From d88df824742a83a2be3ef9c3da5d1e9abaed7a0e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 27 Sep 2023 14:59:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/20xxx/CVE-2023-20588.json | 15 +++ 2023/28xxx/CVE-2023-28055.json | 90 ++++++++++++- 2023/30xxx/CVE-2023-30959.json | 71 +++++++++- 2023/30xxx/CVE-2023-30961.json | 87 +++++++++++- 2023/32xxx/CVE-2023-32541.json | 78 ++++++++++- 2023/34xxx/CVE-2023-34043.json | 77 ++++++++++- 2023/36xxx/CVE-2023-36844.json | 18 +-- 2023/36xxx/CVE-2023-36845.json | 43 ++++-- 2023/36xxx/CVE-2023-36846.json | 18 +-- 2023/36xxx/CVE-2023-36847.json | 18 +-- 2023/36xxx/CVE-2023-36851.json | 146 +++++++++++++++++++- 2023/39xxx/CVE-2023-39347.json | 89 +++++++++++- 2023/41xxx/CVE-2023-41904.json | 56 +++++++- 2023/42xxx/CVE-2023-42460.json | 81 ++++++++++- 2023/43xxx/CVE-2023-43216.json | 56 +++++++- 2023/43xxx/CVE-2023-43222.json | 56 +++++++- 2023/43xxx/CVE-2023-43646.json | 90 ++++++++++++- 2023/43xxx/CVE-2023-43775.json | 100 +++++++++++++- 2023/44xxx/CVE-2023-44162.json | 18 +++ 2023/44xxx/CVE-2023-44163.json | 18 +++ 2023/44xxx/CVE-2023-44164.json | 18 +++ 2023/44xxx/CVE-2023-44165.json | 18 +++ 2023/44xxx/CVE-2023-44166.json | 18 +++ 2023/44xxx/CVE-2023-44167.json | 18 +++ 2023/44xxx/CVE-2023-44168.json | 18 +++ 2023/44xxx/CVE-2023-44169.json | 62 +++++++++ 2023/44xxx/CVE-2023-44170.json | 62 +++++++++ 2023/44xxx/CVE-2023-44171.json | 62 +++++++++ 2023/44xxx/CVE-2023-44172.json | 62 +++++++++ 2023/44xxx/CVE-2023-44173.json | 18 +++ 2023/44xxx/CVE-2023-44174.json | 18 +++ 2023/44xxx/CVE-2023-44175.json | 18 +++ 2023/44xxx/CVE-2023-44176.json | 18 +++ 2023/44xxx/CVE-2023-44177.json | 18 +++ 2023/44xxx/CVE-2023-44178.json | 18 +++ 2023/44xxx/CVE-2023-44179.json | 18 +++ 2023/44xxx/CVE-2023-44180.json | 18 +++ 2023/44xxx/CVE-2023-44181.json | 18 +++ 2023/44xxx/CVE-2023-44182.json | 18 +++ 2023/44xxx/CVE-2023-44183.json | 18 +++ 2023/44xxx/CVE-2023-44184.json | 18 +++ 2023/44xxx/CVE-2023-44185.json | 18 +++ 2023/44xxx/CVE-2023-44186.json | 18 +++ 2023/44xxx/CVE-2023-44187.json | 18 +++ 2023/44xxx/CVE-2023-44188.json | 18 +++ 2023/44xxx/CVE-2023-44189.json | 18 +++ 2023/44xxx/CVE-2023-44190.json | 18 +++ 2023/44xxx/CVE-2023-44191.json | 18 +++ 2023/44xxx/CVE-2023-44192.json | 18 +++ 2023/44xxx/CVE-2023-44193.json | 18 +++ 2023/44xxx/CVE-2023-44194.json | 18 +++ 2023/44xxx/CVE-2023-44195.json | 18 +++ 2023/44xxx/CVE-2023-44196.json | 18 +++ 2023/44xxx/CVE-2023-44197.json | 18 +++ 2023/44xxx/CVE-2023-44198.json | 18 +++ 2023/44xxx/CVE-2023-44199.json | 18 +++ 2023/44xxx/CVE-2023-44200.json | 18 +++ 2023/44xxx/CVE-2023-44201.json | 18 +++ 2023/44xxx/CVE-2023-44202.json | 18 +++ 2023/44xxx/CVE-2023-44203.json | 18 +++ 2023/44xxx/CVE-2023-44204.json | 18 +++ 2023/44xxx/CVE-2023-44205.json | 18 +++ 2023/44xxx/CVE-2023-44206.json | 18 +++ 2023/44xxx/CVE-2023-44207.json | 18 +++ 2023/44xxx/CVE-2023-44208.json | 18 +++ 2023/4xxx/CVE-2023-4065.json | 144 +++++++++++++++++++- 2023/4xxx/CVE-2023-4260.json | 88 +++++++++++- 2023/4xxx/CVE-2023-4262.json | 79 ++++++++++- 2023/4xxx/CVE-2023-4264.json | 97 ++++++++++++- 2023/4xxx/CVE-2023-4863.json | 10 ++ 2023/4xxx/CVE-2023-4874.json | 5 + 2023/4xxx/CVE-2023-4875.json | 5 + 2023/5xxx/CVE-2023-5129.json | 10 ++ 2023/5xxx/CVE-2023-5157.json | 239 ++++++++++++++++++++++++++++++++- 2023/5xxx/CVE-2023-5202.json | 18 +++ 2023/5xxx/CVE-2023-5203.json | 18 +++ 2023/5xxx/CVE-2023-5204.json | 18 +++ 2023/5xxx/CVE-2023-5205.json | 18 +++ 2023/5xxx/CVE-2023-5206.json | 18 +++ 2023/5xxx/CVE-2023-5207.json | 18 +++ 2023/5xxx/CVE-2023-5208.json | 18 +++ 2023/5xxx/CVE-2023-5209.json | 18 +++ 2023/5xxx/CVE-2023-5210.json | 18 +++ 2023/5xxx/CVE-2023-5211.json | 18 +++ 84 files changed, 2949 insertions(+), 119 deletions(-) create mode 100644 2023/44xxx/CVE-2023-44162.json create mode 100644 2023/44xxx/CVE-2023-44163.json create mode 100644 2023/44xxx/CVE-2023-44164.json create mode 100644 2023/44xxx/CVE-2023-44165.json create mode 100644 2023/44xxx/CVE-2023-44166.json create mode 100644 2023/44xxx/CVE-2023-44167.json create mode 100644 2023/44xxx/CVE-2023-44168.json create mode 100644 2023/44xxx/CVE-2023-44169.json create mode 100644 2023/44xxx/CVE-2023-44170.json create mode 100644 2023/44xxx/CVE-2023-44171.json create