From e5e30ac5d523c38bf8e0379acceeb0b7af558b7c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Sep 2023 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23514.json | 9 +- 2022/23xxx/CVE-2022-23515.json | 9 +- 2022/23xxx/CVE-2022-23516.json | 11 +- 2022/23xxx/CVE-2022-23517.json | 19 +- 2022/23xxx/CVE-2022-23518.json | 19 +- 2022/23xxx/CVE-2022-23519.json | 11 +- 2022/23xxx/CVE-2022-23520.json | 11 +- 2023/20xxx/CVE-2023-20135.json | 120 ++++++++- 2023/20xxx/CVE-2023-20190.json | 404 +++++++++++++++++++++++++++++- 2023/20xxx/CVE-2023-20191.json | 204 +++++++++++++++- 2023/20xxx/CVE-2023-20233.json | 376 +++++++++++++++++++++++++++- 2023/20xxx/CVE-2023-20236.json | 431 ++++++++++++++++++++++++++++++++- 2023/2xxx/CVE-2023-2680.json | 203 +++++++++++++++- 2023/39xxx/CVE-2023-39663.json | 2 +- 2023/3xxx/CVE-2023-3255.json | 201 ++++++++++++++- 2023/3xxx/CVE-2023-3280.json | 165 ++++++++++++- 2023/3xxx/CVE-2023-3301.json | 214 +++++++++++++++- 2023/4xxx/CVE-2023-4155.json | 176 +++++++++++++- 2023/4xxx/CVE-2023-4785.json | 160 +++++++++++- 2023/4xxx/CVE-2023-4863.json | 45 ++++ 20 files changed, 2718 insertions(+), 72 deletions(-) diff --git a/2022/23xxx/CVE-2022-23514.json b/2022/23xxx/CVE-2022-23514.json index acc4828a3f6..44eee4b1d79 100644 --- a/2022/23xxx/CVE-2022-23514.json +++ b/2022/23xxx/CVE-2022-23514.json @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "< 2.19.1", - "version_affected": "=" + "version_affected": "=", + "version_value": "< 2.19.1" } ] } @@ -63,6 +63,11 @@ "url": "https://hackerone.com/reports/1684163", "refsource": "MISC", "name": "https://hackerone.com/reports/1684163" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html" } ] }, diff --git a/2022/23xxx/CVE-2022-23515.json b/2022/23xxx/CVE-2022-23515.json index d466a918493..b989599973a 100644 --- a/2022/23xxx/CVE-2022-23515.json +++ b/2022/23xxx/CVE-2022-23515.json @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": ">= 2.1.0, < 2.19.1", - "version_affected": "=" + "version_affected": "=", + "version_value": ">= 2.1.0, < 2.19.1" } ] } @@ -68,6 +68,11 @@ "url": "https://hackerone.com/reports/1694173", "refsource": "MISC", "name": "https://hackerone.com/reports/1694173" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html" } ] }, diff --git a/2022/23xxx/CVE-2022-23516.json b/2022/23xxx/CVE-2022-23516.json index bb79f9fa142..193572242bc 100644 --- a/2022/23xxx/CVE-2022-23516.json +++ b/2022/23xxx/CVE-2022-23516.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized." + "value": "Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized." } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": ">= 2.2.0, < 2.19.1", - "version_affected": "=" + "version_affected": "=", + "version_value": ">= 2.2.0, < 2.19.1" } ] } @@ -58,6 +58,11 @@ "url": "https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm", "refsource": "MISC", "name": "https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html" } ] }, diff --git a/2022/23xxx/CVE-2022-23517.json b/2022/23xxx/CVE-2022-23517.json index f7168cc9259..278fa765ad3 100644 --- a/2022/23xxx/CVE-2022-23517.json +++ b/2022/23xxx/CVE-2022-23517.json @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "< 1.4.4", - "version_affected": "=" + "version_affected": "=", + "version_value": "< 1.4.4" } ] } @@ -54,11 +54,6 @@ }, "references": { "reference_data": [ - { - "url": "https://hackerone.com/reports/1684163", - "refsource": "MISC", - "name": "https://hackerone.com/reports/1684163" - }, { "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w", "refsource": "MISC", @@ -68,6 +63,16 @@ "url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979", "refsource": "MISC", "name": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979" + }, + { + "url": "https://hackerone.com/reports/1684163", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1684163" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" } ] }, diff --git a/2022/23xxx/CVE-2022-23518.json b/2022/23xxx/CVE-2022-23518.json index 879733df387..eb94580720a 100644 --- a/2022/23xxx/CVE-2022-23518.json +++ b/2022/23xxx/CVE-2022-23518.json @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": ">= 1.0.3, < 1.4.4", - "version_affected": "=" + "version_affected": "=", + "version_value": ">= 1.0.3, < 1.4.4" } ] } @@ -54,11 +54,6 @@ }, "references": { "reference_data": [ - { - "url": "https://hackerone.com/reports/1694173", - "refsource": "MISC", - "name": "https://hackerone.com/reports/1694173" - }, { "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", "refsource": "MISC", @@ -68,6 +63,16 @@ "url": "https://github.com/rails/rails-html-sanitizer/issues/135", "refsource": "MISC", "name": "https://github.com/rails/rails-html-sanitizer/issues/135" + }, + { + "url": "https://hackerone.com/reports/1694173", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1694173" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" } ] }, diff --git a/2022/23xxx/CVE-2022-23519.json b/2022/23xxx/CVE-2022-23519.json index dc3e83f635e..99b4dbdae4e 100644 --- a/2022/23xxx/CVE-2022-23519.json +++ b/2022/23xxx/CVE-2022-23519.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "< 1.4.4", - "version_affected": "=" + "version_affected": "=", + "version_value": "< 1.4.4" } ] } @@ -63,6 +63,11 @@ "url": "https://hackerone.com/reports/1656627", "refsource": "MISC", "name": "https://hackerone.com/reports/1656627" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" } ] }, diff --git a/2022/23xxx/CVE-2022-23520.json b/2022/23xxx/CVE-2022-23520.json index b46625fb4f7..4ec82e35252 100644 --- a/2022/23xxx/CVE-2022-23520.json +++ b/2022/23xxx/CVE-2022-23520.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.\n" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "< 1.4.4", - "version_affected": "=" + "version_affected": "=", + "version_value": "< 1.4.4" } ] } @@ -63,6 +63,11 @@ "url": "https://hackerone.com/reports/1654310", "refsource": "MISC", "name": "https://hackerone.com/reports/1654310" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" } ] }, diff --git a/2023/20xxx/CVE-2023-20135.json b/2023/20xxx/CVE-2023-20135.json index 6bd662f0a1e..33eeec63611 100644 --- a/2023/20xxx/CVE-2023-20135.json +++ b/2023/20xxx/CVE-2023-20135.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\r\n\r This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.5.3" + }, + { + "version_affected": "=", + "version_value": "7.5.2" + }, + { + "version_affected": "=", + "version_value": "7.5.4" + }, + { + "version_affected": "=", + "version_value": "7.7.1" + }, + { + "version_affected": "=", + "version_value": "7.7.2" + }, + { + "version_affected": "=", + "version_value": "7.7.21" + }, + { + "version_affected": "=", + "version_value": "7.8.1" + }, + { + "version_affected": "=", + "version_value": "7.8.2" + }, + { + "version_affected": "=", + "version_value": "7.9.1" + }, + { + "version_affected": "=", + "version_value": "7.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5" + } + ] + }, + "source": { + "advisory": "cisco-sa-lnt-L9zOkBz5", + "discovery": "INTERNAL", + "defects": [ + "CSCwd87928" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2023/20xxx/CVE-2023-20190.json b/2023/20xxx/CVE-2023-20190.json index 145c8fa8392..d59456e47eb 100644 --- a/2023/20xxx/CVE-2023-20190.json +++ b/2023/20xxx/CVE-2023-20190.json @@ -1,17 +1,413 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.\r\n\r This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.2.0" + }, + { + "version_affected": "=", + "version_value": "5.2.1" + }, + { + "version_affected": "=", + "version_value": "5.2.2" + }, + { + "version_affected": "=", + "version_value": "5.2.4" + }, + { + "version_affected": "=", + "version_value": "5.2.3" + }, + { + "version_affected": "=", + "version_value": "5.2.5" + }, + { + "version_affected": "=", + "version_value": "5.2.47" + }, + { + "version_affected": "=", + "version_value": "5.3.0" + }, + { + "version_affected": "=", + "version_value": "5.3.1" + }, + { + "version_affected": "=", + "version_value": "5.3.2" + }, + { + "version_affected": "=", + "version_value": "5.3.3" + }, + { + "version_affected": "=", + "version_value": "5.3.4" + }, + { + "version_affected": "=", + "version_value": "6.0.0" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "6.0.2" + }, + { + "version_affected": "=", + "version