From defa74b48bca15a94fd1b1f0fc2fd791d362d3a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 10 Jul 2023 17:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/36xxx/CVE-2023-36375.json | 61 ++++++++++++++++++++--- 2023/37xxx/CVE-2023-37277.json | 90 ++++++++++++++++++++++++++++++++-- 2023/37xxx/CVE-2023-37700.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37701.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37702.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37703.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37704.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37705.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37706.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37707.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37710.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37711.json | 56 ++++++++++++++++++--- 2023/37xxx/CVE-2023-37712.json | 56 ++++++++++++++++++--- 2023/3xxx/CVE-2023-3389.json | 10 ++-- 14 files changed, 696 insertions(+), 81 deletions(-) diff --git a/2023/36xxx/CVE-2023-36375.json b/2023/36xxx/CVE-2023-36375.json index 94e0d64bb9d..87793614eb8 100644 --- a/2023/36xxx/CVE-2023-36375.json +++ b/2023/36xxx/CVE-2023-36375.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com", + "refsource": "MISC", + "name": "https://packetstormsecurity.com" + }, + { + "refsource": "CONFIRM", + "name": "https://medium.com/@ridheshgohil1092/cve-2023-36375-xss-on-hostel-management-system-d654e6df26bc", + "url": "https://medium.com/@ridheshgohil1092/cve-2023-36375-xss-on-hostel-management-system-d654e6df26bc" } ] } diff --git a/2023/37xxx/CVE-2023-37277.json b/2023/37xxx/CVE-2023-37277.json index e64a7830170..f4f8b3c826c 100644 --- a/2023/37xxx/CVE-2023-37277.json +++ b/2023/37xxx/CVE-2023-37277.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the integrity, availability and confidentiality of the whole XWiki installation. For regular cookie-based authentication, the vulnerability is mitigated by SameSite cookie restrictions but as of March 2023, these are not enabled by default in Firefox and Safari. The vulnerability has been patched in XWiki 14.10.8 and 15.2 by requiring a CSRF token header for certain request types that are susceptible to CSRF attacks.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xwiki", + "product": { + "product_data": [ + { + "product_name": "xwiki-platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.8, < 14.10.8" + }, + { + "version_affected": "=", + "version_value": ">= 15.0-rc-1, < 15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20135", + "refsource": "MISC", + "name": "https://jira.xwiki.org/browse/XWIKI-20135" + } + ] + }, + "source": { + "advisory": "GHSA-6xxr-648m-gch6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.7, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/37xxx/CVE-2023-37700.json b/2023/37xxx/CVE-2023-37700.json index 8fc48b36d2e..69e9be3b6df 100644 --- a/2023/37xxx/CVE-2023-37700.json +++ b/2023/37xxx/CVE-2023-37700.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37700", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37700", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6905", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6905" } ] } diff --git a/2023/37xxx/CVE-2023-37701.json b/2023/37xxx/CVE-2023-37701.json index 7da8ad1fd96..6522fcbc907 100644 --- a/2023/37xxx/CVE-2023-37701.json +++ b/2023/37xxx/CVE-2023-37701.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37701", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37701", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6908", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6908" } ] } diff --git a/2023/37xxx/CVE-2023-37702.json b/2023/37xxx/CVE-2023-37702.json index fa77201a2a6..3837651b2c6 100644 --- a/2023/37xxx/CVE-2023-37702.json +++ b/2023/37xxx/CVE-2023-37702.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6801", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6801" } ] } diff --git a/2023/37xxx/CVE-2023-37703.json b/2023/37xxx/CVE-2023-37703.json index 67dedb8e635..4103b63e1f6 100644 --- a/2023/37xxx/CVE-2023-37703.json +++ b/2023/37xxx/CVE-2023-37703.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37703", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37703", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907" } ] } diff --git a/2023/37xxx/CVE-2023-37704.json b/2023/37xxx/CVE-2023-37704.json index 28e4bf53cc7..be00ba6cbd7 100644 --- a/2023/37xxx/CVE-2023-37704.json +++ b/2023/37xxx/CVE-2023-37704.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37704", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37704", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6901", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6901" } ] } diff --git a/2023/37xxx/CVE-2023-37705.json b/2023/37xxx/CVE-2023-37705.json index c2fcab10f25..f022844b95e 100644 --- a/2023/37xxx/CVE-2023-37705.json +++ b/2023/37xxx/CVE-2023-37705.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37705", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37705", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6902", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6902" } ] } diff --git a/2023/37xxx/CVE-2023-37706.json b/2023/37xxx/CVE-2023-37706.json index 1c6b1f3c32f..dcc3ad3d953 100644 --- a/2023/37xxx/CVE-2023-37706.json +++ b/2023/37xxx/CVE-2023-37706.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37706", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37706", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6903", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6903" } ] } diff --git a/2023/37xxx/CVE-2023-37707.json b/2023/37xxx/CVE-2023-37707.json index 19db6932d6e..fc1c1f09966 100644 --- a/2023/37xxx/CVE-2023-37707.json +++ b/2023/37xxx/CVE-2023-37707.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37707", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37707", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6904", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6904" } ] } diff --git a/2023/37xxx/CVE-2023-37710.json b/2023/37xxx/CVE-2023-37710.json index 562915797cb..5e89ad6f342 100644 --- a/2023/37xxx/CVE-2023-37710.json +++ b/2023/37xxx/CVE-2023-37710.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37710", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37710", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat" } ] } diff --git a/2023/37xxx/CVE-2023-37711.json b/2023/37xxx/CVE-2023-37711.json index 7763c1b5500..55f8ff856a9 100644 --- a/2023/37xxx/CVE-2023-37711.json +++ b/2023/37xxx/CVE-2023-37711.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37711", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37711", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo" } ] } diff --git a/2023/37xxx/CVE-2023-37712.json b/2023/37xxx/CVE-2023-37712.json index 1fcd2eb9a25..565d3e5d477 100644 --- a/2023/37xxx/CVE-2023-37712.json +++ b/2023/37xxx/CVE-2023-37712.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37712", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37712", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind", + "refsource": "MISC", + "name": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind" } ] } diff --git a/2023/3xxx/CVE-2023-3389.json b/2023/3xxx/CVE-2023-3389.json index b1d9dca2d2d..9dd29e3abde 100644 --- a/2023/3xxx/CVE-2023-3389.json +++ b/2023/3xxx/CVE-2023-3389.json @@ -109,15 +109,15 @@ { "attackComplexity": "LOW", "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", + "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ]