From dceff35f512c1b4e812ef943fb5a7821ffa6bb6b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 Dec 2023 15:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/25xxx/CVE-2019-25158.json | 116 +++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22962.json | 64 ++++++++++++++++-- 2021/3xxx/CVE-2021-3784.json | 4 +- 2023/1xxx/CVE-2023-1514.json | 86 ++++++++++++++++++++++-- 2023/25xxx/CVE-2023-25715.json | 113 ++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2809.json | 4 +- 2023/40xxx/CVE-2023-40660.json | 62 +++++++++++++----- 2023/40xxx/CVE-2023-40661.json | 62 +++++++++++++----- 2023/41xxx/CVE-2023-41727.json | 64 ++++++++++++++++-- 2023/43xxx/CVE-2023-43870.json | 79 ++++++++++++++++++++-- 2023/44xxx/CVE-2023-44983.json | 113 ++++++++++++++++++++++++++++++-- 2023/44xxx/CVE-2023-44991.json | 113 ++++++++++++++++++++++++++++++-- 2023/46xxx/CVE-2023-46104.json | 95 +++++++++++++++++++++++++-- 2023/46xxx/CVE-2023-46216.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46217.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46220.json | 73 +++++++++++++++++++-- 2023/46xxx/CVE-2023-46221.json | 73 +++++++++++++++++++-- 2023/46xxx/CVE-2023-46222.json | 73 +++++++++++++++++++-- 2023/46xxx/CVE-2023-46223.json | 73 +++++++++++++++++++-- 2023/46xxx/CVE-2023-46224.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46225.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46257.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46258.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46259.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46260.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46261.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46262.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46263.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46264.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46265.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46266.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46803.json | 64 ++++++++++++++++-- 2023/46xxx/CVE-2023-46804.json | 64 ++++++++++++++++-- 2023/49xxx/CVE-2023-49734.json | 95 +++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49736.json | 95 +++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4535.json | 39 +++++++---- 2023/4xxx/CVE-2023-4590.json | 4 +- 2023/50xxx/CVE-2023-50761.json | 67 +++++++++++++++++-- 2023/50xxx/CVE-2023-50762.json | 67 +++++++++++++++++-- 2023/51xxx/CVE-2023-51438.json | 18 +++++ 2023/51xxx/CVE-2023-51439.json | 18 +++++ 2023/51xxx/CVE-2023-51440.json | 18 +++++ 2023/51xxx/CVE-2023-51441.json | 18 +++++ 2023/51xxx/CVE-2023-51442.json | 18 +++++ 2023/51xxx/CVE-2023-51443.json | 18 +++++ 2023/51xxx/CVE-2023-51444.json | 18 +++++ 2023/51xxx/CVE-2023-51445.json | 18 +++++ 2023/51xxx/CVE-2023-51446.json | 18 +++++ 2023/51xxx/CVE-2023-51447.json | 18 +++++ 2023/51xxx/CVE-2023-51448.json | 18 +++++ 2023/51xxx/CVE-2023-51449.json | 18 +++++ 2023/51xxx/CVE-2023-51450.json | 18 +++++ 2023/51xxx/CVE-2023-51451.json | 18 +++++ 2023/51xxx/CVE-2023-51452.json | 18 +++++ 2023/51xxx/CVE-2023-51453.json | 18 +++++ 2023/51xxx/CVE-2023-51454.json | 18 +++++ 2023/51xxx/CVE-2023-51455.json | 18 +++++ 2023/51xxx/CVE-2023-51456.json | 18 +++++ 2023/5xxx/CVE-2023-5499.json | 4 +- 2023/5xxx/CVE-2023-5871.json | 4 +- 2023/6xxx/CVE-2023-6135.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6280.json | 85 ++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6448.json | 5 ++ 2023/6xxx/CVE-2023-6711.json | 113 ++++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6730.json | 82 +++++++++++++++++++++-- 2023/6xxx/CVE-2023-6856.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6857.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6858.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6859.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6860.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6861.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6862.json | 84 ++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6863.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6864.json | 101 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6865.json | 84 ++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6866.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6867.json | 84 ++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6868.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6869.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6870.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6871.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6872.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6873.json | 67 +++++++++++++++++-- 2023/6xxx/CVE-2023-6913.json | 97 +++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6931.json | 90 +++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6932.json | 84 ++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6945.json | 105 +++++++++++++++++++++++++++++ 2023/6xxx/CVE-2023-6946.json | 18 +++++ 2023/6xxx/CVE-2023-6947.json | 18 +++++ 2023/6xxx/CVE-2023-6948.json | 18 +++++ 2023/6xxx/CVE-2023-6949.json | 18 +++++ 2023/6xxx/CVE-2023-6950.json | 18 +++++ 2023/6xxx/CVE-2023-6951.json | 18 +++++ 2023/6xxx/CVE-2023-6952.json | 18 +++++ 2023/6xxx/CVE-2023-6953.json | 18 +++++ 95 files changed, 5097 insertions(+), 312 deletions(-) create mode 100644 2023/51xxx/CVE-2023-51438.json create mode 100644 2023/51xxx/CVE-2023-51439.json create mode 100644 2023/51xxx/CVE-2023-51440.json create mode 100644 2023/51xxx/CVE-2023-51441.json create mode 100644 2023/51xxx/CVE-2023-51442.json create mode 100644 2023/51xxx/CVE-2023-51443.json create mode 100644 2023/51xxx/CVE-2023-51444.json create mode 100644 2023/51xxx/CVE-2023-51445.json create mode 100644 2023/51xxx/CVE-2023-51446.json create mode 100644 2023/51xxx/CVE-2023-51447.json create mode 100644 