-41894.json index 09b865f2019..272689dddca 100644 --- a/2023/41xxx/CVE-2023-41894.json +++ b/2023/41xxx/CVE-2023-41894.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41894", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-669: Incorrect Resource Transfer Between Spheres", + "cweId": "CWE-669" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "home-assistant", + "product": { + "product_data": [ + { + "product_name": "core", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2023.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/home-assistant/core/security/advisories/GHSA-wx3j-3v2j-rf45", + "refsource": "MISC", + "name": "https://github.com/home-assistant/core/security/advisories/GHSA-wx3j-3v2j-rf45" + }, + { + "url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/", + "refsource": "MISC", + "name": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/" + } + ] + }, + "source": { + "advisory": "GHSA-wx3j-3v2j-rf45", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42753.json b/2023/42xxx/CVE-2023-42753.json index ed53f8bbd9f..8a49ac79d16 100644 --- a/2023/42xxx/CVE-2023-42753.json +++ b/2023/42xxx/CVE-2023-42753.json @@ -177,6 +177,11 @@ "url": "https://www.openwall.com/lists/oss-security/2023/09/22/10", "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2023/09/22/10" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/42xxx/CVE-2023-42755.json b/2023/42xxx/CVE-2023-42755.json index 1c971c98acd..d35a86a2729 100644 --- a/2023/42xxx/CVE-2023-42755.json +++ b/2023/42xxx/CVE-2023-42755.json @@ -172,6 +172,11 @@ "url": "https://seclists.org/oss-sec/2023/q3/229", "refsource": "MISC", "name": "https://seclists.org/oss-sec/2023/q3/229" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/42xxx/CVE-2023-42756.json b/2023/42xxx/CVE-2023-42756.json index 5ccb7ee5753..1199b857200 100644 --- a/2023/42xxx/CVE-2023-42756.json +++ b/2023/42xxx/CVE-2023-42756.json @@ -187,6 +187,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/46xxx/CVE-2023-46115.json b/2023/46xxx/CVE-2023-46115.json index 4d01919a131..901baf8025e 100644 --- a/2023/46xxx/CVE-2023-46115.json +++ b/2023/46xxx/CVE-2023-46115.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tauri-apps", + "product": { + "product_data": [ + { + "product_name": "tauri", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.0.0-alpha.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259", + "refsource": "MISC", + "name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259" + }, + { + "url": "https://tauri.app/v1/guides/getting-started/setup/vite/", + "refsource": "MISC", + "name": "https://tauri.app/v1/guides/getting-started/setup/vite/" + } + ] + }, + "source": { + "advisory": "GHSA-2rcp-jvr4-r259", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4004.json b/2023/4xxx/CVE-2023-4004.json index 85a616be34f..aa4c286352e 100644 --- a/2023/4xxx/CVE-2023-4004.json +++ b/2023/4xxx/CVE-2023-4004.json @@ -437,6 +437,11 @@ "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html", "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4128.json b/2023/4xxx/CVE-2023-4128.json index fdb7cf9c0b5..99470cec19d 100644 --- a/2023/4xxx/CVE-2023-4128.json +++ b/2023/4xxx/CVE-2023-4128.json @@ -538,6 +538,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4132.json b/2023/4xxx/CVE-2023-4132.json index 4ce3e49eeb7..decfa55ca04 100644 --- a/2023/4xxx/CVE-2023-4132.json +++ b/2023/4xxx/CVE-2023-4132.json @@ -177,6 +177,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4147.json b/2023/4xxx/CVE-2023-4147.json index 8dbfad861ac..7c41938b16c 100644 --- a/2023/4xxx/CVE-2023-4147.json +++ b/2023/4xxx/CVE-2023-4147.json @@ -251,6 +251,11 @@ "url": "https://www.spinics.net/lists/stable/msg671573.html", "refsource": "MISC", "name": "https://www.spinics.net/lists/stable/msg671573.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4194.json b/2023/4xxx/CVE-2023-4194.json index f24c91cd74f..7538df55dbf 100644 --- a/2023/4xxx/CVE-2023-4194.json +++ b/2023/4xxx/CVE-2023-4194.json @@ -221,6 +221,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4244.json b/2023/4xxx/CVE-2023-4244.json index 121692f8071..7f3b598f73b 100644 --- a/2023/4xxx/CVE-2023-4244.json +++ b/2023/4xxx/CVE-2023-4244.json @@ -64,6 +64,11 @@ "url": "https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8", "refsource": "MISC", "name": "https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4273.json b/2023/4xxx/CVE-2023-4273.json index 0a7c9556436..cfed5d3ad31 100644 --- a/2023/4xxx/CVE-2023-4273.json +++ b/2023/4xxx/CVE-2023-4273.json @@ -192,6 +192,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4622.json b/2023/4xxx/CVE-2023-4622.json index 66ac34a1e24..08df84d6dbb 100644 --- a/2023/4xxx/CVE-2023-4622.json +++ b/2023/4xxx/CVE-2023-4622.json @@ -69,6 +69,11 @@ "url": "https://www.debian.org/security/2023/dsa-5492", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5492" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4623.json b/2023/4xxx/CVE-2023-4623.json index a64a2b3609b..0dd4617cad7 100644 --- a/2023/4xxx/CVE-2023-4623.json +++ b/2023/4xxx/CVE-2023-4623.json @@ -64,6 +64,11 @@ "url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f", "refsource": "MISC", "name": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] }, diff --git a/2023/4xxx/CVE-2023-4921.json b/2023/4xxx/CVE-2023-4921.json index dd652a637dd..98e395008c9 100644 --- a/2023/4xxx/CVE-2023-4921.json +++ b/2023/4xxx/CVE-2023-4921.json @@ -64,6 +64,11 @@ "url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8", "refsource": "MISC", "name": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] },