From de1ffc0a392f534e52ebd90e2338e84f6e7ea425 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 Sep 2023 13:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/45xxx/CVE-2022-45448.json | 93 ++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0829.json | 98 +++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3341.json | 119 +++++++++++++++++++++++++++++++-- 2023/43xxx/CVE-2023-43477.json | 79 ++++++++++++++++++++-- 2023/43xxx/CVE-2023-43625.json | 18 +++++ 2023/4xxx/CVE-2023-4236.json | 104 ++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5085.json | 18 +++++ 2023/5xxx/CVE-2023-5086.json | 18 +++++ 8 files changed, 527 insertions(+), 20 deletions(-) create mode 100644 2023/43xxx/CVE-2023-43625.json create mode 100644 2023/5xxx/CVE-2023-5085.json create mode 100644 2023/5xxx/CVE-2023-5086.json diff --git a/2022/45xxx/CVE-2022-45448.json b/2022/45xxx/CVE-2022-45448.json index 29617a0631d..0c2c15cb956 100644 --- a/2022/45xxx/CVE-2022-45448.json +++ b/2022/45xxx/CVE-2022-45448.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Prestashop", + "product": { + "product_data": [ + { + "product_name": "M4 PDF plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Francisco D\u00edaz-Pache Alonso" + }, + { + "lang": "en", + "value": "David \u00c1lvarez Robles" + }, + { + "lang": "en", + "value": "Sergio Corral Cristo" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0829.json b/2023/0xxx/CVE-2023-0829.json index 3650b10bb41..47a2adacffe 100644 --- a/2023/0xxx/CVE-2023-0829.json +++ b/2023/0xxx/CVE-2023-0829.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0829", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Plesk", + "product": { + "product_data": [ + { + "product_name": "Plesk", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "17.0", + "version_value": "18.0.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This vulnerability is fixed in the latest supported versions of Plesk." + } + ], + "value": "This vulnerability is fixed in the latest supported versions of Plesk." + } + ], + "credits": [ + { + "lang": "en", + "value": "Tarek Bouali (@iambouali)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3341.json b/2023/3xxx/CVE-2023-3341.json index 47ff1116958..a44a8ac3636 100644 --- a/2023/3xxx/CVE-2023-3341.json +++ b/2023/3xxx/CVE-2023-3341.json @@ -1,17 +1,128 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-officer@isc.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ISC", + "product": { + "product_data": [ + { + "product_name": "BIND 9", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "9.2.0", + "version_value": "9.16.43" + }, + { + "version_affected": "<=", + "version_name": "9.18.0", + "version_value": "9.18.18" + }, + { + "version_affected": "<=", + "version_name": "9.19.0", + "version_value": "9.19.16" + }, + { + "version_affected": "<=", + "version_name": "9.9.3-S1", + "version_value": "9.16.43-S1" + }, + { + "version_affected": "<=", + "version_name": "9.18.0-S1", + "version_value": "9.18.18-S1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kb.isc.org/docs/cve-2023-3341", + "refsource": "MISC", + "name": "https://kb.isc.org/docs/cve-2023-3341" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "value": "By default, `named` only allows control-channel connections over the loopback interface, making this attack impossible to carry out over the network. When enabling remote access to the control channel's configured TCP port, care should be taken to limit such access to trusted IP ranges on the network level, effectively preventing unauthorized parties from carrying out the attack described in this advisory." + } + ], + "exploit": [ + { + "lang": "en", + "value": "We are not aware of any active exploits." + } + ], + "solution": [ + { + "lang": "en", + "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, or 9.18.19-S1." + } + ], + "credits": [ + { + "lang": "en", + "value": "ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing this vulnerability to our attention." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/43xxx/CVE-2023-43477.json b/2023/43xxx/CVE-2023-43477.json index 42bd49e5bba..fffbbd71575 100644 --- a/2023/43xxx/CVE-2023-43477.json +++ b/2023/43xxx/CVE-2023-43477.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.\u00a0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Telstra", + "product": { + "product_data": [ + { + "product_name": "Smart Modem Gen 2 (Arcadyan LH1000)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "0.18.15r" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2023-19", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2023-19" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43625.json b/2023/43xxx/CVE-2023-43625.json new file mode 100644 index 00000000000..cb1ebfa8ab7 --- /dev/null +++ b/2023/43xxx/CVE-2023-43625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-43625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4236.json b/2023/4xxx/CVE-2023-4236.json index 97ff97577cc..0d3dc34d7d5 100644 --- a/2023/4xxx/CVE-2023-4236.json +++ b/2023/4xxx/CVE-2023-4236.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-officer@isc.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ISC", + "product": { + "product_data": [ + { + "product_name": "BIND 9", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "9.18.0", + "version_value": "9.18.18" + }, + { + "version_affected": "<=", + "version_name": "9.18.11-S1", + "version_value": "9.18.18-S1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kb.isc.org/docs/cve-2023-4236", + "refsource": "MISC", + "name": "https://kb.isc.org/docs/cve-2023-4236" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "value": "Disabling listening for DNS-over-TLS connections (by removing `listen-on ... tls ... { ... };` statements from the configuration) prevents the affected code paths from being taken, rendering exploitation impossible. However, there is no workaround for this flaw if DNS-over-TLS support is required." + } + ], + "exploit": [ + { + "lang": "en", + "value": "We are not aware of any active exploits." + } + ], + "solution": [ + { + "lang": "en", + "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.19 or 9.18.19-S1." + } + ], + "credits": [ + { + "lang": "en", + "value": "ISC would like to thank Robert Story from the USC/ISI DNS root server operations team for bringing this vulnerability to our attention." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/5xxx/CVE-2023-5085.json b/2023/5xxx/CVE-2023-5085.json new file mode 100644 index 00000000000..2cdee692fa3 --- /dev/null +++ b/2023/5xxx/CVE-2023-5085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5086.json b/2023/5xxx/CVE-2023-5086.json new file mode 100644 index 00000000000..8930769a09a --- /dev/null +++ b/2023/5xxx/CVE-2023-5086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file