_value": "6.1.1" + }, + { + "version_affected": "=", + "version_value": "6.1.2" + }, + { + "version_affected": "=", + "version_value": "6.1.3" + }, + { + "version_affected": "=", + "version_value": "6.1.4" + }, + { + "version_affected": "=", + "version_value": "6.1.12" + }, + { + "version_affected": "=", + "version_value": "6.1.22" + }, + { + "version_affected": "=", + "version_value": "6.1.32" + }, + { + "version_affected": "=", + "version_value": "6.1.36" + }, + { + "version_affected": "=", + "version_value": "6.1.42" + }, + { + "version_affected": "=", + "version_value": "6.2.1" + }, + { + "version_affected": "=", + "version_value": "6.2.2" + }, + { + "version_affected": "=", + "version_value": "6.2.3" + }, + { + "version_affected": "=", + "version_value": "6.2.25" + }, + { + "version_affected": "=", + "version_value": "6.2.11" + }, + { + "version_affected": "=", + "version_value": "6.3.2" + }, + { + "version_affected": "=", + "version_value": "6.3.3" + }, + { + "version_affected": "=", + "version_value": "6.3.15" + }, + { + "version_affected": "=", + "version_value": "6.4.1" + }, + { + "version_affected": "=", + "version_value": "6.4.2" + }, + { + "version_affected": "=", + "version_value": "6.4.3" + }, + { + "version_affected": "=", + "version_value": "6.5.1" + }, + { + "version_affected": "=", + "version_value": "6.5.2" + }, + { + "version_affected": "=", + "version_value": "6.5.3" + }, + { + "version_affected": "=", + "version_value": "6.5.25" + }, + { + "version_affected": "=", + "version_value": "6.5.26" + }, + { + "version_affected": "=", + "version_value": "6.5.28" + }, + { + "version_affected": "=", + "version_value": "6.5.29" + }, + { + "version_affected": "=", + "version_value": "6.5.32" + }, + { + "version_affected": "=", + "version_value": "6.5.33" + }, + { + "version_affected": "=", + "version_value": "6.6.2" + }, + { + "version_affected": "=", + "version_value": "6.6.3" + }, + { + "version_affected": "=", + "version_value": "6.6.25" + }, + { + "version_affected": "=", + "version_value": "6.6.4" + }, + { + "version_affected": "=", + "version_value": "7.0.1" + }, + { + "version_affected": "=", + "version_value": "7.0.2" + }, + { + "version_affected": "=", + "version_value": "7.0.12" + }, + { + "version_affected": "=", + "version_value": "7.0.14" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.15" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "7.1.3" + }, + { + "version_affected": "=", + "version_value": "6.7.1" + }, + { + "version_affected": "=", + "version_value": "6.7.2" + }, + { + "version_affected": "=", + "version_value": "6.7.3" + }, + { + "version_affected": "=", + "version_value": "6.7.4" + }, + { + "version_affected": "=", + "version_value": "7.2.0" + }, + { + "version_affected": "=", + "version_value": "7.2.1" + }, + { + "version_affected": "=", + "version_value": "7.2.2" + }, + { + "version_affected": "=", + "version_value": "7.3.1" + }, + { + "version_affected": "=", + "version_value": "7.3.15" + }, + { + "version_affected": "=", + "version_value": "7.3.2" + }, + { + "version_affected": "=", + "version_value": "7.3.3" + }, + { + "version_affected": "=", + "version_value": "7.4.1" + }, + { + "version_affected": "=", + "version_value": "7.4.2" + }, + { + "version_affected": "=", + "version_value": "6.8.1" + }, + { + "version_affected": "=", + "version_value": "6.8.2" + }, + { + "version_affected": "=", + "version_value": "7.5.1" + }, + { + "version_affected": "=", + "version_value": "7.5.3" + }, + { + "version_affected": "=", + "version_value": "7.5.2" + }, + { + "version_affected": "=", + "version_value": "7.6.1" + }, + { + "version_affected": "=", + "version_value": "7.6.2" + }, + { + "version_affected": "=", + "version_value": "7.7.1" + }, + { + "version_affected": "=", + "version_value": "7.7.2" + }, + { + "version_affected": "=", + "version_value": "6.9.1" + }, + { + "version_affected": "=", + "version_value": "6.9.2" + }, + { + "version_affected": "=", + "version_value": "7.