mode 100644 2023/44xxx/CVE-2023-44172.json create mode 100644 2023/44xxx/CVE-2023-44173.json create mode 100644 2023/44xxx/CVE-2023-44174.json create mode 100644 2023/44xxx/CVE-2023-44175.json create mode 100644 2023/44xxx/CVE-2023-44176.json create mode 100644 2023/44xxx/CVE-2023-44177.json create mode 100644 2023/44xxx/CVE-2023-44178.json create mode 100644 2023/44xxx/CVE-2023-44179.json create mode 100644 2023/44xxx/CVE-2023-44180.json create mode 100644 2023/44xxx/CVE-2023-44181.json create mode 100644 2023/44xxx/CVE-2023-44182.json create mode 100644 2023/44xxx/CVE-2023-44183.json create mode 100644 2023/44xxx/CVE-2023-44184.json create mode 100644 2023/44xxx/CVE-2023-44185.json create mode 100644 2023/44xxx/CVE-2023-44186.json create mode 100644 2023/44xxx/CVE-2023-44187.json create mode 100644 2023/44xxx/CVE-2023-44188.json create mode 100644 2023/44xxx/CVE-2023-44189.json create mode 100644 2023/44xxx/CVE-2023-44190.json create mode 100644 2023/44xxx/CVE-2023-44191.json create mode 100644 2023/44xxx/CVE-2023-44192.json create mode 100644 2023/44xxx/CVE-2023-44193.json create mode 100644 2023/44xxx/CVE-2023-44194.json create mode 100644 2023/44xxx/CVE-2023-44195.json create mode 100644 2023/44xxx/CVE-2023-44196.json create mode 100644 2023/44xxx/CVE-2023-44197.json create mode 100644 2023/44xxx/CVE-2023-44198.json create mode 100644 2023/44xxx/CVE-2023-44199.json create mode 100644 2023/44xxx/CVE-2023-44200.json create mode 100644 2023/44xxx/CVE-2023-44201.json create mode 100644 2023/44xxx/CVE-2023-44202.json create mode 100644 2023/44xxx/CVE-2023-44203.json create mode 100644 2023/44xxx/CVE-2023-44204.json create mode 100644 2023/44xxx/CVE-2023-44205.json create mode 100644 2023/44xxx/CVE-2023-44206.json create mode 100644 2023/44xxx/CVE-2023-44207.json create mode 100644 2023/44xxx/CVE-2023-44208.json create mode 100644 2023/5xxx/CVE-2023-5202.json create mode 100644 2023/5xxx/CVE-2023-5203.json create mode 100644 2023/5xxx/CVE-2023-5204.json create mode 100644 2023/5xxx/CVE-2023-5205.json create mode 100644 2023/5xxx/CVE-2023-5206.json create mode 100644 2023/5xxx/CVE-2023-5207.json create mode 100644 2023/5xxx/CVE-2023-5208.json create mode 100644 2023/5xxx/CVE-2023-5209.json create mode 100644 2023/5xxx/CVE-2023-5210.json create mode 100644 2023/5xxx/CVE-2023-5211.json diff --git a/2023/20xxx/CVE-2023-20588.json b/2023/20xxx/CVE-2023-20588.json index 82a36f761d3..dc05f8862ee 100644 --- a/2023/20xxx/CVE-2023-20588.json +++ b/2023/20xxx/CVE-2023-20588.json @@ -181,6 +181,21 @@ "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/09/25/7" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/5" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/8" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/9" } ] }, diff --git a/2023/28xxx/CVE-2023-28055.json b/2023/28xxx/CVE-2023-28055.json index e53e6126361..8adca621802 100644 --- a/2023/28xxx/CVE-2023-28055.json +++ b/2023/28xxx/CVE-2023-28055.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "NetWorker", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Versions 19.9 through 19.9.0.1" + }, + { + "version_affected": "=", + "version_value": "Versions 19.8, through 19.8.0.2" + }, + { + "version_affected": "=", + "version_value": "Versions 19.7 through 19.7.0.4" + }, + { + "version_affected": "=", + "version_value": "Version 19.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000218003/dsa-2023-294-security-update-for-dell-networker-nw-client-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/30xxx/CVE-2023-30959.json b/2023/30xxx/CVE-2023-30959.json index 532fb6f9e5f..3649199fa2b 100644 --- a/2023/30xxx/CVE-2023-30959.json +++ b/2023/30xxx/CVE-2023-30959.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@palantir.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.", + "cweId": "CWE-84" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palantir", + "product": { + "product_data": [ + { + "product_name": "com.palantir.apollo:autopilot", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "3.308.