From eaf85246f81c32867943f04dbc4712a5986ebf34 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 16 Jan 2024 01:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2009/4xxx/CVE-2009-4128.json | 5 ++ 2012/2xxx/CVE-2012-2314.json | 5 ++ 2013/4xxx/CVE-2013-4577.json | 9 +++- 2015/8xxx/CVE-2015-8370.json | 5 ++ 2021/3xxx/CVE-2021-3981.json | 15 ++++-- 2023/48xxx/CVE-2023-48104.json | 61 +++++++++++++++++++--- 2023/49xxx/CVE-2023-49106.json | 95 ++++++++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49107.json | 95 ++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4001.json | 5 ++ 2023/51xxx/CVE-2023-51810.json | 66 ++++++++++++++++++++--- 10 files changed, 334 insertions(+), 27 deletions(-) diff --git a/2009/4xxx/CVE-2009-4128.json b/2009/4xxx/CVE-2009-4128.json index c56f89ee451..3cdffd056a6 100644 --- a/2009/4xxx/CVE-2009-4128.json +++ b/2009/4xxx/CVE-2009-4128.json @@ -66,6 +66,11 @@ "name": "gnugrub2-password-auth-bypass(54210)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54210" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager", + "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3" } ] } diff --git a/2012/2xxx/CVE-2012-2314.json b/2012/2xxx/CVE-2012-2314.json index 28dcb1d2900..149f33ece3f 100644 --- a/2012/2xxx/CVE-2012-2314.json +++ b/2012/2xxx/CVE-2012-2314.json @@ -81,6 +81,11 @@ "name": "[oss-security] 20120504 Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/04/12" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager", + "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3" } ] } diff --git a/2013/4xxx/CVE-2013-4577.json b/2013/4xxx/CVE-2013-4577.json index dc93d0ed9b7..2bd553802a6 100644 --- a/2013/4xxx/CVE-2013-4577.json +++ b/2013/4xxx/CVE-2013-4577.json @@ -53,6 +53,11 @@ }, "references": { "reference_data": [ + { + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598", + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598" + }, { "url": "http://seclists.org/oss-sec/2013/q4/291", "refsource": "MISC", @@ -64,9 +69,9 @@ "name": "http://seclists.org/oss-sec/2013/q4/292" }, { - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598", + "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3", "refsource": "MISC", - "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598" + "name": "http://www.openwall.com/lists/oss-security/2024/01/15/3" } ] } diff --git a/2015/8xxx/CVE-2015-8370.json b/2015/8xxx/CVE-2015-8370.json index 392b50b9dca..03bac938c72 100644 --- a/2015/8xxx/CVE-2015-8370.json +++ b/2015/8xxx/CVE-2015-8370.json @@ -161,6 +161,11 @@ "name": "DSA-3421", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3421" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240116 CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot manager", + "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3" } ] } diff --git a/2021/3xxx/CVE-2021-3981.json b/2021/3xxx/CVE-2021-3981.json index 1fdb2336cc7..f7d0bf3f13c 100644 --- a/2021/3xxx/CVE-2021-3981.json +++ b/2021/3xxx/CVE-2021-3981.json @@ -54,20 +54,25 @@ }, "references": { "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170" - }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/" }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170" + }, { "url": "https://security.gentoo.org/glsa/202209-12", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202209-12" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/15/3" } ] } diff --git a/2023/48xxx/CVE-2023-48104.json b/2023/48xxx/CVE-2023-48104.json index aab6aa24080..299cf62a82d 100644 --- a/2023/48xxx/CVE-2023-48104.json +++ b/2023/48xxx/CVE-2023-48104.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48104", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48104", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Alinto SOGo 5.8.0 is vulnerable to HTML Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098", + "refsource": "MISC", + "name": "https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098" + }, + { + "refsource": "MISC", + "name": "https://github.com/E1tex/CVE-2023-48104", + "url": "https://github.com/E1tex/CVE-2023-48104" } ] } diff --git a/2023/49xxx/CVE-2023-49106.json b/2023/49xxx/CVE-2023-49106.json index a99955e3008..93368d474ea 100644 --- a/2023/49xxx/CVE-2023-49106.json +++ b/2023/49xxx/CVE-2023-49106.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hirt@hitachi.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-549 Missing Password Field Masking", + "cweId": "CWE-549" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi", + "product": { + "product_data": [ + { + "product_name": "Hitachi Device Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "8.8.5-04", + "status": "unaffected" + } + ], + "lessThan": "8.8.5-04", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "hitachi-sec-2024-101", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49107.json b/2023/49xxx/CVE-2023-49107.json index d24400cd470..59b16bb761b 100644 --- a/2023/49xxx/CVE-2023-49107.json +++ b/2023/49xxx/CVE-2023-49107.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hirt@hitachi.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi", + "product": { + "product_data": [ + { + "product_name": "Hitachi Device Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "8.8.5-04", + "status": "unaffected" + } + ], + "lessThan": "8.8.5-04", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "hitachi-sec-2024-101", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4001.json b/2023/4xxx/CVE-2023-4001.json index 1f2b614047a..642df994c2a 100644 --- a/2023/4xxx/CVE-2023-4001.json +++ b/2023/4xxx/CVE-2023-4001.json @@ -103,6 +103,11 @@ "url": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/", "refsource": "MISC", "name": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/01/15/3" } ] }, diff --git a/2023/51xxx/CVE-2023-51810.json b/2023/51xxx/CVE-2023-51810.json index 1a321ae358a..f928098d720 100644 --- a/2023/51xxx/CVE-2023-51810.json +++ b/2023/51xxx/CVE-2023-51810.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51810", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51810", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://easydiscuss.com", + "refsource": "MISC", + "name": "http://easydiscuss.com" + }, + { + "url": "http://stackideas.com", + "refsource": "MISC", + "name": "http://stackideas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Pastea/CVE-2023-51810", + "url": "https://github.com/Pastea/CVE-2023-51810" } ] }