diff --git a/2023/21xxx/CVE-2023-21830.json b/2023/21xxx/CVE-2023-21830.json index aac1c3ae4e7..f0eec214b4c 100644 --- a/2023/21xxx/CVE-2023-21830.json +++ b/2023/21xxx/CVE-2023-21830.json @@ -12,10 +12,6 @@ { "lang": "eng", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." - }, - { - "lang": "eng", - "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ] }, @@ -73,6 +69,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2023.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2023.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2023.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21971.json b/2023/21xxx/CVE-2023-21971.json index 6b418fedec6..6c206f81af2 100644 --- a/2023/21xxx/CVE-2023-21971.json +++ b/2023/21xxx/CVE-2023-21971.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2023.html" }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2023.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0007/", "refsource": "MISC", diff --git a/2023/32xxx/CVE-2023-32202.json b/2023/32xxx/CVE-2023-32202.json new file mode 100644 index 00000000000..33f421c076e --- /dev/null +++ b/2023/32xxx/CVE-2023-32202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38422.json b/2023/38xxx/CVE-2023-38422.json new file mode 100644 index 00000000000..373c11bd201 --- /dev/null +++ b/2023/38xxx/CVE-2023-38422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3527.json b/2023/3xxx/CVE-2023-3527.json index 0e71482cb7d..4bebda1c079 100644 --- a/2023/3xxx/CVE-2023-3527.json +++ b/2023/3xxx/CVE-2023-3527.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securityalerts@avaya.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSV injection vulnerability was found in the\u00a0Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software \n\nsuch as Microsoft Excel.\n\n\u00a0\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", + "cweId": "CWE-1236" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Avaya", + "product": { + "product_data": [ + { + "product_name": "Avaya Call Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "19.x.x.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.avaya.com/css/public/documents/101086364", + "refsource": "MISC", + "name": "https://download.avaya.com/css/public/documents/101086364" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "CMS-7027" + ], + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L", + "version": "3.1" } ] }