From dbcfc9658886b8bcf8ed58c0f05496f0a80b9ed1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 26 Jan 2023 21:06:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/8xxx/CVE-2019-8996.json | 5 ++ 2021/28xxx/CVE-2021-28510.json | 130 +++++++++++++++++++++++++++++++-- 2022/20xxx/CVE-2022-20235.json | 50 ++++++++++++- 2022/20xxx/CVE-2022-20456.json | 50 ++++++++++++- 2022/20xxx/CVE-2022-20461.json | 50 ++++++++++++- 2022/20xxx/CVE-2022-20489.json | 50 ++++++++++++- 2022/20xxx/CVE-2022-20490.json | 50 ++++++++++++- 2022/20xxx/CVE-2022-20492.json | 50 ++++++++++++- 2022/20xxx/CVE-2022-20493.json | 50 ++++++++++++- 2022/20xxx/CVE-2022-20494.json | 50 ++++++++++++- 2022/25xxx/CVE-2022-25629.json | 8 +- 2022/25xxx/CVE-2022-25630.json | 6 +- 2022/2xxx/CVE-2022-2220.json | 50 +------------ 2022/37xxx/CVE-2022-37155.json | 17 ++++- 2022/3xxx/CVE-2022-3522.json | 65 +---------------- 2022/40xxx/CVE-2022-40036.json | 56 ++++++++++++-- 2022/40xxx/CVE-2022-40037.json | 56 ++++++++++++-- 2022/45xxx/CVE-2022-45808.json | 102 +++++++++++++++++++++++++- 2022/45xxx/CVE-2022-45820.json | 102 +++++++++++++++++++++++++- 2022/46xxx/CVE-2022-46071.json | 5 ++ 2022/46xxx/CVE-2022-46072.json | 5 ++ 2022/46xxx/CVE-2022-46073.json | 5 ++ 2022/46xxx/CVE-2022-46074.json | 5 ++ 2022/47xxx/CVE-2022-47040.json | 56 ++++++++++++-- 2022/47xxx/CVE-2022-47042.json | 56 ++++++++++++-- 2022/47xxx/CVE-2022-47615.json | 101 ++++++++++++++++++++++++- 2022/48xxx/CVE-2022-48199.json | 61 ++++++++++++++-- 2023/0xxx/CVE-2023-0284.json | 72 +++++++++++++++++- 2023/0xxx/CVE-2023-0457.json | 18 +++++ 2023/0xxx/CVE-2023-0458.json | 18 +++++ 2023/0xxx/CVE-2023-0459.json | 18 +++++ 2023/0xxx/CVE-2023-0460.json | 18 +++++ 2023/0xxx/CVE-2023-0461.json | 18 +++++ 2023/0xxx/CVE-2023-0462.json | 18 +++++ 2023/0xxx/CVE-2023-0463.json | 18 +++++ 2023/0xxx/CVE-2023-0464.json | 18 +++++ 2023/0xxx/CVE-2023-0465.json | 18 +++++ 2023/0xxx/CVE-2023-0466.json | 18 +++++ 2023/0xxx/CVE-2023-0467.json | 18 +++++ 2023/0xxx/CVE-2023-0471.json | 68 +++++++++++++++++ 2023/0xxx/CVE-2023-0472.json | 68 +++++++++++++++++ 2023/0xxx/CVE-2023-0473.json | 68 +++++++++++++++++ 2023/0xxx/CVE-2023-0474.json | 68 +++++++++++++++++ 2023/0xxx/CVE-2023-0483.json | 18 +++++ 2023/0xxx/CVE-2023-0484.json | 18 +++++ 2023/0xxx/CVE-2023-0485.json | 18 +++++ 2023/0xxx/CVE-2023-0486.json | 18 +++++ 2023/20xxx/CVE-2023-20904.json | 50 ++++++++++++- 2023/22xxx/CVE-2023-22378.json | 18 +++++ 2023/22xxx/CVE-2023-22843.json | 18 +++++ 2023/23xxx/CVE-2023-23574.json | 18 +++++ 2023/23xxx/CVE-2023-23612.json | 85 ++++++++++++++++++++- 2023/23xxx/CVE-2023-23613.json | 85 ++++++++++++++++++++- 2023/23xxx/CVE-2023-23903.json | 18 +++++ 2023/24xxx/CVE-2023-24015.json | 18 +++++ 2023/24xxx/CVE-2023-24039.json | 5 ++ 2023/24xxx/CVE-2023-24040.json | 5 ++ 2023/24xxx/CVE-2023-24057.json | 56 ++++++++++++-- 2023/24xxx/CVE-2023-24471.json | 18 +++++ 2023/24xxx/CVE-2023-24477.json | 18 +++++ 2023/24xxx/CVE-2023-24482.json | 18 +++++ 2023/24xxx/CVE-2023-24509.json | 18 +++++ 2023/24xxx/CVE-2023-24510.json | 18 +++++ 2023/24xxx/CVE-2023-24511.json | 18 +++++ 2023/24xxx/CVE-2023-24512.json | 18 +++++ 2023/24xxx/CVE-2023-24513.json | 18 +++++ 66 files changed, 2214 insertions(+), 211 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0457.json create mode 100644 2023/0xxx/CVE-2023-0458.json create mode 100644 2023/0xxx/CVE-2023-0459.json create mode 100644 2023/0xxx/CVE-2023-0460.json create mode 100644 2023/0xxx/CVE-2023-0461.json create mode 100644 2023/0xxx/CVE-2023-0462.json create mode 100644 2023/0xxx/CVE-2023-0463.json create mode 100644 2023/0xxx/CVE-2023-0464.json create mode 100644 2023/0xxx/CVE-2023-0465.json create mode 100644 2023/0xxx/CVE-2023-0466.json create mode 100644 2023/0xxx/CVE-2023-0467.json create mode 100644 2023/0xxx/CVE-2023-0471.json create mode 100644 2023/0xxx/CVE-2023-0472.json create mode 100644 2023/0xxx/CVE-2023-0473.json create mode 100644 2023/0xxx/CVE-2023-0474.json create mode 100644 2023/0xxx/CVE-2023-0483.json create mode 100644 2023/0xxx/CVE-2023-0484.json create mode 100644 2023/0xxx/CVE-2023-0485.json create mode 100644 2023/0xxx/CVE-2023-0486.json create mode 100644 2023/22xxx/CVE-2023-22378.json