2023/51xxx/CVE-2023-51448.json create mode 100644 2023/51xxx/CVE-2023-51449.json create mode 100644 2023/51xxx/CVE-2023-51450.json create mode 100644 2023/51xxx/CVE-2023-51451.json create mode 100644 2023/51xxx/CVE-2023-51452.json create mode 100644 2023/51xxx/CVE-2023-51453.json create mode 100644 2023/51xxx/CVE-2023-51454.json create mode 100644 2023/51xxx/CVE-2023-51455.json create mode 100644 2023/51xxx/CVE-2023-51456.json create mode 100644 2023/6xxx/CVE-2023-6945.json create mode 100644 2023/6xxx/CVE-2023-6946.json create mode 100644 2023/6xxx/CVE-2023-6947.json create mode 100644 2023/6xxx/CVE-2023-6948.json create mode 100644 2023/6xxx/CVE-2023-6949.json create mode 100644 2023/6xxx/CVE-2023-6950.json create mode 100644 2023/6xxx/CVE-2023-6951.json create mode 100644 2023/6xxx/CVE-2023-6952.json create mode 100644 2023/6xxx/CVE-2023-6953.json diff --git a/2019/25xxx/CVE-2019-25158.json b/2019/25xxx/CVE-2019-25158.json index aecc5986d6d..b469df6bf88 100644 --- a/2019/25xxx/CVE-2019-25158.json +++ b/2019/25xxx/CVE-2019-25158.json @@ -1,17 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-25158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In pedroetb tts-api bis 2.1.4 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion onSpeechDone der Datei app.js. Durch Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 29d9c25415911ea2f8b6de247cb5c4607d13d434 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pedroetb", + "product": { + "product_data": [ + { + "product_name": "tts-api", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + }, + { + "version_affected": "=", + "version_value": "2.1.2" + }, + { + "version_affected": "=", + "version_value": "2.1.3" + }, + { + "version_affected": "=", + "version_value": "2.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.248278", + "refsource": "MISC", + "name": "https://vuldb.com/?id.248278" + }, + { + "url": "https://vuldb.com/?ctiid.248278", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.248278" + }, + { + "url": "https://github.com/pedroetb/tts-api/commit/29d9c25415911ea2f8b6de247cb5c4607d13d434", + "refsource": "MISC", + "name": "https://github.com/pedroetb/tts-api/commit/29d9c25415911ea2f8b6de247cb5c4607d13d434" + }, + { + "url": "https://github.com/pedroetb/tts-api/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/pedroetb/tts-api/releases/tag/v2.2.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2021/22xxx/CVE-2021-22962.json b/2021/22xxx/CVE-2021-22962.json index d8caf3dc14a..b8a52a4b42a 100644 --- a/2021/22xxx/CVE-2021-22962.json +++ b/2021/22xxx/CVE-2021-22962.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2021/3xxx/CVE-2021-3784.json b/2021/3xxx/CVE-2021-3784.json index 40443f6d193..62489960169 100644 --- a/2021/3xxx/CVE-2021-3784.json +++ b/2021/3xxx/CVE-2021-3784.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-285: Improper Authorization", - "cweId": "CWE-285" + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" } ] } diff --git a/2023/1xxx/CVE-2023-1514.json b/2023/1xxx/CVE-2023-1514.json index 4bdd6de120b..06cdd97b7ac 100644 --- a/2023/1xxx/CVE-2023-1514.json +++ b/2023/1xxx/CVE-2023-1514.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted\u00a0and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation", + "cweId": "CWE-295" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "RTU500 Scripting Interface", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.1.30" + }, + { + "version_affected": "=", + "version_value": "1.0.2" + }, + { + "version_affected": "=", + "version_value": "1.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000152&languageCode=en&Preview=true", + "refsource": "MISC", + "name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000152&languageCode=en&Preview=true" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25715.json b/2023/25xxx/CVE-2023-25715.json index 1cebb13de68..8b88e55ef04 100644 --- a/2023/25xxx/CVE-2023-25715.json +++ b/2023/25xxx/CVE-2023-25715.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in GamiPress GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GamiPress", + "product": { + "product_data": [ + { + "product_name": "GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.5.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.5.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-6-missing-authorization-leading-to-points-manipulation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-6-missing-authorization-leading-to-points-manipulation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.5.7 or a higher version." + } + ], + "value": "Update to\u00a02.5.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2809.json b/2023/2xxx/CVE-2023-2809.json index 2165d99dbb1..854bf2949e5 100644 --- a/2023/2xxx/CVE-2023-2809.json +++ b/2023/2xxx/CVE-2023-2809.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-798 Use of Hard-coded Credentials", - "cweId": "CWE-798" + "value": "CWE-312 Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" } ] } diff --git a/2023/40xxx/CVE-2023-40660.json b/2023/40xxx/CVE-2023-40660.json index a40867a2d3e..10c414808f0 100644 --- a/2023/40xxx/CVE-2023-40660.json +++ b/2023/40xxx/CVE-2023-40660.json @@ -60,19 +60,6 @@ "vendor_name": "Red Hat", "product": { "product_data": [ - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -80,6 +67,14 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:0.20.0-7.