diff --git a/2022/25xxx/CVE-2022-25350.json b/2022/25xxx/CVE-2022-25350.json
index 31d5aa7a078..3ed5516205b 100644
--- a/2022/25xxx/CVE-2022-25350.json
+++ b/2022/25xxx/CVE-2022-25350.json
@@ -1,17 +1,92 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25350",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "report@snyk.io",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Command Injection",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "puppet-facter",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JS-PUPPETFACTER-3175616",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JS-PUPPETFACTER-3175616"
+ },
+ {
+ "url": "https://github.com/olindata/node-puppet-facter/blob/f34bcc754325d71bb3b1b534804e53d6170f15f5/index.js%23L10",
+ "refsource": "MISC",
+ "name": "https://github.com/olindata/node-puppet-facter/blob/f34bcc754325d71bb3b1b534804e53d6170f15f5/index.js%23L10"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "JHU"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P"
}
]
}
diff --git a/2022/25xxx/CVE-2022-25860.json b/2022/25xxx/CVE-2022-25860.json
index 2fef39ded3d..e208fad0d06 100644
--- a/2022/25xxx/CVE-2022-25860.json
+++ b/2022/25xxx/CVE-2022-25860.json
@@ -1,17 +1,97 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25860",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "report@snyk.io",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote Code Execution (RCE)",
+ "cweId": "CWE-94"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "simple-git",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391"
+ },
+ {
+ "url": "https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13",
+ "refsource": "MISC",
+ "name": "https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13"
+ },
+ {
+ "url": "https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951",
+ "refsource": "MISC",
+ "name": "https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Santos Gallegos"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P"
}
]
}
diff --git a/2022/25xxx/CVE-2022-25908.json b/2022/25xxx/CVE-2022-25908.json
index 953a97c7cb8..2b1fe2feda5 100644
--- a/2022/25xxx/CVE-2022-25908.json
+++ b/2022/25xxx/CVE-2022-25908.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25908",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "report@snyk.io",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Command Injection",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "create-choo-electron",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953",
+ "refsource": "MISC",
+ "name": "https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Mingqing Kang"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P"
}
]
}
diff --git a/2022/26xxx/CVE-2022-26329.json b/2022/26xxx/CVE-2022-26329.json
index edb5fa52b6a..9d091271136 100644
--- a/2022/26xxx/CVE-2022-26329.json
+++ b/2022/26xxx/CVE-2022-26329.json
@@ -1,18 +1,100 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26329",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "File existence disclosue vulnerability in IDM plugin"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "NetIQ Identity Manager",
+ "version": {
+ "version_data": [
+ {
+ "platform": "ALL",
+ "version_affected": "<",
+ "version_name": "NetIQ Identity Manager",
+ "version_value": "4.8.5"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Micro Focus"
+ }
+ ]
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us."
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL."
}
]
- }
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "HIGH",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 1.8,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
+ "version": "3.1"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-538 File and Directory Information Exposure"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html",
+ "refsource": "CONFIRM",
+ "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "eng",
+ "value": "Update to the NetIQ Identity Manager 4.8.5 or above."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/27xxx/CVE-2022-27507.json b/2022/27xxx/CVE-2022-27507.json
index 357091e7728..b66e2a8ccea 100644
--- a/2022/27xxx/CVE-2022-27507.json
+++ b/2022/27xxx/CVE-2022-27507.json
@@ -1,18 +1,92 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "secure@citrix.com",
+ "DATE_PUBLIC": "2022-05-26T05:58:00.000Z",
"ID": "CVE-2022-27507",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "Authenticated denial of service "
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "13.1",
+ "version_value": "13.1-21.50"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "13.0",
