From ea9e7a716f7d0369ea33ac3e828f502886163a12 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Aug 2023 10:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/32xxx/CVE-2023-32626.json | 69 ++++++++++++++++-- 2023/35xxx/CVE-2023-35991.json | 124 +++++++++++++++++++++++++++++++-- 2023/37xxx/CVE-2023-37563.json | 94 +++++++++++++++++++++++-- 2023/37xxx/CVE-2023-37566.json | 84 +++++++++++++++++++++- 2023/37xxx/CVE-2023-37567.json | 82 +++++++++++++++++++++- 2023/38xxx/CVE-2023-38132.json | 58 +++++++++++++-- 2023/38xxx/CVE-2023-38576.json | 58 +++++++++++++-- 2023/39xxx/CVE-2023-39415.json | 85 ++++++++++++++++++++-- 2023/39xxx/CVE-2023-39416.json | 85 ++++++++++++++++++++-- 2023/39xxx/CVE-2023-39445.json | 58 +++++++++++++-- 2023/39xxx/CVE-2023-39454.json | 80 +++++++++++++++++++-- 2023/39xxx/CVE-2023-39455.json | 124 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39944.json | 69 ++++++++++++++++-- 2023/40xxx/CVE-2023-40069.json | 102 +++++++++++++++++++++++++-- 2023/40xxx/CVE-2023-40072.json | 69 ++++++++++++++++-- 2023/4xxx/CVE-2023-4416.json | 18 +++++ 16 files changed, 1200 insertions(+), 59 deletions(-) create mode 100644 2023/4xxx/CVE-2023-4416.json diff --git a/2023/32xxx/CVE-2023-32626.json b/2023/32xxx/CVE-2023-32626.json index d1f52f3ce00..c03ed03e727 100644 --- a/2023/32xxx/CVE-2023-32626.json +++ b/2023/32xxx/CVE-2023-32626.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LOGITEC CORPORATION", + "product": { + "product_data": [ + { + "product_name": "LAN-W300N/RS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "LAN-W300N/PR5", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/35xxx/CVE-2023-35991.json b/2023/35xxx/CVE-2023-35991.json index ac12cca3197..57ccb7fb71b 100644 --- a/2023/35xxx/CVE-2023-35991.json +++ b/2023/35xxx/CVE-2023-35991.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LOGITEC CORPORATION", + "product": { + "product_data": [ + { + "product_name": "LAN-W300N/DR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "LAN-WH300N/DR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "LAN-W300N/P", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "LAN-WH450N/GP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "LAN-WH300AN/DGP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "LAN-WH300N/DGP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "LAN-WH300ANDGPE", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/37xxx/CVE-2023-37563.json b/2023/37xxx/CVE-2023-37563.json index a3b4b41b0df..3c1fb75aa50 100644 --- a/2023/37xxx/CVE-2023-37563.json +++ b/2023/37xxx/CVE-2023-37563.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Exposure of sensitive information to an unauthorized actor issue exists in ELECOM wireless LAN routers, which allows a network-adjacent attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier." + "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.03 and earlier" + "version_value": "v1.03 and earlier " } ] } @@ -51,7 +51,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.03 and earlier" + "version_value": "v1.03 and earlier " } ] } @@ -62,7 +62,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.04 and earlier" + "version_value": "v1.04 and earlier " } ] } @@ -73,7 +73,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.24 and earlier" + "version_value": "v1.24 and earlier " } ] } @@ -84,7 +84,84 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.18 and earlier" + "version_value": "v1.18 and earlier " + } + ] + } + }, + { + "product_name": "WRC-F1167ACF2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-600GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-733FEBK2-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1467GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1467GHBK-S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1900GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1900GHBK-S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" } ] } @@ -97,6 +174,11 @@ }, "references": { "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, { "url": "https://www.elecom.co.jp/news/security/20230711-01/", "refsource": "MISC", diff --git a/2023/37xxx/CVE-2023-37566.json b/2023/37xxx/CVE-2023-37566.json index 63ea3a7c95d..ca3d2dae1dc 100644 --- a/2023/37xxx/CVE-2023-37566.json +++ b/2023/37xxx/CVE-2023-37566.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page." + "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.24 and earlier" + "version_value": "v1.24 and earlier " } ] } @@ -51,7 +51,80 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.18 and earlier" + "version_value": "v1.18 and earlier " + } + ] + } + }, + { + "product_name": "WRC-F1167ACF2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-600GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-733FEBK2-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1467GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1900GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + } + ] + } + }, + { + "vendor_name": "LOGITEC CORPORATION", + "product": { + "product_data": [ + { + "product_name": "LAN-W301NR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" } ] } @@ -64,6 +137,11 @@ }, "references": { "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, { "url": "https://www.elecom.co.jp/news/security/20230711-01/", "refsource": "MISC", diff --git a/2023/37xxx/CVE-2023-37567.json b/2023/37xxx/CVE-2023-37567.json index ab5af0e853f..7c2b1391a85 100644 --- a/2023/37xxx/CVE-2023-37567.json +++ b/2023/37xxx/CVE-2023-37567.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page." + "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions." } ] }, @@ -40,7 +40,80 @@ "version_data": [ { "version_affected": "=", - "version_value": "v1.24 and earlier" + "version_value": "v1.24 and earlier " + } + ] + } + }, + { + "product_name": "WRC-F1167ACF2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-600GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-733FEBK2-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1467GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + }, + { + "product_name": "WRC-1900GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions " + } + ] + } + } + ] + } + }, + { + "vendor_name": "LOGITEC CORPORATION", + "product": { + "product_data": [ + { + "product_name": "LAN-W301NR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" } ] } @@ -53,6 +126,11 @@ }, "references": { "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, { "url": "https://www.elecom.co.jp/news/security/20230711-01/", "refsource": "MISC", diff --git a/2023/38xxx/CVE-2023-38132.json b/2023/38xxx/CVE-2023-38132.json index 60913414152..c9300ef8a37 100644 --- a/2023/38xxx/CVE-2023-38132.json +++ b/2023/38xxx/CVE-2023-38132.