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -93,11 +88,32 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:0.23.0-3.el9_3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } ] } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } } ] } @@ -127,6 +143,21 @@ }, "references": { "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/13/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/13/2" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7876", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:7876" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7879", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:7879" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-40660", "refsource": "MISC", @@ -156,11 +187,6 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2023/12/13/2", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2023/12/13/2" } ] }, diff --git a/2023/40xxx/CVE-2023-40661.json b/2023/40xxx/CVE-2023-40661.json index 8b67cb3098a..2c0b9334392 100644 --- a/2023/40xxx/CVE-2023-40661.json +++ b/2023/40xxx/CVE-2023-40661.json @@ -60,19 +60,6 @@ "vendor_name": "Red Hat", "product": { "product_data": [ - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -80,6 +67,14 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:0.20.0-7.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -93,11 +88,32 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:0.23.0-3.el9_3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } ] } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } } ] } @@ -127,6 +143,21 @@ }, "references": { "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/13/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/13/3" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7876", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:7876" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:7879", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:7879" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-40661", "refsource": "MISC", @@ -156,11 +187,6 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2023/12/13/3", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2023/12/13/3" } ] }, diff --git a/2023/41xxx/CVE-2023-41727.json b/2023/41xxx/CVE-2023-41727.json index 7a30477ccdb..2176c23f4ea 100644 --- a/2023/41xxx/CVE-2023-41727.json +++ b/2023/41xxx/CVE-2023-41727.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Wavelink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/43xxx/CVE-2023-43870.json b/2023/43xxx/CVE-2023-43870.json index f2a28e900da..453d4839450 100644 --- a/2023/43xxx/CVE-2023-43870.json +++ b/2023/43xxx/CVE-2023-43870.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cert@ncsc.nl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Paxton", + "product": { + "product_data": [ + { + "product_name": "Net2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.02", + "version_value": "6.07 SR1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.paxton-access.com/systems/net2/", + "refsource": "MISC", + "name": "https://www.paxton-access.com/systems/net2/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Jeroen Hermans, CloudAware, j.hermans@cloudaware[.]eu" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ] } diff --git a/2023/44xxx/CVE-2023-44983.json b/2023/44xxx/CVE-2023-44983.json index 8791c2338b6..8e4e6ff59ac 100644 --- a/2023/44xxx/CVE-2023-44983.json +++ b/2023/44xxx/CVE-2023-44983.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Aruba.it", + "product": { + "product_data": [ + { + "product_name": "Aruba HiSpeed Cache", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.0.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.0.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/aruba-hispeed-cache/wordpress-aruba-hispeed-cache-plugin-2-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.0.7 or a higher version." + } + ], + "value": "Update to\u00a02.0.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joshua Chan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44991.json b/2023/44xxx/CVE-2023-44991.json index 352cb43fb47..62079cb4ba6 100644 --- a/2023/44xxx/CVE-2023-44991.json +++ b/2023/44xxx/CVE-2023-44991.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jordy Meow", + "product": { + "product_data": [ + { + "product_name": "Media File Renamer: Rename Files (Manual, Auto & AI)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.7.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "5.6.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 5.7.0 or a higher version." + } + ], + "value": "Update to\u00a05.7.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joshua Chan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46104.json b/2023/46xxx/CVE-2023-46104.json index 4f618e02ede..c1e94231431 100644 --- a/2023/46xxx/CVE-2023-46104.json +++ b/2023/46xxx/CVE-2023-46104.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.\u00a0\u00a0\nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Superset", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.1.3" + }, + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/19/1" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dor Konis \u2013 GE Vernova" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46216.json b/2023/46xxx/CVE-2023-46216.json index 60da1319a4c..ddeff295021 100644 --- a/2023/46xxx/CVE-2023-46216.json +++ b/2023/46xxx/CVE-2023-46216.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Wavelink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46217.json b/2023/46xxx/CVE-2023-46217.json index 58c2933a6d2..ca89332086a 100644 --- a/2023/46xxx/CVE-2023-46217.json +++ b/2023/46xxx/CVE-2023-46217.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Wavelink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46220.json b/2023/46xxx/CVE-2023-46220.json index 2073e7592d2..f591a479d18 100644 --- a/2023/46xxx/CVE-2023-46220.json +++ b/2023/46xxx/CVE-2023-46220.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.4.1", + "status": "unaffected", + "lessThanOrEqual": "6.4.1", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46221.json b/2023/46xxx/CVE-2023-46221.json index 6afb9d757fe..23debc18e42 100644 --- a/2023/46xxx/CVE-2023-46221.json +++ b/2023/46xxx/CVE-2023-46221.