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63", + "refsource": "MISC", + "name": "https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63" + } + ] + }, + "source": { + "discovery": "INTERNAL", + "defect": [ + "PLTRSEC-2023-33" + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "baseScore": 4.1 } ] } diff --git a/2023/30xxx/CVE-2023-30961.json b/2023/30xxx/CVE-2023-30961.json index 45ce28b7ccf..544cfa95cb9 100644 --- a/2023/30xxx/CVE-2023-30961.json +++ b/2023/30xxx/CVE-2023-30961.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@palantir.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.", + "cweId": "CWE-710" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palantir", + "product": { + "product_data": [ + { + "product_name": "com.palantir.acme:gotham-fe-bundle", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "100.30230706.22" + }, + { + "version_affected": "<", + "version_name": "100.30230702.0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "com.palantir.acme:titanium-browser-app-bundle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "100.30230706.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://palantir.safebase.us/?tcuUid=2755c49f-2c30-459e-8bdf-f95ef3692da4", + "refsource": "MISC", + "name": "https://palantir.safebase.us/?tcuUid=2755c49f-2c30-459e-8bdf-f95ef3692da4" + } + ] + }, + "source": { + "discovery": "INTERNAL", + "defect": [ + "PLTRSEC-2023-30" + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseSeverity": "MEDIUM", + "baseScore": 6.5 } ] } diff --git a/2023/32xxx/CVE-2023-32541.json b/2023/32xxx/CVE-2023-32541.json index 38a5aa9f6c8..eb7a528a094 100644 --- a/2023/32xxx/CVE-2023-32541.json +++ b/2023/32xxx/CVE-2023-32541.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hancom", + "product": { + "product_data": [ + { + "product_name": "Hancom Office 2020", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "HWord 11.0.0.7520" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1759" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Marcin 'Icewall' Noga of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/34xxx/CVE-2023-34043.json b/2023/34xxx/CVE-2023-34043.json index 8efbdafed83..27db45fc8bb 100644 --- a/2023/34xxx/CVE-2023-34043.json +++ b/2023/34xxx/CVE-2023-34043.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with administrative access to the local system can escalate privileges to 'root'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " Local Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Aria Operations", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "VMware Aria Operations 8.12.x, 8.10.x, 8.6.x, VCF 5.x, 4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0020.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0020.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36844.json b/2023/36xxx/CVE-2023-36844.json index 0341fc0912d..fc7dbef7b62 100644 --- a/2023/36xxx/CVE-2023-36844.json +++ b/2023/36xxx/CVE-2023-36844.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables.\n\nUtilizing a crafted request an attacker is able to modify \n\ncertain PHP environments variables\u00a0leading to partial loss of integrity,\u00a0which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3.\n\n\n\n\n" + "value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\n\nUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables\u00a0leading to partial loss of integrity,\u00a0which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S1, 23.2R2.\n\n\n\n\n" } ] }, @@ -41,9 +41,14 @@ "version_data": [ { "version_affected": "<", - "version_name": "unspecified", + "version_name": "0", "version_value": "20.4R3-S9" }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1*" + }, { "version_affected": "<", "version_name": "21.2", @@ -99,11 +104,6 @@ "url": "https://supportportal.juniper.net/JSA72300", "refsource": "MISC", "name": "https://supportportal.juniper.net/JSA72300" - }, - { - "url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html" } ] }, @@ -162,10 +162,10 @@ { "base64": false, "type": "text/html", - "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*, 21.2R3-S6*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2*, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1*, 23.2R2*, 23.3R1*, and all subsequent releases.\n\n
" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*, 21.2R3-S7*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1, 23.2R2*, 23.4R1*, and all subsequent releases.