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38132", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LOGITEC CORPORATION", + "product": { + "product_data": [ + { + "product_name": "LAN-W451NGR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/38xxx/CVE-2023-38576.json b/2023/38xxx/CVE-2023-38576.json index 6a286f7c7fc..c146f763eed 100644 --- a/2023/38xxx/CVE-2023-38576.json +++ b/2023/38xxx/CVE-2023-38576.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LOGITEC CORPORATION", + "product": { + "product_data": [ + { + "product_name": "LAN-WH300N/RE", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/39xxx/CVE-2023-39415.json b/2023/39xxx/CVE-2023-39415.json index f8bc0e7bd57..4ea8fdb7900 100644 --- a/2023/39xxx/CVE-2023-39415.json +++ b/2023/39xxx/CVE-2023-39415.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authentication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "North Grid Corporation", + "product": { + "product_data": [ + { + "product_name": "Proself Enterprise/Standard Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver5.61 and earlier" + } + ] + } + }, + { + "product_name": "Proself Gateway Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver1.62 and earlier" + } + ] + } + }, + { + "product_name": "Proself Mail Sanitize Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver1.07 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.proself.jp/information/149/", + "refsource": "MISC", + "name": "https://www.proself.jp/information/149/" + }, + { + "url": "https://www.proself.jp/information/150/", + "refsource": "MISC", + "name": "https://www.proself.jp/information/150/" + }, + { + "url": "https://jvn.jp/en/jp/JVN19661362/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN19661362/" } ] } diff --git a/2023/39xxx/CVE-2023-39416.json b/2023/39xxx/CVE-2023-39416.json index 39adcabb4f8..86eceea7e87 100644 --- a/2023/39xxx/CVE-2023-39416.json +++ b/2023/39xxx/CVE-2023-39416.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "North Grid Corporation", + "product": { + "product_data": [ + { + "product_name": "Proself Enterprise/Standard Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver5.61 and earlier" + } + ] + } + }, + { + "product_name": "Proself Gateway Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver1.62 and earlier" + } + ] + } + }, + { + "product_name": "Proself Mail Sanitize Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver1.07 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.proself.jp/information/149/", + "refsource": "MISC", + "name": "https://www.proself.jp/information/149/" + }, + { + "url": "https://www.proself.jp/information/150/", + "refsource": "MISC", + "name": "https://www.proself.jp/information/150/" + }, + { + "url": "https://jvn.jp/en/jp/JVN19661362/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN19661362/" } ] } diff --git a/2023/39xxx/CVE-2023-39445.json b/2023/39xxx/CVE-2023-39445.json index 015a40bb45e..c1f34c8723d 100644 --- a/2023/39xxx/CVE-2023-39445.json +++ b/2023/39xxx/CVE-2023-39445.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LOGITEC CORPORATION", + "product": { + "product_data": [ + { + "product_name": "LAN-WH300N/RE", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/39xxx/CVE-2023-39454.json b/2023/39xxx/CVE-2023-39454.json index ae8ad29ebe4..9a4335c9aea 100644 --- a/2023/39xxx/CVE-2023-39454.json +++ b/2023/39xxx/CVE-2023-39454.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39454", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-X1800GS-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.13 and earlier" + } + ] + } + }, + { + "product_name": "WRC-X1800GSA-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.13 and earlier" + } + ] + } + }, + { + "product_name": "WRC-X1800GSH-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.13 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230711-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230711-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/39xxx/CVE-2023-39455.json b/2023/39xxx/CVE-2023-39455.json index 927fd01bed2..f4fcf500afc 100644 --- a/2023/39xxx/CVE-2023-39455.json +++ b/2023/39xxx/CVE-2023-39455.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39455", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-600GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1467GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1900GHBK-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-733FEBK2-A", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-F1167ACF2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1467GHBK-S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1900GHBK-S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/39xxx/CVE-2023-39944.json b/2023/39xxx/CVE-2023-39944.json index 6608bd802bf..1291be6fa9e 100644 --- a/2023/39xxx/CVE-2023-39944.json +++ b/2023/39xxx/CVE-2023-39944.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-F1167ACF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1750GHBK", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/40xxx/CVE-2023-40069.json b/2023/40xxx/CVE-2023-40069.json index 3c62c163140..ab524c2ead9 100644 --- a/2023/40xxx/CVE-2023-40069.json +++ b/2023/40xxx/CVE-2023-40069.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-F1167ACF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1750GHBK", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1167GHBK2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1750GHBK2-I", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WRC-1750GHBK-E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/40xxx/CVE-2023-40072.json b/2023/40xxx/CVE-2023-40072.json index 437bc2dc0ac..ced675d587c 100644 --- a/2023/40xxx/CVE-2023-40072.json +++ b/2023/40xxx/CVE-2023-40072.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40072", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WAB-S600-PS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "WAB-S300", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20230810-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20230810-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91630351/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU91630351/" } ] } diff --git a/2023/4xxx/CVE-2023-4416.json b/2023/4xxx/CVE-2023-4416.json new file mode 100644 index 00000000000..0e0903100f8 --- /dev/null +++ b/2023/4xxx/CVE-2023-4416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file