From cb78768254fb8a5b08ebe72b5d18eabe030ce32b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 15 Dec 2023 01:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/21xxx/CVE-2023-21740.json | 12 +++++ 2023/35xxx/CVE-2023-35622.json | 12 +++++ 2023/35xxx/CVE-2023-35628.json | 12 +++++ 2023/35xxx/CVE-2023-35629.json | 12 +++++ 2023/35xxx/CVE-2023-35630.json | 12 +++++ 2023/35xxx/CVE-2023-35632.json | 12 +++++ 2023/35xxx/CVE-2023-35633.json | 12 +++++ 2023/35xxx/CVE-2023-35639.json | 12 +++++ 2023/35xxx/CVE-2023-35641.json | 12 +++++ 2023/35xxx/CVE-2023-35642.json | 12 +++++ 2023/36xxx/CVE-2023-36004.json | 12 +++++ 2023/36xxx/CVE-2023-36005.json | 12 +++++ 2023/36xxx/CVE-2023-36006.json | 12 +++++ 2023/36xxx/CVE-2023-36012.json | 12 +++++ 2023/36xxx/CVE-2023-36878.json | 64 +++++++++++++++++++++-- 2023/40xxx/CVE-2023-40954.json | 61 +++++++++++++++++++--- 2023/42xxx/CVE-2023-42183.json | 56 ++++++++++++++++++--- 2023/48xxx/CVE-2023-48050.json | 56 ++++++++++++++++++--- 2023/6xxx/CVE-2023-6831.json | 92 ++++++++++++++++++++++++++++++++++ 2023/6xxx/CVE-2023-6832.json | 92 ++++++++++++++++++++++++++++++++++ 20 files changed, 567 insertions(+), 22 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6831.json create mode 100644 2023/6xxx/CVE-2023-6832.json diff --git a/2023/21xxx/CVE-2023-21740.json b/2023/21xxx/CVE-2023-21740.json index 7784c6cb136..452eea1136b 100644 --- a/2023/21xxx/CVE-2023-21740.json +++ b/2023/21xxx/CVE-2023-21740.json @@ -226,6 +226,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35622.json b/2023/35xxx/CVE-2023-35622.json index 5c8f28cf610..621ea86d1e2 100644 --- a/2023/35xxx/CVE-2023-35622.json +++ b/2023/35xxx/CVE-2023-35622.json @@ -154,6 +154,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35628.json b/2023/35xxx/CVE-2023-35628.json index db53f69d313..32a43f2a5df 100644 --- a/2023/35xxx/CVE-2023-35628.json +++ b/2023/35xxx/CVE-2023-35628.json @@ -226,6 +226,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35629.json b/2023/35xxx/CVE-2023-35629.json index 01b7e0a98d6..81b0a37d468 100644 --- a/2023/35xxx/CVE-2023-35629.json +++ b/2023/35xxx/CVE-2023-35629.json @@ -94,6 +94,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35630.json b/2023/35xxx/CVE-2023-35630.json index 074bb76865e..22bc5daa50f 100644 --- a/2023/35xxx/CVE-2023-35630.json +++ b/2023/35xxx/CVE-2023-35630.json @@ -262,6 +262,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35632.json b/2023/35xxx/CVE-2023-35632.json index 193ea2a17f8..46667c64c60 100644 --- a/2023/35xxx/CVE-2023-35632.json +++ b/2023/35xxx/CVE-2023-35632.json @@ -154,6 +154,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35633.json b/2023/35xxx/CVE-2023-35633.json index da6426b1a5d..94c090e8796 100644 --- a/2023/35xxx/CVE-2023-35633.json +++ b/2023/35xxx/CVE-2023-35633.json @@ -94,6 +94,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35639.json b/2023/35xxx/CVE-2023-35639.json index ecb3766db66..5fb099a5a4b 100644 --- a/2023/35xxx/CVE-2023-35639.json +++ b/2023/35xxx/CVE-2023-35639.json @@ -262,6 +262,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35641.json b/2023/35xxx/CVE-2023-35641.json index 7777c2e524e..e53f486e183 100644 --- a/2023/35xxx/CVE-2023-35641.json +++ b/2023/35xxx/CVE-2023-35641.json @@ -262,6 +262,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/35xxx/CVE-2023-35642.json b/2023/35xxx/CVE-2023-35642.json index c596d45d928..c9fed2e4504 100644 --- a/2023/35xxx/CVE-2023-35642.json +++ b/2023/35xxx/CVE-2023-35642.json @@ -262,6 +262,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/36xxx/CVE-2023-36004.json b/2023/36xxx/CVE-2023-36004.json index 29d4a006c35..8364329b6b4 100644 --- a/2023/36xxx/CVE-2023-36004.json +++ b/2023/36xxx/CVE-2023-36004.json @@ -262,6 +262,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/36xxx/CVE-2023-36005.json b/2023/36xxx/CVE-2023-36005.json index 2531ead48d2..4fbbdfd478f 100644 --- a/2023/36xxx/CVE-2023-36005.json +++ b/2023/36xxx/CVE-2023-36005.json @@ -262,6 +262,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/36xxx/CVE-2023-36006.json b/2023/36xxx/CVE-2023-36006.json index da7530be5d8..ad0fcd7d308 100644 --- a/2023/36xxx/CVE-2023-36006.json +++ b/2023/36xxx/CVE-2023-36006.json @@ -262,6 +262,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/36xxx/CVE-2023-36012.json b/2023/36xxx/CVE-2023-36012.json index 6e2a29375b1..c365d946564 100644 --- a/2023/36xxx/CVE-2023-36012.json +++ b/2023/36xxx/CVE-2023-36012.json @@ -154,6 +154,18 @@ ] } }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.26864" + } + ] + } + }, { "product_name": "Windows Server 2012", "version": { diff --git a/2023/36xxx/CVE-2023-36878.json b/2023/36xxx/CVE-2023-36878.json index 812d77aa7c1..7ae735ed9e6 100644 --- a/2023/36xxx/CVE-2023-36878.json +++ b/2023/36xxx/CVE-2023-36878.