\n\n*Pending Publication\n\n\n\n
" } ], - "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*, 21.2R3-S6*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2*, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1*, 23.2R2*, 23.3R1*, and all subsequent releases.\n\n\n" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*, 21.2R3-S7*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1, 23.2R2*, 23.4R1*, and all subsequent releases.\n\n\n*Pending Publication\n\n\n\n\n" } ], "credits": [ diff --git a/2023/36xxx/CVE-2023-36845.json b/2023/36xxx/CVE-2023-36845.json index d7065577771..41e907e5657 100644 --- a/2023/36xxx/CVE-2023-36845.json +++ b/2023/36xxx/CVE-2023-36845.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series \n\nand SRX Series \n\nallows an unauthenticated, network-based attacker to control certain, important environments variables.\n\nUtilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1-S1, 23.2R2.\n\n\n\n\n" + "value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series \n\nand SRX Series \n\nallows an unauthenticated, network-based attacker to remotely execute code.\n\nUsing a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series\n\n\nand \n\n\nSRX Series:\n\n\n\n * All versions prior to \n\n20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to\u00a021.2R3-S7;\n * 21.3 versions prior to\u00a021.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1-S1, 23.2R2.\n\n\n\n\n" } ] }, @@ -39,6 +39,26 @@ "product_name": "Junos OS", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "20.4R3-S9" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1*" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S7" + }, + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S5" + }, { "version_affected": "<", "version_name": "21.4", @@ -84,11 +104,6 @@ "url": "https://supportportal.juniper.net/JSA72300", "refsource": "MISC", "name": "https://supportportal.juniper.net/JSA72300" - }, - { - "url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html" } ] }, @@ -147,10 +162,10 @@ { "base64": false, "type": "text/html", - "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2*, 22.3R2-S2*, 22.3R3-S1*, 22.4R2-S1, 22.4R3*, 23.2R1-S1, 23.2R2*, 23.3R1*, and all subsequent releases.\n\n
" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*, 21.2R3-S7*, 21.3R3-S5, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1*, 22.4R2-S1, 22.4R3*, 23.2R1-S1, 23.2R2*, 23.4R1*, and all subsequent releases.
\n\n*Pending Publication\n\n\n\n
" } ], - "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2*, 22.3R2-S2*, 22.3R3-S1*, 22.4R2-S1, 22.4R3*, 23.2R1-S1, 23.2R2*,\u00a023.3R1*, and all subsequent releases.\n\n\n" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*,\u00a021.2R3-S7*,\u00a021.3R3-S5,\u00a021.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1*, 22.4R2-S1, 22.4R3*, 23.2R1-S1, 23.2R2*,\u00a023.4R1*, and all subsequent releases.\n\n\n*Pending Publication\n\n\n\n\n" } ], "credits": [ @@ -164,15 +179,15 @@ { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2023/36xxx/CVE-2023-36846.json b/2023/36xxx/CVE-2023-36846.json index 8dd6c9c3775..9488c3f93bd 100644 --- a/2023/36xxx/CVE-2023-36846.json +++ b/2023/36xxx/CVE-2023-36846.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0\n\npart of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n" + "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0\n\npart of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n" } ] }, @@ -41,9 +41,14 @@ "version_data": [ { "version_affected": "<", - "version_name": "unspecified", + "version_name": "0", "version_value": "20.4R3-S8" }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1*" + }, { "version_affected": "<", "version_name": "21.2", @@ -94,11 +99,6 @@ "url": "https://supportportal.juniper.net/JSA72300", "refsource": "MISC", "name": "https://supportportal.juniper.net/JSA72300" - }, - { - "url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html" } ] }, @@ -157,10 +157,10 @@ { "base64": false, "type": "text/html", - "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S3, 22.2R3-S2*, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n\n
" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.
*Pending Publication
" } ], - "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S3, 22.2R3-S2*, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n\n\n" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n*Pending Publication\n" } ], "credits": [ diff --git a/2023/36xxx/CVE-2023-36847.json b/2023/36xxx/CVE-2023-36847.json index 31b27166062..8b5dedaa0f2 100644 --- a/2023/36xxx/CVE-2023-36847.json +++ b/2023/36xxx/CVE-2023-36847.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n" + "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n" } ] }, @@ -41,9 +41,14 @@ "version_data": [ { "version_affected": "<", - "version_name": "unspecified", + "version_name": "0", "version_value": "20.4R3-S8" }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1*" + }, { "version_affected": "<", "version_name": "21.2", @@ -94,11 +99,6 @@ "url": "https://supportportal.juniper.net/JSA72300", "refsource": "MISC", "name": "https://supportportal.juniper.net/JSA72300" - }, - { - "url": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html" } ] }, @@ -157,10 +157,10 @@ { "base64": false, "type": "text/html", - "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n\n
" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.
*Pending Publication
" } ], - "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n\n\n" + "value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n*Pending Publication\n" } ], "credits": [ diff --git a/2023/36xxx/CVE-2023-36851.json b/2023/36xxx/CVE-2023-36851.json index 4e414f046a4..2dfc2c881d0 100644 --- a/2023/36xxx/CVE-2023-36851.json +++ b/2023/36xxx/CVE-2023-36851.json @@ -1,17 +1,155 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@juniper.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0part of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Juniper Networks", + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "22.4R1", + "version_value": "22.4R2-S2, 22.4R3" + }, + { + "version_affected": "<", + "version_name": "23.2", + "version_value": "23.2R2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://supportportal.juniper.net/JSA72300", + "refsource": "MISC", + "name": "https://supportportal.juniper.net/JSA72300" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "JSA72300", + "defect": [ + "1758332" + ], + "discovery": "EXTERNAL" + }, + "configuration": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": " \n\n\n\n\n\n\n\n

The following minimal configuration is necessary:

  [system services web-management http]

or

  [system services web-management https]
" + } + ], + "value": " \n\n\n\n\n\n\n\nThe following minimal configuration is necessary:\n\n\u00a0 [system services web-management http]or\n\n\u00a0 [system services web-management https]\n" + } + ], + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.
