From d29cf9a7d4040725772d203ce078794d80148929 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 7 Oct 2023 00:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/36xxx/CVE-2023-36123.json | 61 ++++++++++++++++++++--- 2023/45xxx/CVE-2023-45322.json | 5 ++ 2023/5xxx/CVE-2023-5182.json | 88 ++++++++++++++++++++++++++++++++-- 3 files changed, 144 insertions(+), 10 deletions(-) diff --git a/2023/36xxx/CVE-2023-36123.json b/2023/36xxx/CVE-2023-36123.json index edbe1f98856..bb394151315 100644 --- a/2023/36xxx/CVE-2023-36123.json +++ b/2023/36xxx/CVE-2023-36123.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36123", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36123", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/9Bakabaka/d4559b081ce0577dbf415917afc0efb5", + "url": "https://gist.github.com/9Bakabaka/d4559b081ce0577dbf415917afc0efb5" + }, + { + "refsource": "MISC", + "name": "https://github.com/9Bakabaka/CVE-2023-36123", + "url": "https://github.com/9Bakabaka/CVE-2023-36123" } ] } diff --git a/2023/45xxx/CVE-2023-45322.json b/2023/45xxx/CVE-2023-45322.json index 44c47d33854..8f27b0ad424 100644 --- a/2023/45xxx/CVE-2023-45322.json +++ b/2023/45xxx/CVE-2023-45322.json @@ -61,6 +61,11 @@ "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20231006 CVE-2023-45322: Use-after-free in libxml2 through 2.11.5", + "url": "http://www.openwall.com/lists/oss-security/2023/10/06/5" } ] } diff --git a/2023/5xxx/CVE-2023-5182.json b/2023/5xxx/CVE-2023-5182.json index a080acd7245..3c22a930257 100644 --- a/2023/5xxx/CVE-2023-5182.json +++ b/2023/5xxx/CVE-2023-5182.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ubuntu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Canonical Ltd.", + "product": { + "product_data": [ + { + "product_name": "subiquity", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "23.09.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182" + }, + { + "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c", + "refsource": "MISC", + "name": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Patric \u00c5hlin" + }, + { + "lang": "en", + "value": "Johan Hortling" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" } ] }