+ "version_value": "13.0-85.19"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "12.1",
+ "version_value": "12.1-64.17\u202f "
+ },
+ {
+ "version_affected": "<",
+ "version_name": "12.1 FIPS",
+ "version_value": "12.1-55.278"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "12.1 NDcPP",
+ "version_value": "12.1-55.278"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Citirx"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Authenticated denial of service"
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-400 Uncontrolled Resource Consumption"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508",
+ "name": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2022/27xxx/CVE-2022-27508.json b/2022/27xxx/CVE-2022-27508.json
index 98226beb68a..9ac4d127df6 100644
--- a/2022/27xxx/CVE-2022-27508.json
+++ b/2022/27xxx/CVE-2022-27508.json
@@ -1,18 +1,72 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
+ "ASSIGNER": "secure@citrix.com",
+ "DATE_PUBLIC": "2022-05-26T05:58:00.000Z",
"ID": "CVE-2022-27508",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "STATE": "PUBLIC",
+ "TITLE": "Unauthenticated denial of service "
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_name": "12.1",
+ "version_value": "12.1-64.16"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Citirx"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unauthenticated denial of service"
}
]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-400 Uncontrolled Resource Consumption"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508",
+ "name": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
+ }
+ ]
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2022/2xxx/CVE-2022-2873.json b/2022/2xxx/CVE-2022-2873.json
index 00917143dff..9441d443c5f 100644
--- a/2022/2xxx/CVE-2022-2873.json
+++ b/2022/2xxx/CVE-2022-2873.json
@@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230120-0001/",
"url": "https://security.netapp.com/advisory/ntap-20230120-0001/"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
},
diff --git a/2022/32xxx/CVE-2022-32221.json b/2022/32xxx/CVE-2022-32221.json
index eb8077ba398..bd54fb54697 100644
--- a/2022/32xxx/CVE-2022-32221.json
+++ b/2022/32xxx/CVE-2022-32221.json
@@ -68,6 +68,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
},
diff --git a/2022/32xxx/CVE-2022-32915.json b/2022/32xxx/CVE-2022-32915.json
index 18fa1597cb0..7c3c9fd538c 100644
--- a/2022/32xxx/CVE-2022-32915.json
+++ b/2022/32xxx/CVE-2022-32915.json
@@ -54,6 +54,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213604",
"url": "https://support.apple.com/kb/HT213604"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
}
]
},
diff --git a/2022/35xxx/CVE-2022-35252.json b/2022/35xxx/CVE-2022-35252.json
index cb70e621b5a..eafbc0043d7 100644
--- a/2022/35xxx/CVE-2022-35252.json
+++ b/2022/35xxx/CVE-2022-35252.json
@@ -68,6 +68,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213604",
"url": "https://support.apple.com/kb/HT213604"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/21"
}
]
},
diff --git a/2022/35xxx/CVE-2022-35260.json b/2022/35xxx/CVE-2022-35260.json
index 9a306040d6a..1a1ffa7fa0a 100644
--- a/2022/35xxx/CVE-2022-35260.json
+++ b/2022/35xxx/CVE-2022-35260.json
@@ -68,6 +68,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
},
diff --git a/2022/36xxx/CVE-2022-36280.json b/2022/36xxx/CVE-2022-36280.json
index 33b3eed95c6..2e3defdeb65 100644
--- a/2022/36xxx/CVE-2022-36280.json
+++ b/2022/36xxx/CVE-2022-36280.json
@@ -92,6 +92,11 @@
"refsource": "MISC",
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2071",
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2071"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
},
diff --git a/2022/3xxx/CVE-2022-3478.json b/2022/3xxx/CVE-2022-3478.json
index fcbcae84533..7c4adf421c3 100644
--- a/2022/3xxx/CVE-2022-3478.json
+++ b/2022/3xxx/CVE-2022-3478.json
@@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3478",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=12.8, <15.4.6"
+ },
+ {
+ "version_value": ">=15.5, <15.5.5"
+ },
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Uncontrolled resource consumption in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/377788",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377788",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://hackerone.com/reports/1716296",
+ "url": "https://hackerone.com/reports/1716296",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3478.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package."