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.4.1", + "status": "unaffected", + "lessThanOrEqual": "6.4.1", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46222.json b/2023/46xxx/CVE-2023-46222.json index 31a675c9f15..fd9ff1a6868 100644 --- a/2023/46xxx/CVE-2023-46222.json +++ b/2023/46xxx/CVE-2023-46222.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.4.1", + "status": "unaffected", + "lessThanOrEqual": "6.4.1", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46223.json b/2023/46xxx/CVE-2023-46223.json index eba45cc9cd0..9e68d13d476 100644 --- a/2023/46xxx/CVE-2023-46223.json +++ b/2023/46xxx/CVE-2023-46223.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.4.1", + "status": "unaffected", + "lessThanOrEqual": "6.4.1", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46224.json b/2023/46xxx/CVE-2023-46224.json index cebad7bef91..1a2fee0415f 100644 --- a/2023/46xxx/CVE-2023-46224.json +++ b/2023/46xxx/CVE-2023-46224.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46224", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46225.json b/2023/46xxx/CVE-2023-46225.json index 66364776a82..1a85d8746c6 100644 --- a/2023/46xxx/CVE-2023-46225.json +++ b/2023/46xxx/CVE-2023-46225.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46257.json b/2023/46xxx/CVE-2023-46257.json index 5078c7ac4dd..b2d842371f4 100644 --- a/2023/46xxx/CVE-2023-46257.json +++ b/2023/46xxx/CVE-2023-46257.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46258.json b/2023/46xxx/CVE-2023-46258.json index 13e34fde85f..85668535190 100644 --- a/2023/46xxx/CVE-2023-46258.json +++ b/2023/46xxx/CVE-2023-46258.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46258", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46259.json b/2023/46xxx/CVE-2023-46259.json index c47da487985..71b9ee885bf 100644 --- a/2023/46xxx/CVE-2023-46259.json +++ b/2023/46xxx/CVE-2023-46259.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46259", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46260.json b/2023/46xxx/CVE-2023-46260.json index ca171d3e0be..080c5ca4358 100644 --- a/2023/46xxx/CVE-2023-46260.json +++ b/2023/46xxx/CVE-2023-46260.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/46xxx/CVE-2023-46261.json b/2023/46xxx/CVE-2023-46261.json index e4405a3ceb3..0a05165c8f7 100644 --- a/2023/46xxx/CVE-2023-46261.json +++ b/2023/46xxx/CVE-2023-46261.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46261", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/46xxx/CVE-2023-46262.json b/2023/46xxx/CVE-2023-46262.json index 078fc9cacd7..9402689f149 100644 --- a/2023/46xxx/CVE-2023-46262.json +++ b/2023/46xxx/CVE-2023-46262.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46262", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/46xxx/CVE-2023-46263.json b/2023/46xxx/CVE-2023-46263.json index b98af135d5f..57f0d9fee11 100644 --- a/2023/46xxx/CVE-2023-46263.json +++ b/2023/46xxx/CVE-2023-46263.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46263", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2023/46xxx/CVE-2023-46264.json b/2023/46xxx/CVE-2023-46264.json index bc5161bc7f8..c2709c44147 100644 --- a/2023/46xxx/CVE-2023-46264.json +++ b/2023/46xxx/CVE-2023-46264.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2023/46xxx/CVE-2023-46265.json b/2023/46xxx/CVE-2023-46265.json index 193f5ea44f6..4770ffce83a 100644 --- a/2023/46xxx/CVE-2023-46265.json +++ b/2023/46xxx/CVE-2023-46265.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/46xxx/CVE-2023-46266.json b/2023/46xxx/CVE-2023-46266.json index ffc32863a1a..1a9ceef285e 100644 --- a/2023/46xxx/CVE-2023-46266.json +++ b/2023/46xxx/CVE-2023-46266.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2023/46xxx/CVE-2023-46803.json b/2023/46xxx/CVE-2023-46803.json index 49a74023fb3..7b272128a74 100644 --- a/2023/46xxx/CVE-2023-46803.json +++ b/2023/46xxx/CVE-2023-46803.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/46xxx/CVE-2023-46804.json b/2023/46xxx/CVE-2023-46804.json index 189d0d18efa..f594ce02c08 100644 --- a/2023/46xxx/CVE-2023-46804.json +++ b/2023/46xxx/CVE-2023-46804.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ivanti", + "product": { + "product_data": [ + { + "product_name": "Avalanche", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.1", + "version_value": "6.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt", + "refsource": "MISC", + "name": "https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49734.json b/2023/49xxx/CVE-2023-49734.json index f8fd94ec5b8..2851d88be85 100644 --- a/2023/49xxx/CVE-2023-49734.json +++ b/2023/49xxx/CVE-2023-49734.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Superset", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.1.2" + }, + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/19/3" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jordan Velich" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49736.json b/2023/49xxx/CVE-2023-49736.json index 258d8cf6ffc..063a68bee11 100644 --- a/2023/49xxx/CVE-2023-49736.json +++ b/2023/49xxx/CVE-2023-49736.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement\u00a0would allow for SQL injection\u00a0in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2, which fixes the issue.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Superset", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.1.2" + }, + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/19/2" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jack Prince-Fulls ( jf@incyan.com )" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4535.json b/2023/4xxx/CVE-2023-4535.json index b553c789466..3dc933e99cb 100644 --- a/2023/4xxx/CVE-2023-4535.json +++ b/2023/4xxx/CVE-2023-4535.json @@ -60,6 +60,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:0.23.0-3.el9_3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 7", "version": { @@ -85,19 +106,6 @@ } ] } - }, - { - "product_name": "Red Hat Enterprise Linux 9", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } } ] } @@ -127,6 +135,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:7879", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2023:7879" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4535", "refsource": "MISC", diff --git a/2023/4xxx/CVE-2023-4590.json b/2023/4xxx/CVE-2023-4590.json index 5444d6fe8bb..55900786be6 100644 --- a/2023/4xxx/CVE-2023-4590.json +++ b/2023/4xxx/CVE-2023-4590.