create mode 100644 2023/22xxx/CVE-2023-22843.json create mode 100644 2023/23xxx/CVE-2023-23574.json create mode 100644 2023/23xxx/CVE-2023-23903.json create mode 100644 2023/24xxx/CVE-2023-24015.json create mode 100644 2023/24xxx/CVE-2023-24471.json create mode 100644 2023/24xxx/CVE-2023-24477.json create mode 100644 2023/24xxx/CVE-2023-24482.json create mode 100644 2023/24xxx/CVE-2023-24509.json create mode 100644 2023/24xxx/CVE-2023-24510.json create mode 100644 2023/24xxx/CVE-2023-24511.json create mode 100644 2023/24xxx/CVE-2023-24512.json create mode 100644 2023/24xxx/CVE-2023-24513.json diff --git a/2019/8xxx/CVE-2019-8996.json b/2019/8xxx/CVE-2019-8996.json index cd046a49836..74213d5dc73 100644 --- a/2019/8xxx/CVE-2019-8996.json +++ b/2019/8xxx/CVE-2019-8996.json @@ -56,6 +56,11 @@ "name": "https://help.signiant.com/manager-agents/installation/release-notes/", "refsource": "MISC", "url": "https://help.signiant.com/manager-agents/installation/release-notes/" + }, + { + "refsource": "MISC", + "name": "https://help.signiant.com/flight-deck/general/release-notes-13-5", + "url": "https://help.signiant.com/flight-deck/general/release-notes-13-5" } ] } diff --git a/2021/28xxx/CVE-2021-28510.json b/2021/28xxx/CVE-2021-28510.json index 2bd7a92c09b..ca3c3738aff 100644 --- a/2021/28xxx/CVE-2021-28510.json +++ b/2021/28xxx/CVE-2021-28510.json @@ -1,18 +1,134 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@arista.com", + "DATE_PUBLIC": "2022-04-19T21:53:00.000Z", "ID": "CVE-2021-28510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.27.1", + "version_value": "4.27.0" + }, + { + "version_affected": "<=", + "version_name": "4.26.4", + "version_value": "4.26.0" + }, + { + "version_affected": "<=", + "version_name": "4.25.6", + "version_value": "4.25.0" + }, + { + "version_affected": "<=", + "version_name": "4.24.8", + "version_value": "4.24.0" + }, + { + "version_affected": "<=", + "version_name": "4.23.10", + "version_value": "4.23.0" + }, + { + "version_affected": "=", + "version_name": "4.22", + "version_value": "4.22" + } + ] + } + } + ] + }, + "vendor_name": "Arista Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28510 has been fixed in the following releases:\n4.27.2 and later releases in the 4.27.x train\n4.26.5 and later releases in the 4.26.x train\n4.25.7 and later releases in the 4.25.x train\n4.24.9 and later releases in the 4.24.x train\n4.23.11 and later releases in the 4.23.x train\n" + }, + { + "lang": "eng", + "value": "Hotfix\n\nThe following hotfix can be applied to remediate CVE-2021-28510\nNote: Installing/uninstalling the SWIX will cause the PTP agent to restart.\n\nVersion: 1.0\nURL:SecurityAdvisory76_CVE-2021-28510_Hotfix.swix\n\nSWIX hash: (SHA-512)2b78b8274b7c73083775b0327e13819c655db07e22b80038bb3843002c679a798b53a4638c549a86183e01a835377bf262d27e60020a39516a5d215e2fadb437 " + } + ], + "source": { + "advisory": "76", + "defect": [ + "BUG", + "638107" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Install ACL rules to drop PTP packets from untrusted sources. Best practice is to block access to untrusted (non-management) networks." + } + ] } \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20235.json b/2022/20xxx/CVE-2022-20235.json index 215ae97998c..d8af7e4dfde 100644 --- a/2022/20xxx/CVE-2022-20235.json +++ b/2022/20xxx/CVE-2022-20235.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The PowerVR GPU kernel driver maintains an \"Information Page\" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780" } ] } diff --git a/2022/20xxx/CVE-2022-20456.json b/2022/20xxx/CVE-2022-20456.json index f80e2a8eeb0..6290634a80b 100644 --- a/2022/20xxx/CVE-2022-20456.json +++ b/2022/20xxx/CVE-2022-20456.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780" } ] } diff --git a/2022/20xxx/CVE-2022-20461.json b/2022/20xxx/CVE-2022-20461.json index b9c48c29880..02b1b2d4639 100644 --- a/2022/20xxx/CVE-2022-20461.json +++ b/2022/20xxx/CVE-2022-20461.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963" } ] } diff --git a/2022/20xxx/CVE-2022-20489.json b/2022/20xxx/CVE-2022-20489.json index 9cac26c88bf..705b8512abf 100644 --- a/2022/20xxx/CVE-2022-20489.json +++ b/2022/20xxx/CVE-2022-20489.