From cc9ff73d82cb6256e3897999871cfc102bd9fb99 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Jan 2023 19:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3145.json | 50 ++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3628.json | 50 ++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3977.json | 50 ++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4743.json | 65 ++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4842.json | 50 ++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0255.json | 18 ++++++++++ 2023/23xxx/CVE-2023-23456.json | 60 +++++++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23457.json | 60 +++++++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23488.json | 18 ++++++++++ 2023/23xxx/CVE-2023-23489.json | 18 ++++++++++ 2023/23xxx/CVE-2023-23490.json | 18 ++++++++++ 2023/23xxx/CVE-2023-23491.json | 18 ++++++++++ 2023/23xxx/CVE-2023-23492.json | 18 ++++++++++ 13 files changed, 472 insertions(+), 21 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0255.json create mode 100644 2023/23xxx/CVE-2023-23488.json create mode 100644 2023/23xxx/CVE-2023-23489.json create mode 100644 2023/23xxx/CVE-2023-23490.json create mode 100644 2023/23xxx/CVE-2023-23491.json create mode 100644 2023/23xxx/CVE-2023-23492.json diff --git a/2022/3xxx/CVE-2022-3145.json b/2022/3xxx/CVE-2022-3145.json index 97506b86973..5601f883b92 100644 --- a/2022/3xxx/CVE-2022-3145.json +++ b/2022/3xxx/CVE-2022-3145.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3145", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@okta.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Okta", + "product": { + "product_data": [ + { + "product_name": "Okta OIDC Middleware", + "version": { + "version_data": [ + { + "version_value": "prior to 5.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/okta/okta-oidc-middleware/security/advisories/GHSA-58h4-9m7m-j9m4", + "refsource": "MISC", + "name": "https://github.com/okta/okta-oidc-middleware/security/advisories/GHSA-58h4-9m7m-j9m4" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL." } ] } diff --git a/2022/3xxx/CVE-2022-3628.json b/2022/3xxx/CVE-2022-3628.json index 3b4c8eb0e79..00c13689102 100644 --- a/2022/3xxx/CVE-2022-3628.json +++ b/2022/3xxx/CVE-2022-3628.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 6.1-rc5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges." } ] } diff --git a/2022/3xxx/CVE-2022-3977.json b/2022/3xxx/CVE-2022-3977.json index 43fdef8b7e9..ff0e3a3d4ce 100644 --- a/2022/3xxx/CVE-2022-3977.json +++ b/2022/3xxx/CVE-2022-3977.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 6.1-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a732b46736cd8a29092e4b0b1a9ba83e672bf89", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a732b46736cd8a29092e4b0b1a9ba83e672bf89" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system." } ] } diff --git a/2022/4xxx/CVE-2022-4743.json b/2022/4xxx/CVE-2022-4743.json index 536dc5b45a3..95d73734491 100644 --- a/2022/4xxx/CVE-2022-4743.json +++ b/2022/4xxx/CVE-2022-4743.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SDL2", + "version": { + "version_data": [ + { + "version_value": "Affects SDL2 v2.0.4 and above, Fixed-in sdl-2.26.0, sdl-prerelease-2.25.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2156290", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156290" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-4743", + "url": "https://access.redhat.com/security/cve/CVE-2022-4743" + }, + { + "refsource": "MISC", + "name": "https://github.com/libsdl-org/SDL/pull/6269", + "url": "https://github.com/libsdl-org/SDL/pull/6269" + }, + { + "refsource": "MISC", + "name": "https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b", + "url": "https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected." } ] } diff --git a/2022/4xxx/CVE-2022-4842.json b/2022/4xxx/CVE-2022-4842.json index fea327594aa..503d67e971e 100644 --- a/2022/4xxx/CVE-2022-4842.json +++ b/2022/4xxx/CVE-2022-4842.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 6.2-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/ntfs3/784f82c4-de71-b8c3-afd6-468869a369af@paragon-software.com/T/#t", + "url": "https://lore.kernel.org/ntfs3/784f82c4-de71-b8c3-afd6-468869a369af@paragon-software.com/T/#t" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system." } ] } diff --git a/2023/0xxx/CVE-2023-0255.json b/2023/0xxx/CVE-2023-0255.json new file mode 100644 index 00000000000..fecf4e9399a --- /dev/null +++ b/2023/0xxx/CVE-2023-0255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23456.json b/2023/23xxx/CVE-2023-23456.json index 5893b6b5989..0f97e5eadc0 100644 --- a/2023/23xxx/CVE-2023-23456.json +++ b/2023/23xxx/CVE-2023-23456.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "UPX", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/issues/632", + "url": "https://github.com/upx/upx/issues/632" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2160381", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160381" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4", + "url": "https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file." } ] } diff --git a/2023/23xxx/CVE-2023-23457.json b/2023/23xxx/CVE-2023-23457.json index c607c02cfc7..4bf92162d36 100644 --- a/2023/23xxx/CVE-2023-23457.json +++ b/2023/23xxx/CVE-2023-23457.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "UPX", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/issues/631", + "url": "https://github.com/upx/upx/issues/631" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2160382", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160382" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860", + "url": "https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service." } ] } diff --git a/2023/23xxx/CVE-2023-23488.json b/2023/23xxx/CVE-2023-23488.json new file mode 100644 index 00000000000..575ad13c87e --- /dev/null +++ b/2023/23xxx/CVE-2023-23488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23489.json b/2023/23xxx/CVE-2023-23489.json new file mode 100644 index 00000000000..d8eebdf0873 --- /dev/null +++ b/2023/23xxx/CVE-2023-23489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23490.json b/2023/23xxx/CVE-2023-23490.json new file mode 100644 index 00000000000..893bc34a027 --- /dev/null +++ b/2023/23xxx/CVE-2023-23490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23491.json b/2023/23xxx/CVE-2023-23491.json new file mode 100644 index 00000000000..cc1f76db799 --- /dev/null +++ b/2023/23xxx/CVE-2023-23491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23492.json b/2023/23xxx/CVE-2023-23492.json new file mode 100644 index 00000000000..b04d8038250 --- /dev/null +++ b/2023/23xxx/CVE-2023-23492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file