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" } ] } diff --git a/2023/50xxx/CVE-2023-50761.json b/2023/50xxx/CVE-2023-50761.json index ea7c00eff73..1270cf2092c 100644 --- a/2023/50xxx/CVE-2023-50761.json +++ b/2023/50xxx/CVE-2023-50761.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "S/MIME signature accepted despite mismatching message date" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865647", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865647" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marcus Brinkmann" + } + ] } \ No newline at end of file diff --git a/2023/50xxx/CVE-2023-50762.json b/2023/50xxx/CVE-2023-50762.json index 840494a8e93..6660f182503 100644 --- a/2023/50xxx/CVE-2023-50762.json +++ b/2023/50xxx/CVE-2023-50762.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Truncated signed text was shown with a valid OpenPGP signature" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1862625", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1862625" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marcus Brinkmann" + } + ] } \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51438.json b/2023/51xxx/CVE-2023-51438.json new file mode 100644 index 00000000000..3d691162470 --- /dev/null +++ b/2023/51xxx/CVE-2023-51438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51439.json b/2023/51xxx/CVE-2023-51439.json new file mode 100644 index 00000000000..a668cf23a5e --- /dev/null +++ b/2023/51xxx/CVE-2023-51439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51440.json b/2023/51xxx/CVE-2023-51440.json new file mode 100644 index 00000000000..eae1d1558ae --- /dev/null +++ b/2023/51xxx/CVE-2023-51440.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51440", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51441.json b/2023/51xxx/CVE-2023-51441.json new file mode 100644 index 00000000000..6aa8a3464c0 --- /dev/null +++ b/2023/51xxx/CVE-2023-51441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51441", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51442.json b/2023/51xxx/CVE-2023-51442.json new file mode 100644 index 00000000000..0bc70fc1d82 --- /dev/null +++ b/2023/51xxx/CVE-2023-51442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51442", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51443.json b/2023/51xxx/CVE-2023-51443.json new file mode 100644 index 00000000000..1a4656c73ec --- /dev/null +++ b/2023/51xxx/CVE-2023-51443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51444.json b/2023/51xxx/CVE-2023-51444.json new file mode 100644 index 00000000000..5f987913311 --- /dev/null +++ b/2023/51xxx/CVE-2023-51444.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51444", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51445.json b/2023/51xxx/CVE-2023-51445.json new file mode 100644 index 00000000000..60c5b8fcf4b --- /dev/null +++ b/2023/51xxx/CVE-2023-51445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51446.json b/2023/51xxx/CVE-2023-51446.json new file mode 100644 index 00000000000..ef26dab9e6f --- /dev/null +++ b/2023/51xxx/CVE-2023-51446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51447.json b/2023/51xxx/CVE-2023-51447.json new file mode 100644 index 00000000000..dcd01e179c2 --- /dev/null +++ b/2023/51xxx/CVE-2023-51447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51448.json b/2023/51xxx/CVE-2023-51448.json new file mode 100644 index 00000000000..54cbff6018f --- /dev/null +++ b/2023/51xxx/CVE-2023-51448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51449.json b/2023/51xxx/CVE-2023-51449.json new file mode 100644 index 00000000000..39075f649ab --- /dev/null +++ b/2023/51xxx/CVE-2023-51449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51450.json b/2023/51xxx/CVE-2023-51450.json new file mode 100644 index 00000000000..c7f3f479669 --- /dev/null +++ b/2023/51xxx/CVE-2023-51450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51451.json b/2023/51xxx/CVE-2023-51451.json new file mode 100644 index 00000000000..4b1bcc0b245 --- /dev/null +++ b/2023/51xxx/CVE-2023-51451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51452.json b/2023/51xxx/CVE-2023-51452.json new file mode 100644 index 00000000000..7ebc33574f2 --- /dev/null +++ b/2023/51xxx/CVE-2023-51452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51453.json b/2023/51xxx/CVE-2023-51453.json new file mode 100644 index 00000000000..033f7b12ac7 --- /dev/null +++ b/2023/51xxx/CVE-2023-51453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51454.json b/2023/51xxx/CVE-2023-51454.json new file mode 100644 index 00000000000..8a10e47be2f --- /dev/null +++ b/2023/51xxx/CVE-2023-51454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51455.json b/2023/51xxx/CVE-2023-51455.json new file mode 100644 index 00000000000..c265d795bab --- /dev/null +++ b/2023/51xxx/CVE-2023-51455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51456.json b/2023/51xxx/CVE-2023-51456.json new file mode 100644 index 00000000000..de06f28a448 --- /dev/null +++ b/2023/51xxx/CVE-2023-51456.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51456", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5499.json b/2023/5xxx/CVE-2023-5499.json index 87bc2813775..9d6e4e0a05c 100644 --- a/2023/5xxx/CVE-2023-5499.json +++ b/2023/5xxx/CVE-2023-5499.