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3" + } + ] + }, + "source": { + "advisory": "cisco-sa-comp3acl-vGmp6BQ3", + "discovery": "INTERNAL", + "defects": [ + "CSCwe08950" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2023/20xxx/CVE-2023-20191.json b/2023/20xxx/CVE-2023-20191.json index dc785bae4a2..d5984d59ea1 100644 --- a/2023/20xxx/CVE-2023-20191.json +++ b/2023/20xxx/CVE-2023-20191.json @@ -1,17 +1,213 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.4.1" + }, + { + "version_affected": "=", + "version_value": "6.5.1" + }, + { + "version_affected": "=", + "version_value": "6.5.2" + }, + { + "version_affected": "=", + "version_value": "6.5.3" + }, + { + "version_affected": "=", + "version_value": "6.6.2" + }, + { + "version_affected": "=", + "version_value": "6.6.3" + }, + { + "version_affected": "=", + "version_value": "6.6.25" + }, + { + "version_affected": "=", + "version_value": "6.6.4" + }, + { + "version_affected": "=", + "version_value": "7.0.1" + }, + { + "version_affected": "=", + "version_value": "7.0.2" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "7.2.1" + }, + { + "version_affected": "=", + "version_value": "7.2.2" + }, + { + "version_affected": "=", + "version_value": "7.3.1" + }, + { + "version_affected": "=", + "version_value": "7.3.2" + }, + { + "version_affected": "=", + "version_value": "7.3.3" + }, + { + "version_affected": "=", + "version_value": "7.3.5" + }, + { + "version_affected": "=", + "version_value": "7.4.1" + }, + { + "version_affected": "=", + "version_value": "7.4.2" + }, + { + "version_affected": "=", + "version_value": "7.5.1" + }, + { + "version_affected": "=", + "version_value": "7.5.3" + }, + { + "version_affected": "=", + "version_value": "7.5.2" + }, + { + "version_affected": "=", + "version_value": "7.5.4" + }, + { + "version_affected": "=", + "version_value": "7.6.1" + }, + { + "version_affected": "=", + "version_value": "7.6.2" + }, + { + "version_affected": "=", + "version_value": "7.7.1" + }, + { + "version_affected": "=", + "version_value": "7.7.2" + }, + { + "version_affected": "=", + "version_value": "7.8.1" + }, + { + "version_affected": "=", + "version_value": "7.8.2" + }, + { + "version_affected": "=", + "version_value": "7.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF" + } + ] + }, + "source": { + "advisory": "cisco-sa-dnx-acl-PyzDkeYF", + "discovery": "INTERNAL", + "defects": [ + "CSCwe63504" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2023/20xxx/CVE-2023-20233.json b/2023/20xxx/CVE-2023-20233.json index b12eeadb062..3451cc631da 100644 --- a/2023/20xxx/CVE-2023-20233.json +++ b/2023/20xxx/CVE-2023-20233.json @@ -1,17 +1,385 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20233", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.2.0" + }, + { + "version_affected": "=", + "version_value": "5.2.1" + }, + { + "version_affected": "=", + "version_value": "5.2.2" + }, + { + "version_affected": "=", + "version_value": "5.2.4" + }, + { + "version_affected": "=", + "version_value": "5.2.3" + }, + { + "version_affected": "=", + "version_value": "5.2.5" + }, + { + "version_affected": "=", + "version_value": "5.3.0" + }, + { + "version_affected": "=", + "version_value": "5.3.1" + }, + { + "version_affected": "=", + "version_value": "5.3.2" + }, + { + "version_affected": "=", + "version_value": "5.3.3" + }, + { + "version_affected": "=", + "version_value": "5.3.4" + }, + { + "version_affected": "=", + "version_value": "6.1.1" + }, + { + "version_affected": "=", + "version_value": "6.1.2" + }, + { + "version_affected": "=", + "version_value": "6.1.3" + }, + { + "version_affected": "=", + "version_value": "6.1.4" + }, + { + "version_affected": "=", + "version_value": "6.1.22" + }, + { + "version_affected": "=", + "version_value": "6.1.32" + }, + { + "version_affected": "=", + "version_value": "6.1.36" + }, + { + "version_affected": "=", + "version_value": "6.1.42" + }, + { + "version_affected": "=", + "version_value": "6.2.1" + }, + { + "version_affected": "=", + "version_value": "6.2.2" + }, + { + "version_affected": "=", + "version_value": "6.2.3" + }, + { + "version_affected": "=", + "version_value": "6.2.25" + }, + { + "version_affected": "=", + "version_value": "6.2.11" + }, + { + "version_affected": "=", + "version_value": "6.3.2" + }, + { + "version_affected": "=", + "version_value": "6.3.3" + }, + { + "version_affected": "=", + "version_value": "6.3.15" + }, + { + "version_affected": "=", + "version_value": "6.4.1" + }, + { + "version_affected": "=", + "version_value": "6.4.2" + }, + { + "version_affected": "=", + "version_value": "6.4.3" + }, + { + "version_affected": "=", + "version_value": "6.5.1" + }, + { + "version_affected": "=", + "version_value": "6.5.2" + }, + { + "version_affected": "=", + "version_value": "6.5.3" + }, + { + "version_affected": "=", + "version_value": "6.5.25" + }, + { + "version_affected": "=", + "version_value": "6.5.26" + }, + { + "version_affected": "=", + "version_value": "6.5.28" + }, + { + "version_affected": "=", + "version_value": "6.5.29" + }, + { + "version_affected": "=", + "version_value": "6.5.32" + }, + { + "version_affected": "=", + "version_value": "6.5.33" + }, + { + "version_affected": "=", + "version_value": "6.6.2" + }, + { + "version_affected": "=", + "version_value": "6.6.3" + }, + { + "version_affected": "=", + "version_value": "6.6.25" + }, + { + "version_affected": "=", + "version_value": "6.6.4" + }, + { + "version_affected": "=", + "version_value": "7.0.1" + }, + { + "version_affected": "=", + "version_value": "7.0.2" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.15" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "7.1.3" + }, + { + "version_affected": "=", + "version_value": "6.7.1" + }, + { + "version_affected": "=", + "version_value": "6.7.2" + }, + { + "version_affected": "=", + "version_value": "6.7.3" + }, + { + "version_affected": "=", + "version_value": "6.7.4" + }, + { + "version_affected": "=", + "version_value": "7.2.1" + }, + { + "version_affected": "=", + "version_value": "7.2.2" + }, + { + "version_affected": "=", + "version_value": "7.3.1" + }, + { + "version_affected": "=", + "version_value": "7.3.15" + }, + { + "version_affected": "=", + "version_value": "7.3.2" + }, + { + "version_affected": "=", + "version_value": "7.3.3" + }, + { + "version_affected": "=", + "version_value": "7.3.5" + }, + { + "version_affected": "=", + "version_value": "7.4.1" + }, + { + "version_affected": "=", + "version_value": "7.4.2" + }, + { + "version_affected": "=", + "version_value": "6.8.1" + }, + { + "version_affected": "=", + "version_value": "6.8.2" + }, + { + "version_affected": "=", + "version_value": "7.5.1" + }, + { + "version_affected": "=", + "version_value": "7.5.3" + }, + { + "version_affected": "=", + "version_value": "7.5.2" + }, + { + "version_affected": "=", + "version_value": "7.6.1" + }, + { + "version_affected": "=", + "version_value": "7.6.2" + }, + { + "version_affected": "=", + "version_value": "7.7.1" + }, + { + "version_affected": "=", + "version_value": "7.7.2" + }, + { + "version_affected": "=", + "version_value": "6.9.1" + }, + { + "version_affected": "=", + "version_value": "6.9.2" + }, + { + "version_affected": "=", + "version_value": "7.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt" + } + ] + }, + "source": { + "advisory": "cisco-sa-ios-xr-cfm-3pWN8MKt", + "discovery": "INTERNAL", + "defects": [ + "CSCwd75868" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2023/20xxx/CVE-2023-20236.json b/2023/20xxx/CVE-2023-20236.json index c5c92e2f296..d1f768664d8 100644 --- a/2023/20xxx/CVE-2023-20236.json +++ b/2023/20xxx/CVE-2023-20236.json @@ -1,17 +1,440 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.2.0" + }, + { + "version_affected": "=", + "version_value": "5.2.1" + }, + { + "version_affected": "=", + "version_value": "5.2.2" + }, + { + "version_affected": "=", + "version_value": "5.2.4" + }, + { + "version_affected": "=", + "version_value": "5.2.3" + }, + { + "version_affected": "=", + "version_value": "5.2.5" + }, + { + "version_affected": "=", + "version_value": "5.2.47" + }, + { + "version_affected": "=", + "version_value": "5.3.0" + }, + { + "version_affected": "=", + "version_value": "5.3.1" + }, + { + "version_affected": "=", + "version_value": "5.3.2" + }, + { + "version_affected": "=", + "version_value": "5.3.3" + }, + { + "version_affected": "=", + "version_value": "5.3.4" + }, + { + "version