admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-24 16:00:33 +00:00
parent 4fd9b47c05
commit d24b3e3b7f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
37 changed files with 3733 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/2xxx/CVE-2022-2127.json
View File

@ -177,15 +177,15 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222791"
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-2127.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2022-2127.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-2127.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2022-2127.html"
}
]
},

190
2023/1xxx/CVE-2023-1386.json
View File

@ -1,17 +1,199 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Preservation of Permissions",
"cweId": "CWE-281"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Extra Packages for Enterprise Linux",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1386",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-1386"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

66
2023/26xxx/CVE-2023-26078.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26078",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-26078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures",
"refsource": "MISC",
"name": "https://github.com/mandiant/Vulnerability-Disclosures"
},
{
"url": "https://www.atera.com",
"refsource": "MISC",
"name": "https://www.atera.com"
},
{
"refsource": "MISC",
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0009.md",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0009.md"
}
]
}

186
2023/2xxx/CVE-2023-2860.json
View File

@ -1,17 +1,195 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.0-rc5",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2860",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-2860"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218122",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218122"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

190
2023/2xxx/CVE-2023-2908.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2908",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,128 @@
"product": {
"product_data": [
{
"product_name": "libtiff",
"product_name": "Libtiff",
"version": {
"version_data": [
{
"version_value": "Fixed in Libtiff 4.5.1rc1"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.5.1rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
@ -30,47 +168,45 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2908",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830"
"name": "https://access.redhat.com/security/cve/CVE-2023-2908"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"
"name": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-2908",
"url": "https://access.redhat.com/security/cve/CVE-2023-2908"
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service."
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

186
2023/32xxx/CVE-2023-32247.json
View File

@ -1,17 +1,195 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Release of Memory after Effective Lifetime",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32247",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-32247"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219803",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2219803"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

186
2023/32xxx/CVE-2023-32248.json
View File

@ -1,17 +1,195 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32248",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-32248"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219818",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2219818"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

186
2023/32xxx/CVE-2023-32252.json
View File

@ -1,17 +1,195 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32252",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-32252"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219815",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2219815"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

186
2023/32xxx/CVE-2023-32257.json
View File

@ -1,17 +1,195 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32257",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-32257"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219806",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2219806"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

186
2023/32xxx/CVE-2023-32258.json
View File

@ -1,17 +1,195 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32258",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-32258"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219809",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2219809"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

192
2023/33xxx/CVE-2023-33951.json
View File

@ -1,17 +1,201 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-33951",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-33951"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
]
}

192
2023/33xxx/CVE-2023-33952.json
View File

@ -1,17 +1,201 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free",
"cweId": "CWE-415"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.4-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-33952",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-33952"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218212",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218212"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292"
}
]
},
"work_around": [
{
"lang": "en",
"value": "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

10
2023/34xxx/CVE-2023-34966.json
View File

@ -177,15 +177,15 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222793"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34966",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-34966"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34966",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-34966"
}
]
},

10
2023/34xxx/CVE-2023-34967.json
View File

@ -177,15 +177,15 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222794"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34967.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-34967.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34967.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-34967.html"
}
]
},

10
2023/34xxx/CVE-2023-34968.json
View File

@ -176,15 +176,15 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222795"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34968.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-34968.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-34968.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-34968.html"
}
]
},

2
2023/36xxx/CVE-2023-36266.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout."
"value": "** DISPUTED ** An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information)."
}
]
},

124
2023/38xxx/CVE-2023-38200.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keylime",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-38200",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-38200"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222692",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222692"
},
{
"url": "https://github.com/keylime/keylime/pull/1421",
"refsource": "MISC",
"name": "https://github.com/keylime/keylime/pull/1421"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

5
2023/38xxx/CVE-2023-38334.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20230721 [SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)",
"url": "http://seclists.org/fulldisclosure/2023/Jul/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html",
"url": "http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html"
}
]
}

5
2023/38xxx/CVE-2023-38335.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20230721 [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)",
"url": "http://seclists.org/fulldisclosure/2023/Jul/41"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html",
"url": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html"
}
]
}