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", - "cweId": "CWE-200" + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" } ] } diff --git a/2023/5xxx/CVE-2023-5871.json b/2023/5xxx/CVE-2023-5871.json index 68b7618ccc4..7e67bea73c0 100644 --- a/2023/5xxx/CVE-2023-5871.json +++ b/2023/5xxx/CVE-2023-5871.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Lack of Administrator Control over Security", - "cweId": "CWE-671" + "value": "Reachable Assertion", + "cweId": "CWE-617" } ] } diff --git a/2023/6xxx/CVE-2023-6135.json b/2023/6xxx/CVE-2023-6135.json index 75a9646d149..5a83f0f30c4 100644 --- a/2023/6xxx/CVE-2023-6135.json +++ b/2023/6xxx/CVE-2023-6135.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NSS susceptible to \"Minerva\" attack" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1853908", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1853908" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "George Pantela (Red Hat) and Hubert Kario (Red Hat)" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6280.json b/2023/6xxx/CVE-2023-6280.json index f194e29fd2e..712750ec3ea 100644 --- a/2023/6xxx/CVE-2023-6280.json +++ b/2023/6xxx/CVE-2023-6280.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "52North", + "product": { + "product_data": [ + { + "product_name": "52North WPS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.0.0-beta.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Angel Heredia P\u00e9rez" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6448.json b/2023/6xxx/CVE-2023-6448.json index 526b7be1ef8..bcc5f1b7837 100644 --- a/2023/6xxx/CVE-2023-6448.json +++ b/2023/6xxx/CVE-2023-6448.json @@ -69,6 +69,11 @@ "url": "https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf", "refsource": "MISC", "name": "https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf" + }, + { + "url": "https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf", + "refsource": "MISC", + "name": "https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf" } ] }, diff --git a/2023/6xxx/CVE-2023-6711.json b/2023/6xxx/CVE-2023-6711.json index 3016331cfdd..e0e1d043eaa 100644 --- a/2023/6xxx/CVE-2023-6711.json +++ b/2023/6xxx/CVE-2023-6711.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "RTU500 series CMU Firmware", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "12.0.1", + "version_value": "12.0.14" + }, + { + "version_affected": "<=", + "version_name": "12.2.1", + "version_value": "12.2.11" + }, + { + "version_affected": "<=", + "version_name": "12.4.1", + "version_value": "12.4.11" + }, + { + "version_affected": "<=", + "version_name": "12.6.1", + "version_value": "12.6.9" + }, + { + "version_affected": "<=", + "version_name": "12.7.1", + "version_value": "12.7.6" + }, + { + "version_affected": "<=", + "version_name": "13.2.1", + "version_value": "13.2.6" + }, + { + "version_affected": "<=", + "version_name": "13.4.1", + "version_value": "13.4.3" + }, + { + "version_affected": "=", + "version_value": "13.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000184&languageCode=en&Preview=true", + "refsource": "MISC", + "name": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000184&languageCode=en&Preview=true" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6730.json b/2023/6xxx/CVE-2023-6730.json index ee7e358857d..232e746bfe1 100644 --- a/2023/6xxx/CVE-2023-6730.json +++ b/2023/6xxx/CVE-2023-6730.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "huggingface", + "product": { + "product_data": [ + { + "product_name": "huggingface/transformers", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "4.36" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16", + "refsource": "MISC", + "name": "https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16" + }, + { + "url": "https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce", + "refsource": "MISC", + "name": "https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce" + } + ] + }, + "source": { + "advisory": "423611ee-7a2a-442a-babb-3ed2f8385c16", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/6xxx/CVE-2023-6856.json b/2023/6xxx/CVE-2023-6856.json index 399af206341..ede6267c469 100644 --- a/2023/6xxx/CVE-2023-6856.json +++ b/2023/6xxx/CVE-2023-6856.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-buffer-overflow affecting WebGL `DrawElementsInstanced` method with Mesa VM driver" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843782" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "DoHyun Lee" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6857.json b/2023/6xxx/CVE-2023-6857.json index 6710fdfc9a8..1e8e1f6e2c0 100644 --- a/2023/6xxx/CVE-2023-6857.json +++ b/2023/6xxx/CVE-2023-6857.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. \n*This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symlinks may resolve to smaller than expected buffers" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1796023", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1796023" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Jed Davis" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6858.json b/2023/6xxx/CVE-2023-6858.json index d3527903e4a..8914bf858ae 100644 --- a/2023/6xxx/CVE-2023-6858.json +++ b/2023/6xxx/CVE-2023-6858.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6858", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow in `nsTextFragment`" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826791", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826791" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Irvan Kurniawan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6859.json b/2023/6xxx/CVE-2023-6859.json index fb05f3f6790..f2e4c9a6534 100644 --- a/2023/6xxx/CVE-2023-6859.json +++ b/2023/6xxx/CVE-2023-6859.