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1",
+ "baseScore": 4.2,
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Thanks [luryus](https://hackerone.com/luryus) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/3xxx/CVE-2022-3482.json b/2022/3xxx/CVE-2022-3482.json
index 491c1b201ff..f7b2864370b 100644
--- a/2022/3xxx/CVE-2022-3482.json
+++ b/2022/3xxx/CVE-2022-3482.json
@@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3482",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=11.3, <15.4.6"
+ },
+ {
+ "version_value": ">=15.5, <15.5.5"
+ },
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper access control in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/377802",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377802",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://hackerone.com/reports/1725841",
+ "url": "https://hackerone.com/reports/1725841",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only"
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/3xxx/CVE-2022-3545.json b/2022/3xxx/CVE-2022-3545.json
index 54d165fdb40..06a1423a582 100644
--- a/2022/3xxx/CVE-2022-3545.json
+++ b/2022/3xxx/CVE-2022-3545.json
@@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221223-0003/",
"url": "https://security.netapp.com/advisory/ntap-20221223-0003/"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}
diff --git a/2022/3xxx/CVE-2022-3572.json b/2022/3xxx/CVE-2022-3572.json
index ef22a909577..43fe3e490ff 100644
--- a/2022/3xxx/CVE-2022-3572.json
+++ b/2022/3xxx/CVE-2022-3572.json
@@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3572",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=13.5, <15.4.6"
+ },
+ {
+ "version_value": ">=15.5, <15.5.5"
+ },
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/378214",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/378214",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://hackerone.com/reports/1727985",
+ "url": "https://hackerone.com/reports/1727985",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims."
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 9.3,
+ "baseSeverity": "CRITICAL"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Thanks [ryotak](https://hackerone.com/ryotak) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/3xxx/CVE-2022-3623.json b/2022/3xxx/CVE-2022-3623.json
index 7184033c6aa..d3dd559e4ef 100644
--- a/2022/3xxx/CVE-2022-3623.json
+++ b/2022/3xxx/CVE-2022-3623.json
@@ -71,6 +71,11 @@
"url": "https://vuldb.com/?id.211921",
"refsource": "MISC",
"name": "https://vuldb.com/?id.211921"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}
diff --git a/2022/3xxx/CVE-2022-3705.json b/2022/3xxx/CVE-2022-3705.json
index da719700a77..44b0d121237 100644
--- a/2022/3xxx/CVE-2022-3705.json
+++ b/2022/3xxx/CVE-2022-3705.json
@@ -101,6 +101,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}
diff --git a/2022/3xxx/CVE-2022-3740.json b/2022/3xxx/CVE-2022-3740.json
index 822d3dcf09f..901d2a6eee3 100644
--- a/2022/3xxx/CVE-2022-3740.json
+++ b/2022/3xxx/CVE-2022-3740.json
@@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3740",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=12.9, <15.4.6"
+ },
+ {
+ "version_value": ">=15.5, <15.5.5"
+ },
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper access control in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/368416",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/368416",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://hackerone.com/reports/1602904",
+ "url": "https://hackerone.com/reports/1602904",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys ."
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Thanks [@joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/3xxx/CVE-2022-3820.json b/2022/3xxx/CVE-2022-3820.json
index 79bb9b82844..9003353bed5 100644
--- a/2022/3xxx/CVE-2022-3820.json
+++ b/2022/3xxx/CVE-2022-3820.json
@@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3820",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=15.4, <15.4.6"
+ },
+ {
+ "version_value": ">=15.5, <15.5.5"
+ },
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper access control in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/378638",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/378638",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location."
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "This vulnerability has been discovered internally by the GitLab team."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/3xxx/CVE-2022-3902.json b/2022/3xxx/CVE-2022-3902.json
index 5c1485042d7..e4ec24e15c9 100644
--- a/2022/3xxx/CVE-2022-3902.json
+++ b/2022/3xxx/CVE-2022-3902.json
@@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3902",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=9.3, <15.4.6"
+ },
+ {
+ "version_value": ">=15.5, <15.5.5"
+ },
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Information exposure in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/381895",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/381895",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://hackerone.com/reports/1757999",
+ "url": "https://hackerone.com/reports/1757999",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks."
