diff --git a/2023/31xxx/CVE-2023-31248.json b/2023/31xxx/CVE-2023-31248.json index 5514646049a..eed5ccf9e5e 100644 --- a/2023/31xxx/CVE-2023-31248.json +++ b/2023/31xxx/CVE-2023-31248.json @@ -73,6 +73,16 @@ "url": "https://www.debian.org/security/2023/dsa-5453", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5453" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" } ] }, diff --git a/2023/32xxx/CVE-2023-32732.json b/2023/32xxx/CVE-2023-32732.json index abda6845eac..9ecae92b87a 100644 --- a/2023/32xxx/CVE-2023-32732.json +++ b/2023/32xxx/CVE-2023-32732.json @@ -59,6 +59,16 @@ "url": "https://github.com/grpc/grpc/pull/32309", "refsource": "MISC", "name": "https://github.com/grpc/grpc/pull/32309" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/" } ] }, diff --git a/2023/35xxx/CVE-2023-35001.json b/2023/35xxx/CVE-2023-35001.json index 635e7f2eb4d..66535c141dd 100644 --- a/2023/35xxx/CVE-2023-35001.json +++ b/2023/35xxx/CVE-2023-35001.json @@ -73,6 +73,16 @@ "url": "https://www.debian.org/security/2023/dsa-5453", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5453" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" } ] }, diff --git a/2023/36xxx/CVE-2023-36664.json b/2023/36xxx/CVE-2023-36664.json index bb965f9a0f9..594eff20f71 100644 --- a/2023/36xxx/CVE-2023-36664.json +++ b/2023/36xxx/CVE-2023-36664.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-d8a1c3e5e2", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EWMEK2UPCUU3ZLL7VASE5CEHDQY4VKV/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2023-83c805b441", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICXN5VPF3WJCYKMPSYER5KHTPJXSTJZ/" } ] } diff --git a/2023/38xxx/CVE-2023-38408.json b/2023/38xxx/CVE-2023-38408.json index e4740121907..8ceceeff849 100644 --- a/2023/38xxx/CVE-2023-38408.json +++ b/2023/38xxx/CVE-2023-38408.json @@ -111,6 +111,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2023-878e04f4ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/" } ] } diff --git a/2023/38xxx/CVE-2023-38658.json b/2023/38xxx/CVE-2023-38658.json new file mode 100644 index 00000000000..2e09515a294 --- /dev/null +++ b/2023/38xxx/CVE-2023-38658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38659.json b/2023/38xxx/CVE-2023-38659.json new file mode 100644 index 00000000000..9bd852b2e77 --- /dev/null +++ b/2023/38xxx/CVE-2023-38659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38660.json b/2023/38xxx/CVE-2023-38660.json new file mode 100644 index 00000000000..e95b2b97713 --- /dev/null +++ b/2023/38xxx/CVE-2023-38660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38661.json b/2023/38xxx/CVE-2023-38661.json new file mode 100644 index 00000000000..d3de4c9ded0 --- /dev/null +++ b/2023/38xxx/CVE-2023-38661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38662.json b/2023/38xxx/CVE-2023-38662.json new file mode 100644 index 00000000000..af734bb975d --- /dev/null +++ b/2023/38xxx/CVE-2023-38662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38663.json b/2023/38xxx/CVE-2023-38663.json new file mode 100644 index 00000000000..47088c6d615 --- /dev/null +++ b/2023/38xxx/CVE-2023-38663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38664.json b/2023/38xxx/CVE-2023-38664.json new file mode 100644 index 00000000000..db30428e8b2 --- /dev/null +++ b/2023/38xxx/CVE-2023-38664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38665.json b/2023/38xxx/CVE-2023-38665.json new file mode 100644 index 00000000000..96bb6933089 --- /dev/null +++ b/2023/38xxx/CVE-2023-38665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3840.json b/2023/3xxx/CVE-2023-3840.json index da52979f4b4..4218cddd04b 100644 --- a/2023/3xxx/CVE-2023-3840.json +++ b/2023/3xxx/CVE-2023-3840.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in NxFilter 4.3.2.5. This affects an unknown part of the file /report,daily.jsp?stime=2023%2F07%2F12&timeOption=yesterday&. The manipulation of the argument user leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in NxFilter 4.3.2.5 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /report,daily.jsp?stime=2023%2F07%2F12&timeOption=yesterday&. Dank der Manipulation des Arguments user mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NxFilter", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.235191", + "refsource": "MISC", + "name": "https://vuldb.com/?id.235191" + }, + { + "url": "https://vuldb.com/?ctiid.235191", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.235191" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0xgordo (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3841.json b/2023/3xxx/CVE-2023-3841.json index 774b44d5805..c69e8e46772 100644 --- a/2023/3xxx/CVE-2023-3841.json +++ b/2023/3xxx/CVE-2023-3841.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3841", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In NxFilter 4.3.2.5 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei user.jsp. Dank Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NxFilter", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.235192", + "refsource": "MISC", + "name": "https://vuldb.com/?id.235192" + }, + { + "url": "https://vuldb.com/?ctiid.235192", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.235192" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0xgordo (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] }