diff --git a/2021/3xxx/CVE-2021-3236.json b/2021/3xxx/CVE-2021-3236.json
index 3f5b7e765df..be41edaa641 100644
--- a/2021/3xxx/CVE-2021-3236.json
+++ b/2021/3xxx/CVE-2021-3236.json
@@ -56,6 +56,11 @@
"url": "https://github.com/vim/vim/issues/7674",
"refsource": "MISC",
"name": "https://github.com/vim/vim/issues/7674"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0001/",
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0001/"
}
]
}
diff --git a/2022/3xxx/CVE-2022-3466.json b/2022/3xxx/CVE-2022-3466.json
index 5a74cd9f143..464504d899a 100644
--- a/2022/3xxx/CVE-2022-3466.json
+++ b/2022/3xxx/CVE-2022-3466.json
@@ -1,17 +1,134 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3466",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secalert@redhat.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Incorrect Default Permissions",
+ "cweId": "CWE-276"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "cri-o",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat OpenShift Container Platform 4.12",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:1.25.1-5.rhaos4.12.git6005903.el8",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat OpenShift Container Platform 3.11",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:7398",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2022:7398"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-3466",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2022-3466"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134063",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2134063"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/41xxx/CVE-2022-41804.json b/2022/41xxx/CVE-2022-41804.json
index 6c005b7faae..2ade1f2e3f7 100644
--- a/2022/41xxx/CVE-2022-41804.json
+++ b/2022/41xxx/CVE-2022-41804.json
@@ -82,6 +82,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0003/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0003/"
}
]
},
diff --git a/2022/48xxx/CVE-2022-48522.json b/2022/48xxx/CVE-2022-48522.json
index 10be9ed7115..bd8c135b9b4 100644
--- a/2022/48xxx/CVE-2022-48522.json
+++ b/2022/48xxx/CVE-2022-48522.json
@@ -56,6 +56,11 @@
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345",
"refsource": "MISC",
"name": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0008/",
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
}
]
}
diff --git a/2023/22xxx/CVE-2023-22276.json b/2023/22xxx/CVE-2023-22276.json
index 03281fece4d..cba77d6a96c 100644
--- a/2023/22xxx/CVE-2023-22276.json
+++ b/2023/22xxx/CVE-2023-22276.json
@@ -62,6 +62,11 @@
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html",
"refsource": "MISC",
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0007/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0007/"
}
]
},
diff --git a/2023/25xxx/CVE-2023-25775.json b/2023/25xxx/CVE-2023-25775.json
index cc510f2687f..6e3516a8014 100644
--- a/2023/25xxx/CVE-2023-25775.json
+++ b/2023/25xxx/CVE-2023-25775.json
@@ -62,6 +62,11 @@
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html",
"refsource": "MISC",
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0013/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0013/"
}
]
},
diff --git a/2023/32xxx/CVE-2023-32002.json b/2023/32xxx/CVE-2023-32002.json
index 8b12c4b34c6..3a0761f1f05 100644
--- a/2023/32xxx/CVE-2023-32002.json
+++ b/2023/32xxx/CVE-2023-32002.json
@@ -68,6 +68,11 @@
"url": "https://hackerone.com/reports/1960870",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1960870"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0009/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
]
}
diff --git a/2023/32xxx/CVE-2023-32003.json b/2023/32xxx/CVE-2023-32003.json
index 0e5cb7a3ef2..9d8336d1d33 100644
--- a/2023/32xxx/CVE-2023-32003.json
+++ b/2023/32xxx/CVE-2023-32003.json
@@ -68,6 +68,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0009/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
]
}
diff --git a/2023/32xxx/CVE-2023-32004.json b/2023/32xxx/CVE-2023-32004.json
index 893eaf9de45..da83051a529 100644
--- a/2023/32xxx/CVE-2023-32004.json
+++ b/2023/32xxx/CVE-2023-32004.json
@@ -68,6 +68,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0009/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
]
}
diff --git a/2023/32xxx/CVE-2023-32006.json b/2023/32xxx/CVE-2023-32006.json
index 610dc42c9e4..183efcd5cdd 100644
--- a/2023/32xxx/CVE-2023-32006.json
+++ b/2023/32xxx/CVE-2023-32006.json
@@ -78,6 +78,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0009/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0009/"
}
]
}