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in PR_GetIdentitiesLayer" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840144", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1840144" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Irvan Kurniawan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6860.json b/2023/6xxx/CVE-2023-6860.json index 0ff0702bbf0..f960f338761 100644 --- a/2023/6xxx/CVE-2023-6860.json +++ b/2023/6xxx/CVE-2023-6860.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential sandbox escape due to `VideoBridge` lack of texture validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854669", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854669" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Andrew Osmond" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6861.json b/2023/6xxx/CVE-2023-6861.json index 43b43442fa7..8c27e33c777 100644 --- a/2023/6xxx/CVE-2023-6861.json +++ b/2023/6xxx/CVE-2023-6861.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow affected `nsWindow::PickerOpen(void)` in headless mode" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864118", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864118" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Yangkang of 360 ATA Team" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6862.json b/2023/6xxx/CVE-2023-6862.json index 8baa38a0a04..c54cb3ad005 100644 --- a/2023/6xxx/CVE-2023-6862.json +++ b/2023/6xxx/CVE-2023-6862.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in `nsDNSService`" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868042" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Randell Jesup" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6863.json b/2023/6xxx/CVE-2023-6863.json index e282624359e..2c500aac380 100644 --- a/2023/6xxx/CVE-2023-6863.json +++ b/2023/6xxx/CVE-2023-6863.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Undefined behavior in `ShutdownObserver()`" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868901", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1868901" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ronald Crane" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6864.json b/2023/6xxx/CVE-2023-6864.json index d18bf187821..76838e3f986 100644 --- a/2023/6xxx/CVE-2023-6864.json +++ b/2023/6xxx/CVE-2023-6864.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736385%2C1810805%2C1846328%2C1856090%2C1858033%2C1858509%2C1862089%2C1862777%2C1864015", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736385%2C1810805%2C1846328%2C1856090%2C1858033%2C1858509%2C1862089%2C1862777%2C1864015" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-55/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Andrew McCreight, the Mozilla Fuzzing Team, Karl Tomlinson, Valentin Gosu, Randell Jesup, Yury Delendik" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6865.json b/2023/6xxx/CVE-2023-6865.json index 3f6f44dfda1..d7c0d03294d 100644 --- a/2023/6xxx/CVE-2023-6865.json +++ b/2023/6xxx/CVE-2023-6865.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential exposure of uninitialized data in `EncryptingOutputStream`" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864123", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864123" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Jan Varga" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6866.json b/2023/6xxx/CVE-2023-6866.json index 4f1af658dab..aff9ae6fee9 100644 --- a/2023/6xxx/CVE-2023-6866.json +++ b/2023/6xxx/CVE-2023-6866.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TypedArrays lack sufficient exception handling" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1849037", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1849037" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tom Schuster" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6867.json b/2023/6xxx/CVE-2023-6867.json index 535b2813af7..c9b61d52156 100644 --- a/2023/6xxx/CVE-2023-6867.json +++ b/2023/6xxx/CVE-2023-6867.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clickjacking permission prompts using the popup transition" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863863", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863863" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Hafiizh" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6868.json b/2023/6xxx/CVE-2023-6868.json index f807fd28f0b..10344799131 100644 --- a/2023/6xxx/CVE-2023-6868.json +++ b/2023/6xxx/CVE-2023-6868.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebPush requests on Firefox for Android did not require VAPID key" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "John-Mark Gurney" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6869.json b/2023/6xxx/CVE-2023-6869.json index 93d71dd3ff3..84c3ba819c0 100644 --- a/2023/6xxx/CVE-2023-6869.json +++ b/2023/6xxx/CVE-2023-6869.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6869", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A `` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Content can paint outside of sandboxed iframe" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1799036", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1799036" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Oriol Brufau" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6870.json b/2023/6xxx/CVE-2023-6870.json index 8f60f273538..da92e059375 100644 --- a/2023/6xxx/CVE-2023-6870.json +++ b/2023/6xxx/CVE-2023-6870.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. \n*This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Android Toast notifications may obscure fullscreen event notifications" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823316", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823316" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Hafiizh" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6871.json b/2023/6xxx/CVE-2023-6871.json index 4420e4fd204..32cab165911 100644 --- a/2023/6xxx/CVE-2023-6871.json +++ b/2023/6xxx/CVE-2023-6871.