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/41xxx/CVE-2022-41218.json b/2022/41xxx/CVE-2022-41218.json
index c79956d1b20..6c01e875b13 100644
--- a/2022/41xxx/CVE-2022-41218.json
+++ b/2022/41xxx/CVE-2022-41218.json
@@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20220923 [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
"url": "http://www.openwall.com/lists/oss-security/2022/09/24/1"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}
diff --git a/2022/42xxx/CVE-2022-42915.json b/2022/42xxx/CVE-2022-42915.json
index d5a8a952565..12b42ea0bc7 100644
--- a/2022/42xxx/CVE-2022-42915.json
+++ b/2022/42xxx/CVE-2022-42915.json
@@ -91,6 +91,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}
diff --git a/2022/42xxx/CVE-2022-42916.json b/2022/42xxx/CVE-2022-42916.json
index ff56e3af084..6175278698d 100644
--- a/2022/42xxx/CVE-2022-42916.json
+++ b/2022/42xxx/CVE-2022-42916.json
@@ -96,6 +96,16 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT213605",
"url": "https://support.apple.com/kb/HT213605"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
+ "url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}
diff --git a/2022/45xxx/CVE-2022-45934.json b/2022/45xxx/CVE-2022-45934.json
index 6e23bf5c0fd..4eec991d161 100644
--- a/2022/45xxx/CVE-2022-45934.json
+++ b/2022/45xxx/CVE-2022-45934.json
@@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230113-0008/",
"url": "https://security.netapp.com/advisory/ntap-20230113-0008/"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}
diff --git a/2022/47xxx/CVE-2022-47100.json b/2022/47xxx/CVE-2022-47100.json
index 7531be65cd3..2f7746a3f42 100644
--- a/2022/47xxx/CVE-2022-47100.json
+++ b/2022/47xxx/CVE-2022-47100.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2022-47100",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2022-47100",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/iot-sec23/IoT-CVE/blob/main/Sengled%20Smart%20Bulb%20Vulnerability%20Report.pdf",
+ "url": "https://github.com/iot-sec23/IoT-CVE/blob/main/Sengled%20Smart%20Bulb%20Vulnerability%20Report.pdf"
}
]
}
diff --git a/2022/47xxx/CVE-2022-47929.json b/2022/47xxx/CVE-2022-47929.json
index 9b0086302f8..65a21ac69a5 100644
--- a/2022/47xxx/CVE-2022-47929.json
+++ b/2022/47xxx/CVE-2022-47929.json
@@ -71,6 +71,11 @@
"refsource": "CONFIRM",
"name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6",
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}
diff --git a/2022/4xxx/CVE-2022-4054.json b/2022/4xxx/CVE-2022-4054.json
index 52f76caf497..19ae1f2b92b 100644
--- a/2022/4xxx/CVE-2022-4054.json
+++ b/2022/4xxx/CVE-2022-4054.json
@@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4054",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=9.3, <15.4.6"
+ },
+ {
+ "version_value": ">=15.5, <15.5.5"
+ },
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Information exposure in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/382260",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/382260",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://hackerone.com/reports/1758126",
+ "url": "https://hackerone.com/reports/1758126",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers."
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2022/4xxx/CVE-2022-4092.json b/2022/4xxx/CVE-2022-4092.json
index 7ec9cebfdf7..a38f8aa9995 100644
--- a/2022/4xxx/CVE-2022-4092.json
+++ b/2022/4xxx/CVE-2022-4092.json
@@ -4,15 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4092",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=15.6, <15.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper enforcement of message or data structure in GitLab"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/383208",
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/383208",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://hackerone.com/reports/1777934",
+ "url": "https://hackerone.com/reports/1777934",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input."