diff --git a/2023/32xxx/CVE-2023-32247.json b/2023/32xxx/CVE-2023-32247.json
index 03710371469..ffcae1e0d3e 100644
--- a/2023/32xxx/CVE-2023-32247.json
+++ b/2023/32xxx/CVE-2023-32247.json
@@ -172,6 +172,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0011/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0011/"
}
]
},
diff --git a/2023/32xxx/CVE-2023-32248.json b/2023/32xxx/CVE-2023-32248.json
index 1d961001dc1..2fdd7ef8566 100644
--- a/2023/32xxx/CVE-2023-32248.json
+++ b/2023/32xxx/CVE-2023-32248.json
@@ -172,6 +172,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0006/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0006/"
}
]
},
diff --git a/2023/32xxx/CVE-2023-32257.json b/2023/32xxx/CVE-2023-32257.json
index 9f2b7b842d6..0c367f5114e 100644
--- a/2023/32xxx/CVE-2023-32257.json
+++ b/2023/32xxx/CVE-2023-32257.json
@@ -172,6 +172,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0011/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0011/"
}
]
},
diff --git a/2023/32xxx/CVE-2023-32258.json b/2023/32xxx/CVE-2023-32258.json
index e85ddfd9471..d793dae52a4 100644
--- a/2023/32xxx/CVE-2023-32258.json
+++ b/2023/32xxx/CVE-2023-32258.json
@@ -172,6 +172,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0011/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0011/"
}
]
},
diff --git a/2023/34xxx/CVE-2023-34478.json b/2023/34xxx/CVE-2023-34478.json
index a4603b28665..6d8b37c5ef2 100644
--- a/2023/34xxx/CVE-2023-34478.json
+++ b/2023/34xxx/CVE-2023-34478.json
@@ -64,6 +64,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/24/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/24/4"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0005/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0005/"
}
]
},
diff --git a/2023/38xxx/CVE-2023-38426.json b/2023/38xxx/CVE-2023-38426.json
index 31867a35180..59389d1e207 100644
--- a/2023/38xxx/CVE-2023-38426.json
+++ b/2023/38xxx/CVE-2023-38426.json
@@ -61,6 +61,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=02f76c401d17e409ed45bf7887148fcc22c93c85",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=02f76c401d17e409ed45bf7887148fcc22c93c85"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0010/",
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0010/"
}
]
}
diff --git a/2023/39xxx/CVE-2023-39417.json b/2023/39xxx/CVE-2023-39417.json
index 87ffd188a6a..64706134daa 100644
--- a/2023/39xxx/CVE-2023-39417.json
+++ b/2023/39xxx/CVE-2023-39417.json
@@ -199,6 +199,11 @@
"url": "https://www.postgresql.org/support/security/CVE-2023-39417",
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-39417"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0002/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0002/"
}
]
},
diff --git a/2023/39xxx/CVE-2023-39418.json b/2023/39xxx/CVE-2023-39418.json
index 949e1b55125..7feab549d9d 100644
--- a/2023/39xxx/CVE-2023-39418.json
+++ b/2023/39xxx/CVE-2023-39418.json
@@ -187,6 +187,11 @@
"url": "https://www.postgresql.org/support/security/CVE-2023-39418/",
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-39418/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0002/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0002/"
}
]
},
diff --git a/2023/39xxx/CVE-2023-39975.json b/2023/39xxx/CVE-2023-39975.json
index 376c4c66bdc..06f8f7b0d5a 100644
--- a/2023/39xxx/CVE-2023-39975.json
+++ b/2023/39xxx/CVE-2023-39975.json
@@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840",
"url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0014/",
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0014/"
}
]
}
diff --git a/2023/40xxx/CVE-2023-40360.json b/2023/40xxx/CVE-2023-40360.json
index 4a640e4b145..984d4b4caad 100644
--- a/2023/40xxx/CVE-2023-40360.json
+++ b/2023/40xxx/CVE-2023-40360.json
@@ -66,6 +66,11 @@
"url": "https://www.qemu.org/docs/master/system/security.html",
"refsource": "MISC",
"name": "https://www.qemu.org/docs/master/system/security.html"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0004/",
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0004/"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42270.json b/2023/42xxx/CVE-2023-42270.json
index 6f880ca0b46..b7f7b72c6b4 100644
--- a/2023/42xxx/CVE-2023-42270.json
+++ b/2023/42xxx/CVE-2023-42270.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-42270",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-42270",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://xploit.sh/posts/cve-2023-xxxxx/",
+ "refsource": "MISC",
+ "name": "http://xploit.sh/posts/cve-2023-xxxxx/"
}
]
}
diff --git a/2023/43xxx/CVE-2023-43097.json b/2023/43xxx/CVE-2023-43097.json