" + } + ], + "value": "\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n\n\nWhile Juniper SIRT is not aware of a successful exploit against a customer, a proof of concept has been published and exploit attempts have been detected.\n\n
" + } + ], + "value": "\n\n\nWhile Juniper SIRT is not aware of a successful exploit against a customer, a proof of concept has been published and exploit attempts have been detected.\n\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The following software releases have been updated to resolve this specific issue: 22.4R2-S2*, 22.4R3*, 23.2R2*, 23.4R1*, and all subsequent releases.
*Pending Publication
" + } + ], + "value": "The following software releases have been updated to resolve this specific issue:\u00a022.4R2-S2*,\u00a022.4R3*,\u00a023.2R2*,\u00a023.4R1*,\u00a0and all subsequent releases.\n*Pending Publication\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "watchtowr" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39347.json b/2023/39xxx/CVE-2023-39347.json index e905f1ac77a..7572ef72a5e 100644 --- a/2023/39xxx/CVE-2023-39347.json +++ b/2023/39xxx/CVE-2023-39347.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39347", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cilium", + "product": { + "product_data": [ + { + "product_name": "cilium", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.14.0, < 1.14.2" + }, + { + "version_affected": "=", + "version_value": ">= 1.13.0, < 1.13.7 " + }, + { + "version_affected": "=", + "version_value": "< 1.12.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cilium/cilium/security/advisories/GHSA-gj2r-phwg-6rww", + "refsource": "MISC", + "name": "https://github.com/cilium/cilium/security/advisories/GHSA-gj2r-phwg-6rww" + }, + { + "url": "https://docs.cilium.io/en/latest/security/threat-model/#kubernetes-api-server-attacker", + "refsource": "MISC", + "name": "https://docs.cilium.io/en/latest/security/threat-model/#kubernetes-api-server-attacker" + } + ] + }, + "source": { + "advisory": "GHSA-gj2r-phwg-6rww", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41904.json b/2023/41xxx/CVE-2023-41904.json index e278ae0ea68..9d015f9cea8 100644 --- a/2023/41xxx/CVE-2023-41904.json +++ b/2023/41xxx/CVE-2023-41904.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41904", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41904", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-41904.html", + "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-41904.html" } ] } diff --git a/2023/42xxx/CVE-2023-42460.json b/2023/42xxx/CVE-2023-42460.json index ff9d76b82d2..e0bb28d97c3 100644 --- a/2023/42xxx/CVE-2023-42460.json +++ b/2023/42xxx/CVE-2023-42460.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-682: Incorrect Calculation", + "cweId": "CWE-682" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vyperlang", + "product": { + "product_data": [ + { + "product_name": "vyper", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.3.4, < 0.3.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97", + "refsource": "MISC", + "name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97" + }, + { + "url": "https://github.com/vyperlang/vyper/pull/3626", + "refsource": "MISC", + "name": "https://github.com/vyperlang/vyper/pull/3626" + } + ] + }, + "source": { + "advisory": "GHSA-cx2q-hfxr-rj97", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43216.json b/2023/43xxx/CVE-2023-43216.json index e133f4b7213..6cbda621865 100644 --- a/2023/43xxx/CVE-2023-43216.json +++ b/2023/43xxx/CVE-2023-43216.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43216", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43216", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf", + "refsource": "MISC", + "name": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf" } ] } diff --git a/2023/43xxx/CVE-2023-43222.json b/2023/43xxx/CVE-2023-43222.json index 8a1db355f11..2b1a242daae 100644 --- a/2023/43xxx/CVE-2023-43222.json +++ b/2023/43xxx/CVE-2023-43222.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43222", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43222", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.csdn.net/weixin_51394168/article/details/132817842", + "url": "https://blog.csdn.net/weixin_51394168/article/details/132817842" } ] } diff --git a/2023/43xxx/CVE-2023-43646.json b/2023/43xxx/CVE-2023-43646.json index 10dcd6ec0ce..5317b5c2af9 100644 --- a/2023/43xxx/CVE-2023-43646.json +++ b/2023/43xxx/CVE-2023-43646.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\\t'.repeat(54773) + '\\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "chaijs", + "product": { + "product_data": [ + { + "product_name": "get-func-name", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5", + "refsource": "MISC", + "name": "https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5" + }, + { + "url": "https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69", + "refsource": "MISC", + "name": "https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69" + } + ] + }, + "source": { + "advisory": "GHSA-4q6p-r6v2-jvc5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43775.json b/2023/43xxx/CVE-2023-43775.json index 31c7dac056d..388b89433ba 100644 --- a/2023/43xxx/CVE-2023-43775.json +++ b/2023/43xxx/CVE-2023-43775.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "CybersecurityCOE@eaton.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Denial-of-service vulnerability in the web server of the Eaton SMP SG-4260 allows \n\nattacker to potentially force an unexpected restart of the SMP Gateway\nautomation platform, impacting the availability of the product. In rare situations, the issue could cause\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\nnot vulnerable anymore.