_affected": "=", + "version_value": "6.0.0" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "6.0.2" + }, + { + "version_affected": "=", + "version_value": "6.1.1" + }, + { + "version_affected": "=", + "version_value": "6.1.2" + }, + { + "version_affected": "=", + "version_value": "6.1.3" + }, + { + "version_affected": "=", + "version_value": "6.1.4" + }, + { + "version_affected": "=", + "version_value": "6.1.12" + }, + { + "version_affected": "=", + "version_value": "6.1.22" + }, + { + "version_affected": "=", + "version_value": "6.1.32" + }, + { + "version_affected": "=", + "version_value": "6.1.36" + }, + { + "version_affected": "=", + "version_value": "6.1.42" + }, + { + "version_affected": "=", + "version_value": "6.2.1" + }, + { + "version_affected": "=", + "version_value": "6.2.2" + }, + { + "version_affected": "=", + "version_value": "6.2.3" + }, + { + "version_affected": "=", + "version_value": "6.2.25" + }, + { + "version_affected": "=", + "version_value": "6.2.11" + }, + { + "version_affected": "=", + "version_value": "6.3.2" + }, + { + "version_affected": "=", + "version_value": "6.3.3" + }, + { + "version_affected": "=", + "version_value": "6.3.15" + }, + { + "version_affected": "=", + "version_value": "6.4.1" + }, + { + "version_affected": "=", + "version_value": "6.4.2" + }, + { + "version_affected": "=", + "version_value": "6.4.3" + }, + { + "version_affected": "=", + "version_value": "6.5.1" + }, + { + "version_affected": "=", + "version_value": "6.5.2" + }, + { + "version_affected": "=", + "version_value": "6.5.3" + }, + { + "version_affected": "=", + "version_value": "6.5.25" + }, + { + "version_affected": "=", + "version_value": "6.5.26" + }, + { + "version_affected": "=", + "version_value": "6.5.28" + }, + { + "version_affected": "=", + "version_value": "6.5.29" + }, + { + "version_affected": "=", + "version_value": "6.5.32" + }, + { + "version_affected": "=", + "version_value": "6.5.33" + }, + { + "version_affected": "=", + "version_value": "6.6.2" + }, + { + "version_affected": "=", + "version_value": "6.6.3" + }, + { + "version_affected": "=", + "version_value": "6.6.25" + }, + { + "version_affected": "=", + "version_value": "6.6.4" + }, + { + "version_affected": "=", + "version_value": "7.0.1" + }, + { + "version_affected": "=", + "version_value": "7.0.2" + }, + { + "version_affected": "=", + "version_value": "7.0.12" + }, + { + "version_affected": "=", + "version_value": "7.0.14" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.15" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "7.1.3" + }, + { + "version_affected": "=", + "version_value": "6.7.1" + }, + { + "version_affected": "=", + "version_value": "6.7.2" + }, + { + "version_affected": "=", + "version_value": "6.7.3" + }, + { + "version_affected": "=", + "version_value": "6.7.4" + }, + { + "version_affected": "=", + "version_value": "7.2.0" + }, + { + "version_affected": "=", + "version_value": "7.2.1" + }, + { + "version_affected": "=", + "version_value": "7.2.2" + }, + { + "version_affected": "=", + "version_value": "7.3.1" + }, + { + "version_affected": "=", + "version_value": "7.3.15" + }, + { + "version_affected": "=", + "version_value": "7.3.2" + }, + { + "version_affected": "=", + "version_value": "7.3.3" + }, + { + "version_affected": "=", + "version_value": "7.3.5" + }, + { + "version_affected": "=", + "version_value": "7.4.1" + }, + { + "version_affected": "=", + "version_value": "7.4.2" + }, + { + "version_affected": "=", + "version_value": "6.8.1" + }, + { + "version_affected": "=", + "version_value": "6.8.2" + }, + { + "version_affected": "=", + "version_value": "7.5.1" + }, + { + "version_affected": "=", + "version_value": "7.5.3" + }, + { + "version_affected": "=", + "version_value": "7.5.2" + }, + { + "version_affected": "=", + "version_value": "7.5.4" + }, + { + "version_affected": "=", + "version_value": "7.6.1" + }, + { + "version_affected": "=", + "version_value": "7.6.2" + }, + { + "version_affected": "=", + "version_value": "7.7.1" + }, + { + "version_affected": "=", + "version_value": "7.7.2" + }, + { + "version_affected": "=", + "version_value": "7.7.21" + }, + { + "version_affected": "=", + "version_value": "6.9.1" + }, + { + "version_affected": "=", + "version_value": "6.9.2" + }, + { + "version_affected": "=", + "version_value": "7.8.1" + }, + { + "version_affected": "=", + "version_value": "7.8.2" + }, + { + "version_affected": "=", + "version_value": "7.9.1" + }, + { + "version_affected": "=", + "version_value": "7.