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460" } ] } diff --git a/2022/20xxx/CVE-2022-20490.json b/2022/20xxx/CVE-2022-20490.json index 3f4173dd1e5..a08e1f4a6b3 100644 --- a/2022/20xxx/CVE-2022-20490.json +++ b/2022/20xxx/CVE-2022-20490.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505" } ] } diff --git a/2022/20xxx/CVE-2022-20492.json b/2022/20xxx/CVE-2022-20492.json index d39e3a82801..1151c0424d3 100644 --- a/2022/20xxx/CVE-2022-20492.json +++ b/2022/20xxx/CVE-2022-20492.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043" } ] } diff --git a/2022/20xxx/CVE-2022-20493.json b/2022/20xxx/CVE-2022-20493.json index d8067f5f54d..7f58759130e 100644 --- a/2022/20xxx/CVE-2022-20493.json +++ b/2022/20xxx/CVE-2022-20493.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316" } ] } diff --git a/2022/20xxx/CVE-2022-20494.json b/2022/20xxx/CVE-2022-20494.json index 7236606576e..e6e162ad467 100644 --- a/2022/20xxx/CVE-2022-20494.json +++ b/2022/20xxx/CVE-2022-20494.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204" } ] } diff --git a/2022/25xxx/CVE-2022-25629.json b/2022/25xxx/CVE-2022-25629.json index 919762babe6..f235cd6ddb2 100644 --- a/2022/25xxx/CVE-2022-25629.json +++ b/2022/25xxx/CVE-2022-25629.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "10.7.4 \u2013 10.7.13" + "version_value": "All releases prior to SMG 10.8" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21115", - "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21115" + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115", + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)" + "value": "An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)." } ] } diff --git a/2022/25xxx/CVE-2022-25630.json b/2022/25xxx/CVE-2022-25630.json index 711a0e72884..5437ec99498 100644 --- a/2022/25xxx/CVE-2022-25630.json +++ b/2022/25xxx/CVE-2022-25630.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "10.7.4 \u2013 10.7.13" + "version_value": "All releases prior to SMG 10.8" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21117", - "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21117" + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117", + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117" } ] }, diff --git a/2022/2xxx/CVE-2022-2220.json b/2022/2xxx/CVE-2022-2220.json index 38181f4cd04..bd5f6b53230 100644 --- a/2022/2xxx/CVE-2022-2220.json +++ b/2022/2xxx/CVE-2022-2220.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2220", - "ASSIGNER": "secalert@redhat.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "openshfit-router", - "version": { - "version_data": [ - { - "version_value": "Openshift 4 and 3.11" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-285" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2101434", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101434" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "OpenShift doesn't properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/37xxx/CVE-2022-37155.json b/2022/37xxx/CVE-2022-37155.json index 9f32bc00487..74c5184d89c 100644 --- a/2022/37xxx/CVE-2022-37155.json +++ b/2022/37xxx/CVE-2022-37155.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter" + "value": "RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter." } ] }, @@ -52,10 +52,25 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/", + "url": "https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/" + }, + { + "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html", + "refsource": "MISC", + "name": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html" + }, { "refsource": "MISC", "name": "https://pastebin.com/ZH7CPc8X", "url": "https://pastebin.com/ZH7CPc8X" + }, + { + "refsource": "MISC", + "name": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md", + "url": "https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md" } ] } diff --git a/2022/3xxx/CVE-2022-3522.json b/2022/3xxx/CVE-2022-3522.json index e7208d3b559..61004056f4c 100644 --- a/2022/3xxx/CVE-2022-3522.json +++ b/2022/3xxx/CVE-2022-3522.json @@ -4,73 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3522", - "TITLE": "Linux Kernel hugetlb.c hugetlb_no_page race