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lack of protocol handler warning in some instances" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1828334", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1828334" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Roy Gunsen" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6872.json b/2023/6xxx/CVE-2023-6872.json index f15cdabf0d5..90a685f1eb3 100644 --- a/2023/6xxx/CVE-2023-6872.json +++ b/2023/6xxx/CVE-2023-6872.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Browsing history leaked to syslogs via GNOME" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1849186", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1849186" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "honorton via Tor Browser" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6873.json b/2023/6xxx/CVE-2023-6873.json index 68795ae454b..9a49b271738 100644 --- a/2023/6xxx/CVE-2023-6873.json +++ b/2023/6xxx/CVE-2023-6873.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855327%2C1862089%2C1862723", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855327%2C1862089%2C1862723" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-56/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Andrew McCreight, Yury Delendik" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6913.json b/2023/6xxx/CVE-2023-6913.json index 5c92bd5c2c0..257294732b3 100644 --- a/2023/6xxx/CVE-2023-6913.json +++ b/2023/6xxx/CVE-2023-6913.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-384 Session Fixation", + "cweId": "CWE-384" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Imou", + "product": { + "product_data": [ + { + "product_name": "Imou Life app", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-app", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-app" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vulnerability fixed in later versions. " + } + ], + "value": "Vulnerability fixed in later versions. " + } + ], + "credits": [ + { + "lang": "en", + "value": "Jan Adamski (johnny1337.pl)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6931.json b/2023/6xxx/CVE-2023-6931.json index f28e2adc7a1..45058d4c4cb 100644 --- a/2023/6xxx/CVE-2023-6931.json +++ b/2023/6xxx/CVE-2023-6931.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.3", + "version_value": "6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b" + }, + { + "url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b", + "refsource": "MISC", + "name": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Budimir Markovic" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2023/6xxx/CVE-2023-6932.json b/2023/6xxx/CVE-2023-6932.json index 99cd87ed0f3..0db5efbf9cc 100644 --- a/2023/6xxx/CVE-2023-6932.json +++ b/2023/6xxx/CVE-2023-6932.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.6.12", + "version_value": "6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1" + }, + { + "url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1", + "refsource": "MISC", + "name": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2023/6xxx/CVE-2023-6945.json b/2023/6xxx/CVE-2023-6945.json new file mode 100644 index 00000000000..a0611b75156 --- /dev/null +++ b/2023/6xxx/CVE-2023-6945.json @@ -0,0 +1,105 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-6945", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Online Student Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei edit-student-detail.php. Durch Manipulieren des Arguments notmsg mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Student Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.248377", + "refsource": "MISC", + "name": "https://vuldb.com/?id.248377" + }, + { + "url": "https://vuldb.com/?ctiid.248377", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.248377" + }, + { + "url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Online%20student%20management%20system(XSS)%202.md", + "refsource": "MISC", + "name": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Online%20student%20management%20system(XSS)%202.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "webray.com.cn (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6946.json b/2023/6xxx/CVE-2023-6946.json new file mode 100644 index 00000000000..59611e7f021 --- /dev/null +++ b/2023/6xxx/CVE-2023-6946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6947.json b/2023/6xxx/CVE-2023-6947.json new file mode 100644 index 00000000000..98028bb3d23 --- /dev/null +++ b/2023/6xxx/CVE-2023-6947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6948.json b/2023/6xxx/CVE-2023-6948.json new file mode 100644 index 00000000000..4bda6a75c1d --- /dev/null +++ b/2023/6xxx/CVE-2023-6948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6949.json b/2023/6xxx/CVE-2023-6949.json new file mode 100644 index 00000000000..83aaa3338fa --- /dev/null +++ b/2023/6xxx/CVE-2023-6949.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6949", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6950.json b/2023/6xxx/CVE-2023-6950.json new file mode 100644 index 00000000000..059fce0c417 --- /dev/null +++ b/2023/6xxx/CVE-2023-6950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6951.json b/2023/6xxx/CVE-2023-6951.json new file mode 100644 index 00000000000..f211145bd2c --- /dev/null +++ b/2023/6xxx/CVE-2023-6951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6952.json b/2023/6xxx/CVE-2023-6952.json new file mode 100644 index 00000000000..f1a7938c738 --- /dev/null +++ b/2023/6xxx/CVE-2023-6952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6953.json b/2023/6xxx/CVE-2023-6953.json new file mode 100644 index 00000000000..5bb3e16df63 --- /dev/null +++ b/2023/6xxx/CVE-2023-6953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file