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eaton", + "product": { + "product_data": [ + { + "product_name": "SMP SG-4260", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.0R9", + "status": "affected", + "version": "8.0", + "versionType": "custom" + }, + { + "lessThan": "8.1R5", + "status": "affected", + "version": "8.1", + "versionType": "custom" + }, + { + "lessThan": "8.2R4", + "status": "affected", + "version": "8.2", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf", + "refsource": "MISC", + "name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44162.json b/2023/44xxx/CVE-2023-44162.json new file mode 100644 index 00000000000..d5ea267ed2f --- /dev/null +++ b/2023/44xxx/CVE-2023-44162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44163.json b/2023/44xxx/CVE-2023-44163.json new file mode 100644 index 00000000000..05ac16bc568 --- /dev/null +++ b/2023/44xxx/CVE-2023-44163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44164.json b/2023/44xxx/CVE-2023-44164.json new file mode 100644 index 00000000000..bb103f2e062 --- /dev/null +++ b/2023/44xxx/CVE-2023-44164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44165.json b/2023/44xxx/CVE-2023-44165.json new file mode 100644 index 00000000000..c5b2fb9247b --- /dev/null +++ b/2023/44xxx/CVE-2023-44165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44166.json b/2023/44xxx/CVE-2023-44166.json new file mode 100644 index 00000000000..50e89a817ba --- /dev/null +++ b/2023/44xxx/CVE-2023-44166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44167.json b/2023/44xxx/CVE-2023-44167.json new file mode 100644 index 00000000000..ce194c0bdd2 --- /dev/null +++ b/2023/44xxx/CVE-2023-44167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44168.json b/2023/44xxx/CVE-2023-44168.json new file mode 100644 index 00000000000..3b769118d7e --- /dev/null +++ b/2023/44xxx/CVE-2023-44168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44169.json b/2023/44xxx/CVE-2023-44169.json new file mode 100644 index 00000000000..1471e468aff --- /dev/null +++ b/2023/44xxx/CVE-2023-44169.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-44169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf", + "refsource": "MISC", + "name": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44170.json b/2023/44xxx/CVE-2023-44170.json new file mode 100644 index 00000000000..50d7cea80c1 --- /dev/null +++ b/2023/44xxx/CVE-2023-44170.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-44170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf", + "refsource": "MISC", + "name": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44171.json b/2023/44xxx/CVE-2023-44171.json new file mode 100644 index 00000000000..c95b8b30ae0 --- /dev/null +++ b/2023/44xxx/CVE-2023-44171.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-44171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf", + "refsource": "MISC", + "name": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44172.json b/2023/44xxx/CVE-2023-44172.json new file mode 100644 index 00000000000..25a7f5ae0d4 --- /dev/null +++ b/2023/44xxx/CVE-2023-44172.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-44172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf", + "refsource": "MISC", + "name": "https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44173.json b/2023/44xxx/CVE-2023-44173.json new file mode 100644 index 00000000000..368ab1496a2 --- /dev/null +++ b/2023/44xxx/CVE-2023-44173.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44173", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44174.json b/2023/44xxx/CVE-2023-44174.json new file mode 100644 index 00000000000..8325d7eb7ca --- /dev/null +++ b/2023/44xxx/CVE-2023-44174.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44174", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44175.json b/2023/44xxx/CVE-2023-44175.json new file mode 100644 index 00000000000..ecd840ded53 --- /dev/null +++ b/2023/44xxx/CVE-2023-44175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44176.json b/2023/44xxx/CVE-2023-44176.json new file mode 100644 index 00000000000..ecfe5ae161f --- /dev/null +++ b/2023/44xxx/CVE-2023-44176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44177.json b/2023/44xxx/CVE-2023-44177.json new file mode 100644 index 00000000000..c3f6d2b452e --- /dev/null +++ b/2023/44xxx/CVE-2023-44177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44178.json b/2023/44xxx/CVE-2023-44178.json new file mode 100644 index 00000000000..a39a3ee5733 --- /dev/null +++ b/2023/44xxx/CVE-2023-44178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44179.json b/2023/44xxx/CVE-2023-44179.json new file mode 100644 index 00000000000..116bffafae4 --- /dev/null +++ b/2023/44xxx/CVE-2023-44179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44180.json b/2023/44xxx/CVE-2023-44180.json new file mode 100644 index 00000000000..c847aba642a --- /dev/null +++ b/2023/44xxx/CVE-2023-44180.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44180", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44181.json b/2023/44xxx/CVE-2023-44181.json new file mode 100644 index 00000000000..a9ad0a7059a --- /dev/null +++ b/2023/44xxx/CVE-2023-44181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44182.json b/2023/44xxx/CVE-2023-44182.json new file mode 100644 index 00000000000..1df80b627ba --- /dev/null +++ b/2023/44xxx/CVE-2023-44182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44183.json b/2023/44xxx/CVE-2023-44183.json new file mode 100644 index 00000000000..ef1e666ce46 --- /dev/null +++ b/2023/44xxx/CVE-2023-44183.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44183", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44184.json b/2023/44xxx/CVE-2023-44184.json new file mode 100644 index 00000000000..b435b44bf14 --- /dev/null +++ b/2023/44xxx/CVE-2023-44184.