From d3ed36854bed18b641092432ed0222116cc4550e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 19 Sep 2023 10:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0773.json | 150 ++++++++++++++++++++++++++++++++- 2023/32xxx/CVE-2023-32184.json | 85 ++++++++++++++++++- 2023/32xxx/CVE-2023-32186.json | 104 ++++++++++++++++++++++- 2023/43xxx/CVE-2023-43494.json | 18 ++++ 2023/43xxx/CVE-2023-43495.json | 18 ++++ 2023/43xxx/CVE-2023-43496.json | 18 ++++ 2023/43xxx/CVE-2023-43497.json | 18 ++++ 2023/43xxx/CVE-2023-43498.json | 18 ++++ 2023/43xxx/CVE-2023-43499.json | 18 ++++ 2023/43xxx/CVE-2023-43500.json | 18 ++++ 2023/43xxx/CVE-2023-43501.json | 18 ++++ 2023/43xxx/CVE-2023-43502.json | 18 ++++ 2023/4xxx/CVE-2023-4004.json | 49 ++++++----- 13 files changed, 519 insertions(+), 31 deletions(-) create mode 100644 2023/43xxx/CVE-2023-43494.json create mode 100644 2023/43xxx/CVE-2023-43495.json create mode 100644 2023/43xxx/CVE-2023-43496.json create mode 100644 2023/43xxx/CVE-2023-43497.json create mode 100644 2023/43xxx/CVE-2023-43498.json create mode 100644 2023/43xxx/CVE-2023-43499.json create mode 100644 2023/43xxx/CVE-2023-43500.json create mode 100644 2023/43xxx/CVE-2023-43501.json create mode 100644 2023/43xxx/CVE-2023-43502.json diff --git a/2023/0xxx/CVE-2023-0773.json b/2023/0xxx/CVE-2023-0773.json index b00b058cb87..b4be1c16817 100644 --- a/2023/0xxx/CVE-2023-0773.json +++ b/2023/0xxx/CVE-2023-0773.json @@ -1,17 +1,159 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vdisclose@cert-in.org.in", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Uniview", + "product": { + "product_data": [ + { + "product_name": "Uniview IP Camera IPC322LB-SF28-A", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "CIPC-B2303.X.X.XXXXXX", + "version_value": "CIPC-B2303.2.8.230105" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1213.X.X.XXXXXX", + "version_value": "DIPC-B1213.6.5.230215" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1216.X.X.XXXXXX", + "version_value": "DIPC-B1216.5.7.230109" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1221.X.X.XXXXXX", + "version_value": "DIPC-B1221.3.5.221202" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1222.X.X.XXXXXX", + "version_value": "DIPC-B1222.3.8.230223" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1225.X.X.XXXXXX", + "version_value": "DIPC-B1225.3.3.221123" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1226.X.X.XXXXXX", + "version_value": "DIPC-B1226.3.6.230105" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1219.X.X.XXXXXX", + "version_value": "DIPC-B1219.2.67.221019" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1223.X.X.XXXXXX", + "version_value": "DIPC-B1223.3.3.221123" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1228.X.X.XXXXXX", + "version_value": "DIPC-B1228.2.65.230207" + }, + { + "version_affected": "<=", + "version_name": "DIPC-B1229.X.X.XXXXXX", + "version_value": "DIPC-B1229.1.67.230104" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270", + "refsource": "MISC", + "name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270" + }, + { + "url": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm", + "refsource": "MISC", + "name": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm" + } + ], + "value": " https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm " + } + ], + "credits": [ + { + "lang": "en", + "value": "This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering & Research Team, Karnataka, India." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32184.json b/2023/32xxx/CVE-2023-32184.json index 1044de0cafe..096fa025e9f 100644 --- a/2023/32xxx/CVE-2023-32184.json +++ b/2023/32xxx/CVE-2023-32184.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen\nThis issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922: Insecure Storage of Sensitive Information", + "cweId": "CWE-922" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openSUSE", + "product": { + "product_data": [ + { + "product_name": "opensuse-welcome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.1", + "version_value": "0.1.9+git.35.4b9444a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Matthias Gerstner of SUSE" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32186.json b/2023/32xxx/CVE-2023-32186.json index c0406caf22f..e9a4e1bc5e2 100644 --- a/2023/32xxx/CVE-2023-32186.json +++ b/2023/32xxx/CVE-2023-32186.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32186", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.\nThis issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SUSE", + "product": { + "product_data": [ + { + "product_name": "RKE2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.24.0", + "version_value": "1.24.17+rke2r1" + }, + { + "version_affected": "<", + "version_name": "v1.25.0", + "version_value": "v1.25.13+rke2r1" + }, + { + "version_affected": "<", + "version_name": "v1.26.0", + "version_value": "v1.26.8+rke2r1" + }, + { + "version_affected": "<", + "version_name": "v1.27.0", + "version_value": "v1.27.5+rke2r1" + }, + { + "version_affected": "<", + "version_name": "v1.28.0", + "version_value": "v1.28.1+rke2r1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rancher/rke2/security/advisories/GHSA-p45j-vfv5-wprq", + "refsource": "MISC", + "name": "https://github.com/rancher/rke2/security/advisories/GHSA-p45j-vfv5-wprq" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32186", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32186" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43494.json b/2023/43xxx/CVE-2023-43494.json new file mode 100644 index 00000000000..10f154dff27 --- /dev/null +++ b/2023/43xxx/CVE-2023-43494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43495.json b/2023/43xxx/CVE-2023-43495.json new file mode 100644 index 00000000000..e6dc4f85814 --- /dev/null +++ b/2023/43xxx/CVE-2023-43495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43496.json b/2023/43xxx/CVE-2023-43496.json new file mode 100644 index 00000000000..b12502e2856 --- /dev/null +++ b/2023/43xxx/CVE-2023-43496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43497.json b/2023/43xxx/CVE-2023-43497.json new file mode 100644 index 00000000000..41fd24c3ba8 --- /dev/null +++ b/2023/43xxx/CVE-2023-43497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43498.json b/2023/43xxx/CVE-2023-43498.json new file mode 100644 index 00000000000..1a91a7519ed --- /dev/null +++ b/2023/43xxx/CVE-2023-43498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43499.json b/2023/43xxx/CVE-2023-43499.json new file mode 100644 index 00000000000..55fe3ecbec6 --- /dev/null +++ b/2023/43xxx/CVE-2023-43499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43500.json b/2023/43xxx/CVE-2023-43500.json new file mode 100644 index 00000000000..49db8472032 --- /dev/null +++ b/2023/43xxx/CVE-2023-43500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43501.json b/2023/43xxx/CVE-2023-43501.json new file mode 100644 index 00000000000..c1822c821e9 --- /dev/null +++ b/2023/43xxx/CVE-2023-43501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/43xxx/CVE-2023-43502.json b/2023/43xxx/CVE-2023-43502.json new file mode 100644 index 00000000000..f22710a72f9 --- /dev/null +++ b/2023/43xxx/CVE-2023-43502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4004.json b/2023/4xxx/CVE-2023-4004.json index 5ebf7da2540..c08c0db5106 100644 --- a/2023/4xxx/CVE-2023-4004.json +++ b/2023/4xxx/CVE-2023-4004.json @@ -66,6 +66,31 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "version": { @@ -249,25 +274,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -327,6 +333,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2023:5093" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5221", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:5221" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4004", "refsource": "MISC",