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB" + } + ] + }, + "source": { + "advisory": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", + "discovery": "INTERNAL", + "defects": [ + "CSCvz63925", + "CSCvz63918", + "CSCwe12502", + "CSCvz63929" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/2xxx/CVE-2023-2680.json b/2023/2xxx/CVE-2023-2680.json index d804e4b344f..fe45876bad5 100644 --- a/2023/2xxx/CVE-2023-2680.json +++ b/2023/2xxx/CVE-2023-2680.json @@ -1,17 +1,212 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "qemu", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 13 (Queens)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Extra Packages for Enterprise Linux", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-2680", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-2680" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39663.json b/2023/39xxx/CVE-2023-39663.json index 4763a9def18..f5b652fa778 100644 --- a/2023/39xxx/CVE-2023-39663.json +++ b/2023/39xxx/CVE-2023-39663.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern." + "value": "** DISPUTED ** Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk." } ] }, diff --git a/2023/3xxx/CVE-2023-3255.json b/2023/3xxx/CVE-2023-3255.json index c480c64e6b7..4d45792840a 100644 --- a/2023/3xxx/CVE-2023-3255.json +++ b/2023/3xxx/CVE-2023-3255.json @@ -1,17 +1,210 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3255", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "qemu", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "8.1.0-rc0", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Extra Packages for Enterprise Linux", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3255", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-3255" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218486", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2218486" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Kevin Denis (Synacktiv) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3280.json b/2023/3xxx/CVE-2023-3280.json index a5e3f1bf86c..ce1e33c3ba3 100644 --- a/2023/3xxx/CVE-2023-3280.json +++ b/2023/3xxx/CVE-2023-3280.json @@ -1,17 +1,174 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755 Improper Handling of Exceptional Conditions", + "cweId": "CWE-755" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto Networks", + "product": { + "product_data": [ + { + "product_name": "Cortex XDR Agent", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "5.0" + }, + { + "status": "affected", + "version": "7.5-CE" + }, + { + "changes": [ + { + "at": "7.9.3", + "status": "unaffected" + } + ], + "lessThan": "7.9.3", + "status": "affected", + "version": "7.9", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "7.9.101-CE", + "status": "unaffected" + } + ], + "lessThan": "7.9.101-CE", + "status": "affected", + "version": "7.9-CE", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "8.0.2", + "status": "unaffected" + } + ], + "lessThan": "8.0.2", + "status": "affected", + "version": "8.0", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "8.1" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2023-3280", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2023-3280" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "CPATR-19884" + ], + "discovery": "EXTERNAL" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Palo Alto Networks is not aware of any malicious exploitation of this issue.

" + } + ], + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.