condition", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Kernel", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-362 Race Condition" - } - ] - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "4.6", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9bf6c03eca1077cae8de0e6d86427656fa42a9b", - "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9bf6c03eca1077cae8de0e6d86427656fa42a9b" - }, - { - "url": "https://vuldb.com/?id.211019", - "refsource": "MISC", - "name": "https://vuldb.com/?id.211019" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/40xxx/CVE-2022-40036.json b/2022/40xxx/CVE-2022-40036.json index abfde7588e7..d5669a43a30 100644 --- a/2022/40xxx/CVE-2022-40036.json +++ b/2022/40xxx/CVE-2022-40036.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rawchen/blog-ssm/issues/5", + "url": "https://github.com/rawchen/blog-ssm/issues/5" } ] } diff --git a/2022/40xxx/CVE-2022-40037.json b/2022/40xxx/CVE-2022-40037.json index 809dc101bce..1632939f86b 100644 --- a/2022/40xxx/CVE-2022-40037.json +++ b/2022/40xxx/CVE-2022-40037.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40037", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40037", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rawchen/blog-ssm/issues/2", + "url": "https://github.com/rawchen/blog-ssm/issues/2" } ] } diff --git a/2022/45xxx/CVE-2022-45808.json b/2022/45xxx/CVE-2022-45808.json index e383efec0fb..d96339136e4 100644 --- a/2022/45xxx/CVE-2022-45808.json +++ b/2022/45xxx/CVE-2022-45808.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in LearnPress \u2013 WordPress LMS Plugin <= 4.1.7.3.2 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThimPress", + "product": { + "product_data": [ + { + "product_name": "LearnPress \u2013 WordPress LMS Plugin", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version/", + "refsource": "MISC", + "name": "https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version/" + }, + { + "url": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.2.0 or higher version." + } + ], + "value": "Update to\u00a04.2.0 or higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Fadilah Agung Nugraha (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/45xxx/CVE-2022-45820.json b/2022/45xxx/CVE-2022-45820.json index 2f72852da29..5cac06ed650 100644 --- a/2022/45xxx/CVE-2022-45820.json +++ b/2022/45xxx/CVE-2022-45820.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection (SQLi) vulnerability in LearnPress \u2013 WordPress LMS Plugin <= 4.1.7.3.2 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThimPress", + "product": { + "product_data": [ + { + "product_name": "LearnPress \u2013 WordPress LMS Plugin", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version/", + "refsource": "MISC", + "name": "https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version/" + }, + { + "url": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-auth-sql-injection-sqli-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-auth-sql-injection-sqli-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.2.0 or higher version." + } + ], + "value": "Update to\u00a04.2.0 or higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/46xxx/CVE-2022-46071.json b/2022/46xxx/CVE-2022-46071.json index be14f9040f1..f122b052a05 100644 --- a/2022/46xxx/CVE-2022-46071.json +++ b/2022/46xxx/CVE-2022-46071.json @@ -56,6 +56,11 @@ "url": "https://www.youtube.com/watch?v=5wit1Arzwxs&feature=youtu.be", "refsource": "MISC", "name": "https://www.youtube.com/watch?v=5wit1Arzwxs&feature=youtu.be" + }, + { + "refsource": "MISC", + "name": "https://yuyudhn.github.io/CVE-2022-46071/", + "url": "https://yuyudhn.github.io/CVE-2022-46071/" } ] } diff --git a/2022/46xxx/CVE-2022-46072.json b/2022/46xxx/CVE-2022-46072.json index a185efcb1d9..059f535d8d9 100644 --- a/2022/46xxx/CVE-2022-46072.json +++ b/2022/46xxx/CVE-2022-46072.json @@ -56,6 +56,11 @@ "url": "https://www.youtube.com/watch?v=jBAVUSzBL_M&ab_channel=IkariShinji", "refsource": "MISC", "name": "https://www.youtube.com/watch?v=jBAVUSzBL_M&ab_channel=IkariShinji" + }, + { + "refsource": "MISC", + "name": "https://yuyudhn.github.io/CVE-2022-46072/", + "url": "https://yuyudhn.github.io/CVE-2022-46072/" } ] } diff --git a/2022/46xxx/CVE-2022-46073.json b/2022/46xxx/CVE-2022-46073.json index 59c8ea98b8a..fd147d25c2e 100644 --- a/2022/46xxx/CVE-2022-46073.json +++ b/2022/46xxx/CVE-2022-46073.json @@ -56,6 +56,11 @@ "url": "https://www.youtube.com/watch?v=jT09Uiwl0Jo&ab_channel=IkariShinji", "refsource": "MISC", "name": "https://www.youtube.com/watch?v=jT09Uiwl0Jo&ab_channel=IkariShinji" + }, + { + "refsource": "MISC", + "name": "https://yuyudhn.github.io/CVE-2022-46073/", + "url": "https://yuyudhn.github.io/CVE-2022-46073/" } ] } diff --git a/2022/46xxx/CVE-2022-46074.json b/2022/46xxx/CVE-2022-46074.json index 9ac374b956d..fc8f86562e1 100644 --- a/2022/46xxx/CVE-2022-46074.json +++ b/2022/46xxx/CVE-2022-46074.json @@ -56,6 +56,11 @@ "url": "https://www.youtube.com/watch?v=5Q3vyTo02bc&ab_channel=IkariShinji", "refsource": "MISC", "name": "https://www.youtube.com/watch?v=5Q3vyTo02bc&ab_channel=IkariShinji" + }, + { + "refsource": "MISC", + "name": "https://yuyudhn.github.io/CVE-2022-46074/", + "url": "https://yuyudhn.github.io/CVE-2022-46074/" } ] } diff --git a/2022/47xxx/CVE-2022-47040.json b/2022/47xxx/CVE-2022-47040.json index dfde6c53634..8646ab17736 100644 --- a/2022/47xxx/CVE-2022-47040.json +++ b/2022/47xxx/CVE-2022-47040.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47040", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47040", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/leoservalli/Privilege-escalation-ASKEY", + "refsource": "MISC", + "name": "https://github.com/leoservalli/Privilege-escalation-ASKEY" } ] } diff --git a/2022/47xxx/CVE-2022-47042.json b/2022/47xxx/CVE-2022-47042.json index bb242fe5eb1..8d495a00ecb 100644 --- a/2022/47xxx/CVE-2022-47042.json +++ b/2022/47xxx/CVE-2022-47042.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47042", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/mingSoft/MCMS/issues/I6592F", + "refsource": "MISC", + "name": "https://gitee.com/mingSoft/MCMS/issues/I6592F" } ] } diff --git a/2022/47xxx/CVE-2022-47615.json b/2022/47xxx/CVE-2022-47615.json index 372074ee22d..61ae8c9d6ef 100644 --- a/2022/47xxx/CVE-2022-47615.json +++ b/2022/47xxx/CVE-2022-47615.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local File Inclusion vulnerability in LearnPress \u2013 WordPress LMS Plugin <= 4.1.7.3.2 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local File Inclusion" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThimPress", + "product": { + "product_data": [ + { + "product_name": "LearnPress \u2013 WordPress LMS Plugin", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve" + }, + { + "url": "https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version/", + "refsource": "MISC", + "name": "https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.2.0 or higher version." + } + ], + "value": "Update to\u00a04.2.0 or higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/48xxx/CVE-2022-48199.json b/2022/48xxx/CVE-2022-48199.json index fb4d410983f..ab23b714531 100644 --- a/2022/48xxx/CVE-2022-48199.json +++ b/2022/48xxx/CVE-2022-48199.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-48199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-48199", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.softperfect.com/products/changelog.php?product_id=2", + "refsource": "MISC", + "name": "https://www.softperfect.com/products/changelog.php?product_id=2" + }, + { + "refsource": "MISC", + "name": "https://giuliamelottigaribaldi.com/cve-2022-48199/", + "url": "https://giuliamelottigaribaldi.com/cve-2022-48199/" } ] } diff --git a/2023/0xxx/CVE-2023-0284.json b/2023/0xxx/CVE-2023-0284.json index 08c77ab2bae..fc5feb9caba 100644 --- a/2023/0xxx/CVE-2023-0284.json +++ b/2023/0xxx/CVE-2023-0284.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@checkmk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tribe29", + "product": { + "product_data": [ + { + "product_name": "Checkmk", + "version": { + "version_data": [ + { + "version_value": "2.0.0", + "version_affected": "=" + }, + { + "version_value": "2.1.0", + "version_affected": "=" + }, + { + "version_value": "1.6.