diff --git a/2018/25xxx/CVE-2018-25082.json b/2018/25xxx/CVE-2018-25082.json index 4ef1f560f17..b4bb8cea853 100644 --- a/2018/25xxx/CVE-2018-25082.json +++ b/2018/25xxx/CVE-2018-25082.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-25082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in zwczou WeChat SDK Python 0.3.0 gefunden. Betroffen davon ist die Funktion validate/to_xml. Durch Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.5.5 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e54abadc777715b6dcb545c13214d1dea63df6c9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zwczou", + "product": { + "product_data": [ + { + "product_name": "WeChat SDK Python", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.223403", + "refsource": "MISC", + "name": "https://vuldb.com/?id.223403" + }, + { + "url": "https://vuldb.com/?ctiid.223403", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.223403" + }, + { + "url": "https://github.com/zwczou/weixin-python/pull/30", + "refsource": "MISC", + "name": "https://github.com/zwczou/weixin-python/pull/30" + }, + { + "url": "https://github.com/zwczou/weixin-python/commit/e54abadc777715b6dcb545c13214d1dea63df6c9", + "refsource": "MISC", + "name": "https://github.com/zwczou/weixin-python/commit/e54abadc777715b6dcb545c13214d1dea63df6c9" + }, + { + "url": "https://github.com/zwczou/weixin-python/releases/tag/v0.5.5", + "refsource": "MISC", + "name": "https://github.com/zwczou/weixin-python/releases/tag/v0.5.5" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/36xxx/CVE-2022-36429.json b/2022/36xxx/CVE-2022-36429.json index 02a2389e1ce..8e9aff4ef4d 100644 --- a/2022/36xxx/CVE-2022-36429.json +++ b/2022/36xxx/CVE-2022-36429.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-36429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-912: Hidden Functionality", + "cweId": "CWE-912" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netgear", + "product": { + "product_data": [ + { + "product_name": "Orbi Satellite RBS750", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.6.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2022/37xxx/CVE-2022-37337.json b/2022/37xxx/CVE-2022-37337.json index 81bf0532635..ca6596856a4 100644 --- a/2022/37xxx/CVE-2022-37337.json +++ b/2022/37xxx/CVE-2022-37337.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netgear", + "product": { + "product_data": [ + { + "product_name": "Orbi Router RBR750", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.6.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1596", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1596" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" } ] } diff --git a/2022/38xxx/CVE-2022-38452.json b/2022/38xxx/CVE-2022-38452.json index 06391679d65..2cf8d7e9269 100644 --- a/2022/38xxx/CVE-2022-38452.json +++ b/2022/38xxx/CVE-2022-38452.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38452", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-912: Hidden Functionality", + "cweId": "CWE-912" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netgear", + "product": { + "product_data": [ + { + "product_name": "Orbi Router RBR750", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.6.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2022/38xxx/CVE-2022-38458.json b/2022/38xxx/CVE-2022-38458.json index c3798707101..d1c55ca0e78 100644 --- a/2022/38xxx/CVE-2022-38458.json +++ b/2022/38xxx/CVE-2022-38458.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311: Missing Encryption of Sensitive Data", + "cweId": "CWE-311" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netgear", + "product": { + "product_data": [ + { + "product_name": "Orbi Router RBR750", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.6.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/45xxx/CVE-2022-45636.json b/2022/45xxx/CVE-2022-45636.json index eb5c8617bbe..ff5b4833bde 100644 --- a/2022/45xxx/CVE-2022-45636.json +++ b/2022/45xxx/CVE-2022-45636.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45636", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45636", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.withsecure.com/advisories/insecure-authorization-scheme-for-api-requests-in-dbd--mobile-co", + "url": "https://labs.withsecure.com/advisories/insecure-authorization-scheme-for-api-requests-in-dbd--mobile-co" + }, + { + "refsource": "MISC", + "name": "https://github.com/WithSecureLabs/megafeis-palm/tree/main/CVE-2022-45636", + "url": "https://github.com/WithSecureLabs/megafeis-palm/tree/main/CVE-2022-45636" } ] } diff --git a/2023/0xxx/CVE-2023-0681.json b/2023/0xxx/CVE-2023-0681.json index 484f6c198ed..30152103faa 100644 --- a/2023/0xxx/CVE-2023-0681.json +++ b/2023/0xxx/CVE-2023-0681.json @@ -71,7 +71,7 @@ "credits": [ { "lang": "en", - "value": "Beau Taub" + "value": "Beau Taub of 2U, Inc." } ], "impact": { diff --git a/2023/24xxx/CVE-2023-24368.json b/2023/24xxx/CVE-2023-24368.json index 30a8ef8c953..7bc7113099f 100644 --- a/2023/24xxx/CVE-2023-24368.json +++ b/2023/24xxx/CVE-2023-24368.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Incorrect access control in Temenos T24 Release 20 allows attackers to gain unauthorized access to sensitive information via a crafted POST request to HELPTEXT.MAINMENU." + "value": "** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allows attackers to gain unauthorized access to sensitive information via a crafted POST request to HELPTEXT.MAINMENU. NOTE: the vendor's position is that \"the access level granted is in line with business requirement.\"" } ] }, diff --git a/2023/25xxx/CVE-2023-25134.json b/2023/25xxx/CVE-2023-25134.json index ed5cdf33bf0..bbd859528dd 100644 --- a/2023/25xxx/CVE-2023-25134.json +++ b/2023/25xxx/CVE-2023-25134.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-25134", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-25134", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html", + "refsource": "MISC", + "name": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html" + }, + { + "refsource": "MISC", + "name": "https://www.mcafee.com/support/?articleId=TS103398&page=shell&shell=article-view", + "url": "https://www.mcafee.com/support/?articleId=TS103398&page=shell&shell=article-view" } ] } diff --git a/2023/28xxx/CVE-2023-28708.json b/2023/28xxx/CVE-2023-28708.json new file mode 100644 index 00000000000..a03cfa5b10c --- /dev/null +++ b/2023/28xxx/CVE-2023-28708.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28708", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28709.json b/2023/28xxx/CVE-2023-28709.json new file mode 100644 index 00000000000..81a7608c540 --- /dev/null +++ b/2023/28xxx/CVE-2023-28709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file