" + } + ], + "value": "This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Manuel Feifel of InfoGuard AG" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3301.json b/2023/3xxx/CVE-2023-3301.json index 447929e40ac..8452090fed0 100644 --- a/2023/3xxx/CVE-2023-3301.json +++ b/2023/3xxx/CVE-2023-3301.json @@ -1,17 +1,223 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reachable Assertion", + "cweId": "CWE-617" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "qemu", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "8.1.0-rc0", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 13 (Queens)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Extra Packages for Enterprise Linux", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3301", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-3301" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Eugenio Perez Martin (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4155.json b/2023/4xxx/CVE-2023-4155.json index 65b56add5c6..497da3d8100 100644 --- a/2023/4xxx/CVE-2023-4155.json +++ b/2023/4xxx/CVE-2023-4155.json @@ -1,17 +1,185 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4155", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4155" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4785.json b/2023/4xxx/CVE-2023-4785.json index 80f82d35e03..ed29e660433 100644 --- a/2023/4xxx/CVE-2023-4785.json +++ b/2023/4xxx/CVE-2023-4785.json @@ -1,17 +1,169 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u00a0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "gRPC", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "1.23", + "status": "unaffected", + "version": "0", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "1.57" + }, + { + "changes": [ + { + "at": "1.56.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.56.1", + "status": "affected", + "version": "1.56.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "1.55.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.55.2", + "status": "affected", + "version": "1.55.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "1.54.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "154.2", + "status": "affected", + "version": "1.54.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "1.53.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.53.1", + "status": "affected", + "version": "1.53.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/grpc/grpc/pull/33656", + "refsource": "MISC", + "name": "https://github.com/grpc/grpc/pull/33656" + }, + { + "url": "https://github.com/grpc/grpc/pull/33667", + "refsource": "MISC", + "name": "https://github.com/grpc/grpc/pull/33667" + }, + { + "url": "https://github.com/grpc/grpc/pull/33669", + "refsource": "MISC", + "name": "https://github.com/grpc/grpc/pull/33669" + }, + { + "url": "https://github.com/grpc/grpc/pull/33670", + "refsource": "MISC", + "name": "https://github.com/grpc/grpc/pull/33670" + }, + { + "url": "https://github.com/grpc/grpc/pull/33672", + "refsource": "MISC", + "name": "https://github.com/grpc/grpc/pull/33672" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4863.json b/2023/4xxx/CVE-2023-4863.json index f331958abf9..842e83d674f 100644 --- a/2023/4xxx/CVE-2023-4863.json +++ b/2023/4xxx/CVE-2023-4863.json @@ -63,6 +63,51 @@ "url": "https://crbug.com/1479274", "refsource": "MISC", "name": "https://crbug.com/1479274" + }, + { + "url": "https://en.bandisoft.com/honeyview/history/", + "refsource": "MISC", + "name": "https://en.bandisoft.com/honeyview/history/" + }, + { + "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", + "refsource": "MISC", + "name": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" + }, + { + "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", + "refsource": "MISC", + "name": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" + }, + { + "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", + "refsource": "MISC", + "name": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a" + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2023-4863" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1215231" + }, + { + "url": "https://news.ycombinator.com/item?id=37478403", + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=37478403" + }, + { + "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", + "refsource": "MISC", + "name": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/" } ] }