new file mode 100644
index 00000000000..14b0101fa1c
--- /dev/null
+++ b/2023/43xxx/CVE-2023-43097.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-43097",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/43xxx/CVE-2023-43098.json b/2023/43xxx/CVE-2023-43098.json
new file mode 100644
index 00000000000..40e588663e1
--- /dev/null
+++ b/2023/43xxx/CVE-2023-43098.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-43098",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/43xxx/CVE-2023-43099.json b/2023/43xxx/CVE-2023-43099.json
new file mode 100644
index 00000000000..e02814378b7
--- /dev/null
+++ b/2023/43xxx/CVE-2023-43099.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-43099",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/43xxx/CVE-2023-43100.json b/2023/43xxx/CVE-2023-43100.json
new file mode 100644
index 00000000000..7ac716e4742
--- /dev/null
+++ b/2023/43xxx/CVE-2023-43100.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-43100",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/43xxx/CVE-2023-43101.json b/2023/43xxx/CVE-2023-43101.json
new file mode 100644
index 00000000000..d53a7341a23
--- /dev/null
+++ b/2023/43xxx/CVE-2023-43101.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-43101",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4135.json b/2023/4xxx/CVE-2023-4135.json
index 87d82b601bc..55ac7b50559 100644
--- a/2023/4xxx/CVE-2023-4135.json
+++ b/2023/4xxx/CVE-2023-4135.json
@@ -186,6 +186,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230915-0012/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20230915-0012/"
}
]
},
diff --git a/2023/4xxx/CVE-2023-4983.json b/2023/4xxx/CVE-2023-4983.json
index 5fc4ae81e7e..f148730c5c9 100644
--- a/2023/4xxx/CVE-2023-4983.json
+++ b/2023/4xxx/CVE-2023-4983.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4983",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in app1pro Shopicial up to 20230830. It has been declared as problematic. This vulnerability affects unknown code of the file search. The manipulation of the argument from with the input comments'\">
leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "In app1pro Shopicial bis 20230830 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei search. Mittels dem Manipulieren des Arguments from mit der Eingabe comments'\"> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "app1pro",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Shopicial",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "20230830"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.239794",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.239794"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.239794",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.239794"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Stux (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 5,
+ "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4984.json b/2023/4xxx/CVE-2023-4984.json
index 63da20cb7d1..6223ae0aba0 100644
--- a/2023/4xxx/CVE-2023-4984.json
+++ b/2023/4xxx/CVE-2023-4984.json
@@ -1,17 +1,114 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4984",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine Schwachstelle wurde in didi KnowSearch 0.3.2/0.3.1.2 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /api/es/admin/v3/security/user/1. Mittels Manipulieren mit unbekannten Daten kann eine unprotected storage of credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-256 Unprotected Storage of Credentials",
+ "cweId": "CWE-256"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "didi",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "KnowSearch",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "0.3.1.2"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "0.3.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.239795",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.239795"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.239795",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.239795"
+ },
+ {
+ "url": "https://github.com/didi/KnowSearch/issues/86",
+ "refsource": "MISC",
+ "name": "https://github.com/didi/KnowSearch/issues/86"
+ },
+ {
+ "url": "https://github.com/didi/KnowSearch/files/12135597/ad1aa7b3-ecee-44b0-a22a-80917ca0fe71.pdf4398935202801712312.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/didi/KnowSearch/files/12135597/ad1aa7b3-ecee-44b0-a22a-80917ca0fe71.pdf4398935202801712312.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "gaogaostone (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
+ "baseSeverity": "MEDIUM"
}
]
}