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://checkmk.com/werk/15181", + "refsource": "MISC", + "name": "https://checkmk.com/werk/15181" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0457.json b/2023/0xxx/CVE-2023-0457.json new file mode 100644 index 00000000000..d3c8db3dd73 --- /dev/null +++ b/2023/0xxx/CVE-2023-0457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0458.json b/2023/0xxx/CVE-2023-0458.json new file mode 100644 index 00000000000..8ff33149614 --- /dev/null +++ b/2023/0xxx/CVE-2023-0458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0459.json b/2023/0xxx/CVE-2023-0459.json new file mode 100644 index 00000000000..43e9c41e619 --- /dev/null +++ b/2023/0xxx/CVE-2023-0459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0460.json b/2023/0xxx/CVE-2023-0460.json new file mode 100644 index 00000000000..b3d08fd2b31 --- /dev/null +++ b/2023/0xxx/CVE-2023-0460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0461.json b/2023/0xxx/CVE-2023-0461.json new file mode 100644 index 00000000000..c1b154865f6 --- /dev/null +++ b/2023/0xxx/CVE-2023-0461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0462.json b/2023/0xxx/CVE-2023-0462.json new file mode 100644 index 00000000000..e688a8e7e6e --- /dev/null +++ b/2023/0xxx/CVE-2023-0462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0463.json b/2023/0xxx/CVE-2023-0463.json new file mode 100644 index 00000000000..f8befc84747 --- /dev/null +++ b/2023/0xxx/CVE-2023-0463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0464.json b/2023/0xxx/CVE-2023-0464.json new file mode 100644 index 00000000000..156f89af5cb --- /dev/null +++ b/2023/0xxx/CVE-2023-0464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0465.json b/2023/0xxx/CVE-2023-0465.json new file mode 100644 index 00000000000..15193a01969 --- /dev/null +++ b/2023/0xxx/CVE-2023-0465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0466.json b/2023/0xxx/CVE-2023-0466.json new file mode 100644 index 00000000000..7579d5f633c --- /dev/null +++ b/2023/0xxx/CVE-2023-0466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0467.json b/2023/0xxx/CVE-2023-0467.json new file mode 100644 index 00000000000..35bf47f577b --- /dev/null +++ b/2023/0xxx/CVE-2023-0467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0471.json b/2023/0xxx/CVE-2023-0471.json new file mode 100644 index 00000000000..15480da4fd9 --- /dev/null +++ b/2023/0xxx/CVE-2023-0471.json @@ -0,0 +1,68 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-0471", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "109.0.5414.119", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html" + }, + { + "url": "https://crbug.com/1376354", + "refsource": "MISC", + "name": "https://crbug.com/1376354" + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0472.json b/2023/0xxx/CVE-2023-0472.json new file mode 100644 index 00000000000..362bcef9884 --- /dev/null +++ b/2023/0xxx/CVE-2023-0472.json @@ -0,0 +1,68 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-0472", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "109.0.5414.119", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html" + }, + { + "url": "https://crbug.com/1405256", + "refsource": "MISC", + "name": "https://crbug.com/1405256" + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0473.json b/2023/0xxx/CVE-2023-0473.json new file mode 100644 index 00000000000..1998915bc12 --- /dev/null +++ b/2023/0xxx/CVE-2023-0473.json @@ -0,0 +1,68 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-0473", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "109.0.5414.119", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html" + }, + { + "url": "https://crbug.com/1404639", + "refsource": "MISC", + "name": "https://crbug.com/1404639" + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0474.json b/2023/0xxx/CVE-2023-0474.json new file mode 100644 index 00000000000..aacdc3ff2f8 --- /dev/null +++ b/2023/0xxx/CVE-2023-0474.json @@ -0,0 +1,68 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-0474", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "109.0.5414.119", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html" + }, + { + "url": "https://crbug.com/1400841", + "refsource": "MISC", + "name": "https://crbug.com/1400841" + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0483.json