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44184", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44185.json b/2023/44xxx/CVE-2023-44185.json new file mode 100644 index 00000000000..e906066afcc --- /dev/null +++ b/2023/44xxx/CVE-2023-44185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44186.json b/2023/44xxx/CVE-2023-44186.json new file mode 100644 index 00000000000..206bccf8019 --- /dev/null +++ b/2023/44xxx/CVE-2023-44186.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44186", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44187.json b/2023/44xxx/CVE-2023-44187.json new file mode 100644 index 00000000000..0349d7bd4b0 --- /dev/null +++ b/2023/44xxx/CVE-2023-44187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44188.json b/2023/44xxx/CVE-2023-44188.json new file mode 100644 index 00000000000..361173a1e7a --- /dev/null +++ b/2023/44xxx/CVE-2023-44188.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44188", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44189.json b/2023/44xxx/CVE-2023-44189.json new file mode 100644 index 00000000000..caf03c53cde --- /dev/null +++ b/2023/44xxx/CVE-2023-44189.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44189", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44190.json b/2023/44xxx/CVE-2023-44190.json new file mode 100644 index 00000000000..cfa74f39c96 --- /dev/null +++ b/2023/44xxx/CVE-2023-44190.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44190", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44191.json b/2023/44xxx/CVE-2023-44191.json new file mode 100644 index 00000000000..74ba8908d62 --- /dev/null +++ b/2023/44xxx/CVE-2023-44191.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44191", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44192.json b/2023/44xxx/CVE-2023-44192.json new file mode 100644 index 00000000000..6cc5eb364bd --- /dev/null +++ b/2023/44xxx/CVE-2023-44192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44193.json b/2023/44xxx/CVE-2023-44193.json new file mode 100644 index 00000000000..1c2b3de5f72 --- /dev/null +++ b/2023/44xxx/CVE-2023-44193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44194.json b/2023/44xxx/CVE-2023-44194.json new file mode 100644 index 00000000000..c0dfc50c135 --- /dev/null +++ b/2023/44xxx/CVE-2023-44194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44195.json b/2023/44xxx/CVE-2023-44195.json new file mode 100644 index 00000000000..6fd2c3c4279 --- /dev/null +++ b/2023/44xxx/CVE-2023-44195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44196.json b/2023/44xxx/CVE-2023-44196.json new file mode 100644 index 00000000000..55aaa5177ad --- /dev/null +++ b/2023/44xxx/CVE-2023-44196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44197.json b/2023/44xxx/CVE-2023-44197.json new file mode 100644 index 00000000000..42c94817425 --- /dev/null +++ b/2023/44xxx/CVE-2023-44197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44198.json b/2023/44xxx/CVE-2023-44198.json new file mode 100644 index 00000000000..4f5aaaa3f96 --- /dev/null +++ b/2023/44xxx/CVE-2023-44198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44199.json b/2023/44xxx/CVE-2023-44199.json new file mode 100644 index 00000000000..2c83637420a --- /dev/null +++ b/2023/44xxx/CVE-2023-44199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44200.json b/2023/44xxx/CVE-2023-44200.json new file mode 100644 index 00000000000..5e26ac74759 --- /dev/null +++ b/2023/44xxx/CVE-2023-44200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44201.json b/2023/44xxx/CVE-2023-44201.json new file mode 100644 index 00000000000..b588bb91b76 --- /dev/null +++ b/2023/44xxx/CVE-2023-44201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44202.json b/2023/44xxx/CVE-2023-44202.json new file mode 100644 index 00000000000..07b9a0f878f --- /dev/null +++ b/2023/44xxx/CVE-2023-44202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44203.json b/2023/44xxx/CVE-2023-44203.json new file mode 100644 index 00000000000..d88db29b962 --- /dev/null +++ b/2023/44xxx/CVE-2023-44203.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44204.json b/2023/44xxx/CVE-2023-44204.json new file mode 100644 index 00000000000..7567c5ddbec --- /dev/null +++ b/2023/44xxx/CVE-2023-44204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44205.json b/2023/44xxx/CVE-2023-44205.json new file mode 100644 index 00000000000..55bb2046d7f --- /dev/null +++ b/2023/44xxx/CVE-2023-44205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44206.json b/2023/44xxx/CVE-2023-44206.json new file mode 100644 index 00000000000..84272657b9a --- /dev/null +++ b/2023/44xxx/CVE-2023-44206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44207.json b/2023/44xxx/CVE-2023-44207.json new file mode 100644 index 00000000000..67bc3be8c20 --- /dev/null +++ b/2023/44xxx/CVE-2023-44207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/44xxx/CVE-2023-44208.json b/2023/44xxx/CVE-2023-44208.json new file mode 100644 index 00000000000..72d2caefff1 --- /dev/null +++ b/2023/44xxx/CVE-2023-44208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-44208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4065.json b/2023/4xxx/CVE-2023-4065.json index 406660cd4f0..da297c8da58 100644 --- a/2023/4xxx/CVE-2023-4065.json +++ b/2023/4xxx/CVE-2023-4065.json @@ -1,17 +1,153 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Output Neutralization for Logs", + "cweId": "CWE-117" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "Hat AMQ Broker 7.11.1.OPR.2.GA", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "RHEL-8 based Middleware Containers", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "7.11.1-9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "7.11.1-12", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat JBoss A-MQ 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:4720", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:4720" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4065", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4065" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224630", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2224630" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4260.json b/2023/4xxx/CVE-2023-4260.json index 9b0d5521dc9..4955ddd4e03 100644 --- a/2023/4xxx/CVE-2023-4260.json +++ b/2023/4xxx/CVE-2023-4260.