}
]
- }
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0356.json b/2023/0xxx/CVE-2023-0356.json
index f60f5627cfc..843584bd45b 100644
--- a/2023/0xxx/CVE-2023-0356.json
+++ b/2023/0xxx/CVE-2023-0356.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0356",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-261 Weak Encoding For Password",
+ "cweId": "CWE-261"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "SOCOMEC",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "MODULYS GP ",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "0",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-024-02",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-024-02"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nSOCOMEC has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact SOCOMEC customer support.\n\n
"
+ }
+ ],
+ "value": "\nSOCOMEC has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact SOCOMEC customer support https://www.socomec.com/contact-us_en.html .\n\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Javier Fernandez Ber\u00e9 and Aar\u00f3n Flecha Men\u00e9ndez of S21sec reported this vulnerability to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/0xxx/CVE-2023-0411.json b/2023/0xxx/CVE-2023-0411.json
index 62f4c6596ba..375d7a65300 100644
--- a/2023/0xxx/CVE-2023-0411.json
+++ b/2023/0xxx/CVE-2023-0411.json
@@ -4,15 +4,98 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0411",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Wireshark Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wireshark",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=4.0.0, <4.0.3"
+ },
+ {
+ "version_value": ">=3.6.0, <3.6.11"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Excessive iteration in Wireshark"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wireshark.org/security/wnpa-sec-2023-06.html",
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-06.html",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18711",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18711",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18720",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18720",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18737",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18737",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ }
}
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0412.json b/2023/0xxx/CVE-2023-0412.json
index f7b9550578a..5c51b0139b2 100644
--- a/2023/0xxx/CVE-2023-0412.json
+++ b/2023/0xxx/CVE-2023-0412.json
@@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0412",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Wireshark Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wireshark",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=4.0.0, <4.0.3"
+ },
+ {
+ "version_value": ">=3.6.0, <3.6.11"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Uncontrolled recursion in Wireshark"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wireshark.org/security/wnpa-sec-2023-07.html",
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18770",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18770",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ }
}
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0413.json b/2023/0xxx/CVE-2023-0413.json
index 2c8f766a695..e247bd2c635 100644
--- a/2023/0xxx/CVE-2023-0413.json
+++ b/2023/0xxx/CVE-2023-0413.json
@@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0413",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Wireshark Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wireshark",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=4.0.0, <4.0.3"
+ },
+ {
+ "version_value": ">=3.6.0, <3.6.11"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Null pointer dereference in Wireshark"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wireshark.org/security/wnpa-sec-2023-03.html",
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18766",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18766",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ }
}
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0414.json b/2023/0xxx/CVE-2023-0414.json
index e7cb1274557..3fb81738cb7 100644
--- a/2023/0xxx/CVE-2023-0414.json
+++ b/2023/0xxx/CVE-2023-0414.json
@@ -4,15 +4,85 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0414",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Wireshark Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wireshark",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=4.0.0, <4.0.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Expired pointer dereference in Wireshark"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wireshark.org/security/wnpa-sec-2023-01.html",
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-01.html",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18622",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18622",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file"
}
]
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ }
}
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0415.json b/2023/0xxx/CVE-2023-0415.json
index bce69f9dc20..c1701885722 100644
--- a/2023/0xxx/CVE-2023-0415.json
+++ b/2023/0xxx/CVE-2023-0415.json
@@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0415",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Wireshark Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wireshark",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=4.0.0, <4.0.3"
+ },
+ {
+ "version_value": ">=3.6.0, <3.6.11"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Null pointer dereference in Wireshark"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wireshark.org/security/wnpa-sec-2023-05.html",
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-05.html",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18796",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18796",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ }
}
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0416.json b/2023/0xxx/CVE-2023-0416.json
