From c772031c81175ff459112907cb0f6d2443d128e5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Feb 2023 21:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0339.json | 4 +- 2023/0xxx/CVE-2023-0511.json | 2 +- 2023/1xxx/CVE-2023-1099.json | 101 +++++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1100.json | 106 +++++++++++++++++++++++++++++++++ 2023/22xxx/CVE-2023-22996.json | 61 +++++++++++++++++-- 2023/22xxx/CVE-2023-22997.json | 61 +++++++++++++++++-- 2023/22xxx/CVE-2023-22998.json | 61 +++++++++++++++++-- 2023/22xxx/CVE-2023-22999.json | 61 +++++++++++++++++-- 8 files changed, 430 insertions(+), 27 deletions(-) create mode 100644 2023/1xxx/CVE-2023-1099.json create mode 100644 2023/1xxx/CVE-2023-1100.json diff --git a/2023/0xxx/CVE-2023-0339.json b/2023/0xxx/CVE-2023-0339.json index 0464fe780b0..a168d51adfe 100644 --- a/2023/0xxx/CVE-2023-0339.json +++ b/2023/0xxx/CVE-2023-0339.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass.This issue affects Access Management Web Policy Agent: through 5.10.1." + "value": "Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1" } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "<=", - "version_name": "0", + "version_name": "1.0.0", "version_value": "5.10.1" } ] diff --git a/2023/0xxx/CVE-2023-0511.json b/2023/0xxx/CVE-2023-0511.json index b325b351bb1..4430c620ffa 100644 --- a/2023/0xxx/CVE-2023-0511.json +++ b/2023/0xxx/CVE-2023-0511.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.This issue affects Access Management Java Policy Agent: from 1.0.0 through 5.10.1." + "value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1" } ] }, diff --git a/2023/1xxx/CVE-2023-1099.json b/2023/1xxx/CVE-2023-1099.json new file mode 100644 index 00000000000..fcfd4946840 --- /dev/null +++ b/2023/1xxx/CVE-2023-1099.json @@ -0,0 +1,101 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1099", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php?editid=1. The manipulation of the argument editideditid leads to sql injection. The attack may be launched remotely. VDB-222002 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Online Student Management System 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei eduauth/edit-class-detail.php?editid=1. Dank der Manipulation des Arguments editideditid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Student Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.222002", + "refsource": "MISC", + "name": "https://vuldb.com/?id.222002" + }, + { + "url": "https://vuldb.com/?ctiid.222002", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.222002" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0chen (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1100.json b/2023/1xxx/CVE-2023-1100.json new file mode 100644 index 00000000000..1cddb9a9fb8 --- /dev/null +++ b/2023/1xxx/CVE-2023-1100.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1100", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in SourceCodester Online Catering Reservation System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /reservation/add_message.php der Komponente POST Parameter Handler. Dank Manipulation des Arguments fullname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Catering Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.222003", + "refsource": "MISC", + "name": "https://vuldb.com/?id.222003" + }, + { + "url": "https://vuldb.com/?ctiid.222003", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.222003" + }, + { + "url": "https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md", + "refsource": "MISC", + "name": "https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "jackswordsz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22996.json b/2023/22xxx/CVE-2023-22996.json index 8cad8414269..561b4db9b9f 100644 --- a/2023/22xxx/CVE-2023-22996.json +++ b/2023/22xxx/CVE-2023-22996.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-22996", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-22996", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2", + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/4b41a9d0fe3db5f91078a380f62f0572c3ecf2dd", + "url": "https://github.com/torvalds/linux/commit/4b41a9d0fe3db5f91078a380f62f0572c3ecf2dd" } ] } diff --git a/2023/22xxx/CVE-2023-22997.json b/2023/22xxx/CVE-2023-22997.json index ed1e5178e3c..350eaf93dc2 100644 --- a/2023/22xxx/CVE-2023-22997.json +++ b/2023/22xxx/CVE-2023-22997.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-22997", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-22997", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/45af1d7aae7d5520d2858f8517a1342646f015db", + "url": "https://github.com/torvalds/linux/commit/45af1d7aae7d5520d2858f8517a1342646f015db" + }, + { + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2", + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2" } ] } diff --git a/2023/22xxx/CVE-2023-22998.json b/2023/22xxx/CVE-2023-22998.json index 6862534aec5..e799bce4e9f 100644 --- a/2023/22xxx/CVE-2023-22998.json +++ b/2023/22xxx/CVE-2023-22998.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-22998", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-22998", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/c24968734abfed81c8f93dc5f44a7b7a9aecadfa", + "url": "https://github.com/torvalds/linux/commit/c24968734abfed81c8f93dc5f44a7b7a9aecadfa" + }, + { + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3", + "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3" } ] } diff --git a/2023/22xxx/CVE-2023-22999.json b/2023/22xxx/CVE-2023-22999.json index c07b3491050..75f4cbc18fb 100644 --- a/2023/22xxx/CVE-2023-22999.json +++ b/2023/22xxx/CVE-2023-22999.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-22999", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-22999", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3", + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3" + }, + { + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/b52fe2dbb3e655eb1483000adfab68a219549e13", + "url": "https://github.com/torvalds/linux/commit/b52fe2dbb3e655eb1483000adfab68a219549e13" } ] }