190
2023/3xxx/CVE-2023-3019.json
View File

@ -1,17 +1,199 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Extra Packages for Enterprise Linux",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3019",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3019"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

182
2023/3xxx/CVE-2023-3338.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3338",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,116 @@
"product": {
"product_data": [
{
"product_name": "Kernel",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 6.5-rc1"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5-rc1",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
@ -30,32 +156,46 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-376"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3338",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2023/q2/276",
"url": "https://seclists.org/oss-sec/2023/q2/276"
"name": "https://access.redhat.com/security/cve/CVE-2023-3338"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218618",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218618"
},
{
"url": "https://seclists.org/oss-sec/2023/q2/276",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2023/q2/276"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Davide Ornaghi (Betrusted Srl) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system."
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

10
2023/3xxx/CVE-2023-3347.json
View File

@ -172,15 +172,15 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222792"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-3347.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-3347.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-3347.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2023-3347.html"
}
]
},

188
2023/3xxx/CVE-2023-3355.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3355",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,122 @@
"product": {
"product_data": [
{
"product_name": "Kernel",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 6.1-rc8"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1-rc8",
"status": "unaffected"
}
]
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
@ -30,32 +162,46 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3355",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be"
"name": "https://access.redhat.com/security/cve/CVE-2023-3355"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217820",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2217820"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jiasheng Jiang (Institute of Software Chinese Academy of Sciences) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system."
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

105
2023/3xxx/CVE-2023-3384.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is\r\nnot performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "quay-registry-container",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Quay 3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3384",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3384"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216924",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2216924"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Angel Olle Blazquez (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

192
2023/3xxx/CVE-2023-3567.json
View File

@ -1,17 +1,201 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.2-rc7",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3567",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3567"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221463",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2221463"
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg285184.html",
"refsource": "MISC",
"name": "https://www.spinics.net/lists/stable-commits/msg285184.html"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

176
2023/3xxx/CVE-2023-3640.json
View File

@ -1,17 +1,185 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Observable Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3640",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3640"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217523",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2217523"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

206
2023/3xxx/CVE-2023-3745.json
View File

@ -1,17 +1,215 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3745",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ImageMagick6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.9.11-0",
"status": "unaffected"
}
]
}
}
]
}
},
{
"product_name": "ImageMagick",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.0.10-0",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Extra Packages for Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Fedora 37",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Fedora 38",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3745",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3745"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223557",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2223557"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/commit/54cdc146bbe50018526770be201b56643ad58ba7",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/commit/54cdc146bbe50018526770be201b56643ad58ba7"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/commit/651672f19c75161a6159d9b6838fd3095b6c5304",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/commit/651672f19c75161a6159d9b6838fd3095b6c5304"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/issues/1857",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/1857"
},
{
"url": "https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73"
},
{
"url": "https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b",
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

137
2023/3xxx/CVE-2023-3748.json
View File

@ -1,17 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "frr",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "8.5",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3748",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3748"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223668",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2223668"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

171
2023/3xxx/CVE-2023-3750.json
View File

@ -1,17 +1,180 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Locking",
"cweId": "CWE-667"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3750",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3750"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222210"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

192
2023/3xxx/CVE-2023-3812.json
View File

@ -1,17 +1,201 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1-rc4",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3812",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-3812"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2023/3xxx/CVE-2023-3843.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.235194",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235194"
},
{
"url": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"
}
]
},

5
2023/3xxx/CVE-2023-3844.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.235195",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235195"
},
{
"url": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"
}
]
},

5
2023/3xxx/CVE-2023-3845.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.235196",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235196"
},
{
"url": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"
}
]
},

5
2023/3xxx/CVE-2023-3846.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.235197",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235197"
},
{
"url": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"
}
]
},

5
2023/3xxx/CVE-2023-3847.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.235198",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235198"
},
{
"url": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"
}
]
},

5
2023/3xxx/CVE-2023-3848.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.235199",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235199"
},
{
"url": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"
}
]
},

5
2023/3xxx/CVE-2023-3849.json
View File

@ -67,6 +67,11 @@
"url": "https://vuldb.com/?ctiid.235200",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.235200"
},
{
"url": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"
}
]
},