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-193 Off-by-one Error", + "cweId": "CWE-193" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zephyrproject-rtos", + "product": { + "product_data": [ + { + "product_name": "Zephyr", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh", + "refsource": "MISC", + "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4262.json b/2023/4xxx/CVE-2023-4262.json index 10060a3fe84..f96302c4891 100644 --- a/2023/4xxx/CVE-2023-4262.json +++ b/2023/4xxx/CVE-2023-4262.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4262", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible buffer overflow\u00a0 in Zephyr mgmt subsystem when asserts are disabled\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zephyrproject-rtos", + "product": { + "product_data": [ + { + "product_name": "Zephyr", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.3", + "version_value": "3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc", + "refsource": "MISC", + "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4264.json b/2023/4xxx/CVE-2023-4264.json index 0bf67f83029..90c33a30aea 100644 --- a/2023/4xxx/CVE-2023-4264.json +++ b/2023/4xxx/CVE-2023-4264.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).", + "cweId": "CWE-121" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": " CWE-122 Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zephyrproject-rtos", + "product": { + "product_data": [ + { + "product_name": "Zephyr", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j", + "refsource": "MISC", + "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4863.json b/2023/4xxx/CVE-2023-4863.json index a1225a49bbb..19130a3b249 100644 --- a/2023/4xxx/CVE-2023-4863.json +++ b/2023/4xxx/CVE-2023-4863.json @@ -228,6 +228,16 @@ "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/09/22/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/7" } ] } diff --git a/2023/4xxx/CVE-2023-4874.json b/2023/4xxx/CVE-2023-4874.json index 16e314479e6..1f8d6f4d03c 100644 --- a/2023/4xxx/CVE-2023-4874.json +++ b/2023/4xxx/CVE-2023-4874.json @@ -74,6 +74,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/6" } ] }, diff --git a/2023/4xxx/CVE-2023-4875.json b/2023/4xxx/CVE-2023-4875.json index 8ddab25657c..4fcb0079336 100644 --- a/2023/4xxx/CVE-2023-4875.json +++ b/2023/4xxx/CVE-2023-4875.json @@ -74,6 +74,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/6" } ] }, diff --git a/2023/5xxx/CVE-2023-5129.json b/2023/5xxx/CVE-2023-5129.json index 4cae04dca1e..9bd19a4ccba 100644 --- a/2023/5xxx/CVE-2023-5129.json +++ b/2023/5xxx/CVE-2023-5129.json @@ -64,6 +64,16 @@ "url": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76", "refsource": "MISC", "name": "https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/09/26/7" } ] }, diff --git a/2023/5xxx/CVE-2023-5157.json b/2023/5xxx/CVE-2023-5157.json index dad1f8dc54a..71b1c05c662 100644 --- a/2023/5xxx/CVE-2023-5157.json +++ b/2023/5xxx/CVE-2023-5157.json @@ -1,17 +1,248 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "mariadb", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "10.7.5", + "status": "unaffected" + }, + { + "version": "10.5.17", + "status": "unaffected" + }, + { + "version": "10.8.4", + "status": "unaffected" + }, + { + "version": "10.4.26", + "status": "unaffected" + }, + { + "version": "10.6.9", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Software Collections", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-5157", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-5157" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240246", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2240246" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5202.json b/2023/5xxx/CVE-2023-5202.json new file mode 100644 index 00000000000..2908417b507 --- /dev/null +++ b/2023/5xxx/CVE-2023-5202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5203.json b/2023/5xxx/CVE-2023-5203.json new file mode 100644 index 00000000000..2c6a9b81d5e --- /dev/null +++ b/2023/5xxx/CVE-2023-5203.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5204.json b/2023/5xxx/CVE-2023-5204.json new file mode 100644 index 00000000000..4a67145fc62 --- /dev/null +++ b/2023/5xxx/CVE-2023-5204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5205.json b/2023/5xxx/CVE-2023-5205.json new file mode 100644 index 00000000000..a1c036021ad --- /dev/null +++ b/2023/5xxx/CVE-2023-5205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5206.json b/2023/5xxx/CVE-2023-5206.json new file mode 100644 index 00000000000..5ec0ab2fc5f --- /dev/null +++ b/2023/5xxx/CVE-2023-5206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5207.json b/2023/5xxx/CVE-2023-5207.json new file mode 100644 index 00000000000..27be8f7fe1e --- /dev/null +++ b/2023/5xxx/CVE-2023-5207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5208.json b/2023/5xxx/CVE-2023-5208.json new file mode 100644 index 00000000000..ed6a0d32419 --- /dev/null +++ b/2023/5xxx/CVE-2023-5208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5209.json b/2023/5xxx/CVE-2023-5209.json new file mode 100644 index 00000000000..8838b1a48df --- /dev/null +++ b/2023/5xxx/CVE-2023-5209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5210.json b/2023/5xxx/CVE-2023-5210.json new file mode 100644 index 00000000000..6c7f9b42f96 --- /dev/null +++ b/2023/5xxx/CVE-2023-5210.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5210", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5211.json b/2023/5xxx/CVE-2023-5211.json new file mode 100644 index 00000000000..13abfb4cfb2 --- /dev/null +++ b/2023/5xxx/CVE-2023-5211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file