index f6d3e16a19b..f87d2cbb966 100644
--- a/2023/0xxx/CVE-2023-0416.json
+++ b/2023/0xxx/CVE-2023-0416.json
@@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0416",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Wireshark Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wireshark",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=4.0.0, <4.0.3"
+ },
+ {
+ "version_value": ">=3.6.0, <3.6.11"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Expired pointer dereference in Wireshark"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wireshark.org/security/wnpa-sec-2023-04.html",
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-04.html",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18779",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18779",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ }
}
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0417.json b/2023/0xxx/CVE-2023-0417.json
index 44c231ee285..1205fd3f914 100644
--- a/2023/0xxx/CVE-2023-0417.json
+++ b/2023/0xxx/CVE-2023-0417.json
@@ -4,15 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0417",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Wireshark Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wireshark",
+ "version": {
+ "version_data": [
+ {
+ "version_value": ">=4.0.0, <4.0.3"
+ },
+ {
+ "version_value": ">=3.6.0, <3.6.11"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Uncontrolled memory allocation in Wireshark"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wireshark.org/security/wnpa-sec-2023-02.html",
+ "url": "https://www.wireshark.org/security/wnpa-sec-2023-02.html",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/wireshark/wireshark/-/issues/18628",
+ "url": "https://gitlab.com/wireshark/wireshark/-/issues/18628",
+ "refsource": "MISC"
+ },
+ {
+ "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json",
+ "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json",
+ "refsource": "CONFIRM"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
]
+ },
+ "impact": {
+ "cvss": {
+ "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1",
+ "baseScore": 6.2,
+ "baseSeverity": "MEDIUM"
+ }
}
}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0444.json b/2023/0xxx/CVE-2023-0444.json
index dae345f5266..f94719c8fd5 100644
--- a/2023/0xxx/CVE-2023-0444.json
+++ b/2023/0xxx/CVE-2023-0444.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0444",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnreport@tenable.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Delta Electronics InfraSuite Device Master 00.00.02a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Delta Electronics InfraSuite Device Master 00.00.02a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Privilege Escalation"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://www.tenable.com/security/research/tra-2023-4",
+ "url": "https://www.tenable.com/security/research/tra-2023-4"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator."
}
]
}
diff --git a/2023/0xxx/CVE-2023-0448.json b/2023/0xxx/CVE-2023-0448.json
index e507619c00d..de69fe59e6e 100644
--- a/2023/0xxx/CVE-2023-0448.json
+++ b/2023/0xxx/CVE-2023-0448.json
@@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0448",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnreport@tenable.com",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WP Helper Lite Wordpress Plugin",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All versions prior to version 4.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Reflected Cross-Site Scripting"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://www.tenable.com/security/research/tra-2023-3",
+ "url": "https://www.tenable.com/security/research/tra-2023-3"
+ }
+ ]
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability."
}
]
}
diff --git a/2023/0xxx/CVE-2023-0455.json b/2023/0xxx/CVE-2023-0455.json
new file mode 100644
index 00000000000..98e1d6af031
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0455.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0455",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0456.json b/2023/0xxx/CVE-2023-0456.json
new file mode 100644
index 00000000000..41690415b38
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0456.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0456",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0480.json b/2023/0xxx/CVE-2023-0480.json
new file mode 100644
index 00000000000..99b46eeba05
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0480.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0480",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0481.json b/2023/0xxx/CVE-2023-0481.json
new file mode 100644
index 00000000000..1a286d3c678
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0481.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0481",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/0xxx/CVE-2023-0482.json b/2023/0xxx/CVE-2023-0482.json
new file mode 100644
index 00000000000..b8fd9ca7053
--- /dev/null
+++ b/2023/0xxx/CVE-2023-0482.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-0482",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/22xxx/CVE-2023-22486.json b/2023/22xxx/CVE-2023-22486.json
index f3759f3919a..e22cf4cc8d0 100644
--- a/2023/22xxx/CVE-2023-22486.json
+++ b/2023/22xxx/CVE-2023-22486.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22486",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-400: Uncontrolled Resource Consumption",
+ "cweId": "CWE-400"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-407: Inefficient Algorithmic Complexity",
+ "cweId": "CWE-407"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "github",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "cmark-gfm",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "< 0.29.0.gfm.7",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p",
+ "refsource": "MISC",
+ "name": "https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-r572-jvj2-3m8p",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/23xxx/CVE-2023-23454.json b/2023/23xxx/CVE-2023-23454.json