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36878", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge (Chromium-based)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "120.0.2210.77" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36878" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2023/40xxx/CVE-2023-40954.json b/2023/40xxx/CVE-2023-40954.json index c4848f92da2..10213477fe4 100644 --- a/2023/40xxx/CVE-2023-40954.json +++ b/2023/40xxx/CVE-2023-40954.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-40954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-40954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/web_progress", + "refsource": "MISC", + "name": "https://github.com/luvsn/OdZoo/tree/main/exploits/web_progress" + }, + { + "url": "https://github.com/gmarczynski/odoo-web-progress/commit/3c867f1cf7447449c81b1aa24ebb1f7ae757489f", + "refsource": "MISC", + "name": "https://github.com/gmarczynski/odoo-web-progress/commit/3c867f1cf7447449c81b1aa24ebb1f7ae757489f" } ] } diff --git a/2023/42xxx/CVE-2023-42183.json b/2023/42xxx/CVE-2023-42183.json index 3b1419351cf..e8049e1d8d1 100644 --- a/2023/42xxx/CVE-2023-42183.json +++ b/2023/42xxx/CVE-2023-42183.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-42183", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-42183", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/lockss/lockss-daemon/security/advisories/GHSA-mgqj-hphf-9588", + "refsource": "MISC", + "name": "https://github.com/lockss/lockss-daemon/security/advisories/GHSA-mgqj-hphf-9588" } ] } diff --git a/2023/48xxx/CVE-2023-48050.json b/2023/48xxx/CVE-2023-48050.json index 01b3ee3f5b1..a7c72befe19 100644 --- a/2023/48xxx/CVE-2023-48050.json +++ b/2023/48xxx/CVE-2023-48050.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48050", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48050", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance", + "refsource": "MISC", + "name": "https://github.com/luvsn/OdZoo/tree/main/exploits/odoo-biometric-attendance" } ] } diff --git a/2023/6xxx/CVE-2023-6831.json b/2023/6xxx/CVE-2023-6831.json new file mode 100644 index 00000000000..386b8247fc2 --- /dev/null +++ b/2023/6xxx/CVE-2023-6831.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-6831", + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-29 Path Traversal: '\\..\\filename'", + "cweId": "CWE-29" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mlflow", + "product": { + "product_data": [ + { + "product_name": "mlflow/mlflow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314", + "refsource": "MISC", + "name": "https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314" + }, + { + "url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1", + "refsource": "MISC", + "name": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1" + } + ] + }, + "source": { + "advisory": "0acdd745-0167-4912-9d5c-02035fe5b314", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6832.json b/2023/6xxx/CVE-2023-6832.json new file mode 100644 index 00000000000..d7aa70afa23 --- /dev/null +++ b/2023/6xxx/CVE-2023-6832.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-6832", + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Business Logic Errors in GitHub repository microweber/microweber prior to 2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-840 Business Logic Errors", + "cweId": "CWE-840" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "microweber", + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376", + "refsource": "MISC", + "name": "https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376" + }, + { + "url": "https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee", + "refsource": "MISC", + "name": "https://github.com/microweber/microweber/commit/890e9838aabbc799ebefcf6b20ba25e0fd6dbfee" + } + ] + }, + "source": { + "advisory": "53105a20-f4b1-45ad-a734-0349de6d7376", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", + "baseScore": 6, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file