b/2023/0xxx/CVE-2023-0483.json new file mode 100644 index 00000000000..73806f0dd7c --- /dev/null +++ b/2023/0xxx/CVE-2023-0483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0484.json b/2023/0xxx/CVE-2023-0484.json new file mode 100644 index 00000000000..7078656bd54 --- /dev/null +++ b/2023/0xxx/CVE-2023-0484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0485.json b/2023/0xxx/CVE-2023-0485.json new file mode 100644 index 00000000000..3a23b5d951f --- /dev/null +++ b/2023/0xxx/CVE-2023-0485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0486.json b/2023/0xxx/CVE-2023-0486.json new file mode 100644 index 00000000000..d0169a1f058 --- /dev/null +++ b/2023/0xxx/CVE-2023-0486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20904.json b/2023/20xxx/CVE-2023-20904.json index cb867d19e32..2190cf4c54b 100644 --- a/2023/20xxx/CVE-2023-20904.json +++ b/2023/20xxx/CVE-2023-20904.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-01-01", + "url": "https://source.android.com/security/bulletin/2023-01-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272" } ] } diff --git a/2023/22xxx/CVE-2023-22378.json b/2023/22xxx/CVE-2023-22378.json new file mode 100644 index 00000000000..65adf06c7be --- /dev/null +++ b/2023/22xxx/CVE-2023-22378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22843.json b/2023/22xxx/CVE-2023-22843.json new file mode 100644 index 00000000000..fcaeaef73a7 --- /dev/null +++ b/2023/22xxx/CVE-2023-22843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23574.json b/2023/23xxx/CVE-2023-23574.json new file mode 100644 index 00000000000..0c12ec6d642 --- /dev/null +++ b/2023/23xxx/CVE-2023-23574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/23xxx/CVE-2023-23612.json b/2023/23xxx/CVE-2023-23612.json index d66d3ae4c96..905fa314cd8 100644 --- a/2023/23xxx/CVE-2023-23612.json +++ b/2023/23xxx/CVE-2023-23612.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and trailing whitespace is trimmed, allowing users to potentially claim roles they are not assigned to if any role matches the whitespace-stripped version of the roles they are a member of. This issue is only present for authenticated users, and it requires either the existence of roles that match, not considering leading/trailing whitespace, or the ability for users to create said matching roles. In addition, the Identity Provider must allow leading and trailing spaces in role names. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. There are no known workarounds for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "opensearch-project", + "product": { + "product_data": [ + { + "product_name": "security", + "version": { + "version_data": [ + { + "version_value": ">= 2.0.0, < 2.5.0", + "version_affected": "=" + }, + { + "version_value": "< 1.3.8", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0", + "refsource": "MISC", + "name": "https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0" + }, + { + "url": "https://github.com/opensearch-project/security/security/advisories/GHSA-864v-6qj7-62qj", + "refsource": "MISC", + "name": "https://github.com/opensearch-project/security/security/advisories/GHSA-864v-6qj7-62qj" + } + ] + }, + "source": { + "advisory": "GHSA-864v-6qj7-62qj", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23613.json b/2023/23xxx/CVE-2023-23613.json index 59892444c43..1be15689be0 100644 --- a/2023/23xxx/CVE-2023-23613.json +++ b/2023/23xxx/CVE-2023-23613.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their auto-generated .keyword fields. This issue is only present for authenticated users with read access to the indexes containing the restricted fields. This may expose data which may otherwise not be accessible to the user. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. Users unable to upgrade may write explicit exclusion rules as a workaround. Policies authored in this way are not subject to this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "opensearch-project", + "product": { + "product_data": [ + { + "product_name": "security", + "version": { + "version_data": [ + { + "version_value": ">= 2.0.0, < 2.5.0", + "version_affected": "=" + }, + { + "version_value": "< 1.3.8", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/opensearch-project/security/security/advisories/GHSA-v3cg-7r9h-r2g6", + "refsource": "MISC", + "name": "https://github.com/opensearch-project/security/security/advisories/GHSA-v3cg-7r9h-r2g6" + }, + { + "url": "https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0", + "refsource": "MISC", + "name": "https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0" + } + ] + }, + "source": { + "advisory": "GHSA-v3cg-7r9h-r2g6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23903.json b/2023/23xxx/CVE-2023-23903.json new file mode 100644 index 00000000000..51c0460fc43 --- /dev/null +++ b/2023/23xxx/CVE-2023-23903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-23903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24015.json b/2023/24xxx/CVE-2023-24015.json new file mode 100644 index 00000000000..5f73fcd54e4 --- /dev/null +++ b/2023/24xxx/CVE-2023-24015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24039.json b/2023/24xxx/CVE-2023-24039.json index aa6b122da5f..94ec9a9ebbb 100644 --- a/2023/24xxx/CVE-2023-24039.json +++ b/2023/24xxx/CVE-2023-24039.json @@ -66,6 +66,11 @@ "url": "https://security.humanativaspa.it/nothing-new-under-the-sun/", "refsource": "MISC", "name": "https://security.humanativaspa.it/nothing-new-under-the-sun/" + }, + { + "refsource": "FULLDISC", + "name": "20230123 Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm", + "url": "http://seclists.org/fulldisclosure/2023/Jan/24" } ] } diff --git a/2023/24xxx/CVE-2023-24040.json b/2023/24xxx/CVE-2023-24040.json index b9f10189b14..79024e081bd 100644 --- a/2023/24xxx/CVE-2023-24040.json +++ b/2023/24xxx/CVE-2023-24040.json @@ -61,6 +61,11 @@ "url": "https://security.humanativaspa.it/nothing-new-under-the-sun/", "refsource": "MISC", "name": "https://security.humanativaspa.it/nothing-new-under-the-sun/" + }, + { + "refsource": "FULLDISC", + "name": "20230123 Re: HNS-2022-01 - HN Security Advisory - Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm", + "url": "http://seclists.org/fulldisclosure/2023/Jan/24" } ] } diff --git a/2023/24xxx/CVE-2023-24057.json b/2023/24xxx/CVE-2023-24057.json index 6f4d6f0bf57..779b861e0b3 100644 --- a/2023/24xxx/CVE-2023-24057.json +++ b/2023/24xxx/CVE-2023-24057.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24057", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24057", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg", + "url": "https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-xr8x-pxm6-prjg" } ] } diff --git a/2023/24xxx/CVE-2023-24471.json b/2023/24xxx/CVE-2023-24471.json new file mode 100644 index 00000000000..b9131a48da3 --- /dev/null +++ b/2023/24xxx/CVE-2023-24471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24477.json b/2023/24xxx/CVE-2023-24477.json new file mode 100644 index 00000000000..6445d601bde --- /dev/null +++ b/2023/24xxx/CVE-2023-24477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24477", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24482.json b/2023/24xxx/CVE-2023-24482.json new file mode 100644 index 00000000000..53a709b3e44 --- /dev/null +++ b/2023/24xxx/CVE-2023-24482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24509.json b/2023/24xxx/CVE-2023-24509.json new file mode 100644 index 00000000000..4bc0fab2403 --- /dev/null +++ b/2023/24xxx/CVE-2023-24509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24510.json b/2023/24xxx/CVE-2023-24510.json new file mode 100644 index 00000000000..d62bfcb4eb4 --- /dev/null +++ b/2023/24xxx/CVE-2023-24510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24511.json b/2023/24xxx/CVE-2023-24511.json new file mode 100644 index 00000000000..906534915dc --- /dev/null +++ b/2023/24xxx/CVE-2023-24511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24512.json b/2023/24xxx/CVE-2023-24512.json new file mode 100644 index 00000000000..a41c80e22cc --- /dev/null +++ b/2023/24xxx/CVE-2023-24512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24513.json b/2023/24xxx/CVE-2023-24513.json new file mode 100644 index 00000000000..69b501c73b0 --- /dev/null +++ b/2023/24xxx/CVE-2023-24513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file