index 88de42a4f4d..aabcd5ffb49 100644
--- a/2023/23xxx/CVE-2023-23454.json
+++ b/2023/23xxx/CVE-2023-23454.json
@@ -66,6 +66,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}
diff --git a/2023/23xxx/CVE-2023-23455.json b/2023/23xxx/CVE-2023-23455.json
index 7a3f23666a7..042aaabab85 100644
--- a/2023/23xxx/CVE-2023-23455.json
+++ b/2023/23xxx/CVE-2023-23455.json
@@ -66,6 +66,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b"
+ },
+ {
+ "refsource": "DEBIAN",
+ "name": "DSA-5324",
+ "url": "https://www.debian.org/security/2023/dsa-5324"
}
]
}
diff --git a/2023/23xxx/CVE-2023-23608.json b/2023/23xxx/CVE-2023-23608.json
index 2412195b49a..090e884e642 100644
--- a/2023/23xxx/CVE-2023-23608.json
+++ b/2023/23xxx/CVE-2023-23608.json
@@ -1,17 +1,85 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23608",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an attacker to insert arbitrary characters into the path that is used for API requests. Because it is possible to include \"..\", an attacker can redirect for example a track lookup via spotifyApi.track() to an arbitrary API endpoint like playlists, but this is possible for other endpoints as well. The impact of this vulnerability depends heavily on what operations a client application performs when it handles a URI from a user and how it uses the responses it receives from the API. This issue is patched in version 2.22.1."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "spotipy-dev",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "spotipy",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "< 2.22.1",
+ "version_affected": "="
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v",
+ "refsource": "MISC",
+ "name": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-q764-g6fm-555v",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 0,
+ "baseSeverity": "NONE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/24xxx/CVE-2023-24068.json b/2023/24xxx/CVE-2023-24068.json
index bc9f11be465..7088195dff3 100644
--- a/2023/24xxx/CVE-2023-24068.json
+++ b/2023/24xxx/CVE-2023-24068.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file."
+ "value": "** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
}
]
},
diff --git a/2023/24xxx/CVE-2023-24069.json b/2023/24xxx/CVE-2023-24069.json
index df467c8766f..6fa21bac568 100644
--- a/2023/24xxx/CVE-2023-24069.json
+++ b/2023/24xxx/CVE-2023-24069.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.)"
+ "value": "** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access."
}
]
},
diff --git a/2023/24xxx/CVE-2023-24496.json b/2023/24xxx/CVE-2023-24496.json
new file mode 100644
index 00000000000..d7187304767
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24496.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24496",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24497.json b/2023/24xxx/CVE-2023-24497.json
new file mode 100644
index 00000000000..a043578d82a
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24497.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24497",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24498.json b/2023/24xxx/CVE-2023-24498.json
new file mode 100644
index 00000000000..a9c48013251
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24498.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24498",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24499.json b/2023/24xxx/CVE-2023-24499.json
new file mode 100644
index 00000000000..cf2b2b8c9d8
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24499.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24499",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24500.json b/2023/24xxx/CVE-2023-24500.json
new file mode 100644
index 00000000000..51fb361c88f
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24500.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24500",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24501.json b/2023/24xxx/CVE-2023-24501.json
new file mode 100644
index 00000000000..aff4a4551e9
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24501.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24501",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24502.json b/2023/24xxx/CVE-2023-24502.json
new file mode 100644
index 00000000000..67b8419b2cc
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24502.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24502",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24503.json b/2023/24xxx/CVE-2023-24503.json
new file mode 100644
index 00000000000..08adc3bdc9f
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24503.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24503",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24504.json b/2023/24xxx/CVE-2023-24504.json
new file mode 100644
index 00000000000..26328e64364
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24504.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24504",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24505.json b/2023/24xxx/CVE-2023-24505.json
new file mode 100644
index 00000000000..853cd4dd5fa
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24505.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24505",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24506.json b/2023/24xxx/CVE-2023-24506.json
new file mode 100644
index 00000000000..5225ecc4967
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24506.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24506",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24507.json b/2023/24xxx/CVE-2023-24507.json
new file mode 100644
index 00000000000..25d09c0a34b
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24507.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24507",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/24xxx/CVE-2023-24508.json b/2023/24xxx/CVE-2023-24508.json
new file mode 100644
index 00000000000..b1aeedd1624
--- /dev/null
+++ b/2023/24xxx/CVE-2023-24508.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-24508",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file