diff --git a/2023/40xxx/CVE-2023-40850.json b/2023/40xxx/CVE-2023-40850.json index 0c8c27b7576..d3a414af840 100644 --- a/2023/40xxx/CVE-2023-40850.json +++ b/2023/40xxx/CVE-2023-40850.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-40850", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-40850", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-bak-leakage.md", + "refsource": "MISC", + "name": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-bak-leakage.md" } ] } diff --git a/2023/41xxx/CVE-2023-41892.json b/2023/41xxx/CVE-2023-41892.json index 9e47d46d276..49b6babe523 100644 --- a/2023/41xxx/CVE-2023-41892.json +++ b/2023/41xxx/CVE-2023-41892.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41892", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "craftcms", + "product": { + "product_data": [ + { + "product_name": "cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.0.0-RC1, <= 4.4.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g" + }, + { + "url": "https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857" + }, + { + "url": "https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e" + }, + { + "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1" + }, + { + "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476" + }, + { + "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical" + } + ] + }, + "source": { + "advisory": "GHSA-4w8r-3xrw-v25g", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42468.json b/2023/42xxx/CVE-2023-42468.json index 75855dece34..19ed3ab4863 100644 --- a/2023/42xxx/CVE-2023-42468.json +++ b/2023/42xxx/CVE-2023-42468.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-42468", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-42468", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/CWE-284.md", + "refsource": "MISC", + "name": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/CWE-284.md" + }, + { + "url": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/dialerPOC.apk", + "refsource": "MISC", + "name": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/dialerPOC.apk" + }, + { + "url": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/dial.gif", + "refsource": "MISC", + "name": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/dial.gif" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/CVE-2023-42468", + "url": "https://github.com/actuator/cve/blob/main/CVE-2023-42468" } ] } diff --git a/2023/4xxx/CVE-2023-4951.json b/2023/4xxx/CVE-2023-4951.json new file mode 100644 index 00000000000..ea04c4d0fda --- /dev/null +++ b/2023/4xxx/CVE-2023-4951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file