"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2023-02-10 08:00:45 +00:00 · 2023-02-10 08:00:45 +00:00 · ecf5457e3f
commit ecf5457e3f
parent 677e570d41
11 changed files with 119 additions and 8 deletions
--- a/2019/13xxx/CVE-2019-13590.json
+++ b/2019/13xxx/CVE-2019-13590.json
@ -56,6 +56,11 @@
                "url": "https://sourceforge.net/p/sox/bugs/325/",
                "refsource": "MISC",
                "name": "https://sourceforge.net/p/sox/bugs/325/"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    }
--- a/2021/23xxx/CVE-2021-23159.json
+++ b/2021/23xxx/CVE-2021-23159.json
@ -68,6 +68,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230203 sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/03/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    },
--- a/2021/23xxx/CVE-2021-23172.json
+++ b/2021/23xxx/CVE-2021-23172.json
@ -68,6 +68,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230203 sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/03/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    },
--- a/2021/23xxx/CVE-2021-23210.json
+++ b/2021/23xxx/CVE-2021-23210.json
@ -68,6 +68,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230203 sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/03/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    },
--- a/2021/33xxx/CVE-2021-33844.json
+++ b/2021/33xxx/CVE-2021-33844.json
@ -83,6 +83,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230206 Re: sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/06/1"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    },
--- a/2021/3xxx/CVE-2021-3643.json
+++ b/2021/3xxx/CVE-2021-3643.json
@ -68,6 +68,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230206 Re: sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/06/1"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    },
--- a/2021/40xxx/CVE-2021-40426.json
+++ b/2021/40xxx/CVE-2021-40426.json
@ -27,6 +27,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230203 sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/03/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    },
--- a/2022/31xxx/CVE-2022-31650.json
+++ b/2022/31xxx/CVE-2022-31650.json
@ -61,6 +61,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230203 sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/03/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    }
--- a/2022/31xxx/CVE-2022-31651.json
+++ b/2022/31xxx/CVE-2022-31651.json
@ -61,6 +61,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230203 sox: patches for old vulnerabilities",
                "url": "http://www.openwall.com/lists/oss-security/2023/02/03/3"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3315-1] sox security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"
            }
        ]
    }
--- a/2023/22xxx/CVE-2023-22369.json
+++ b/2023/22xxx/CVE-2023-22369.json
@ -4,15 +4,15 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-22369",
-        "ASSIGNER": "vultures@jpcert.or.jp",
+        "ASSIGNER": "cve@mitre.org",
        "STATE": "REJECT"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2023-25011.  Reason: This candidate is a duplicate of CVE-2023-25011.  Notes: All CVE users should reference CVE-2023-25011 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage."
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-25011. Reason: This candidate is a duplicate of CVE-2023-25011. Notes: All CVE users should reference CVE-2023-25011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
            }
        ]
    }
-}
+}
--- a/2023/22xxx/CVE-2023-22832.json
+++ b/2023/22xxx/CVE-2023-22832.json
@ -1,18 +1,84 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-22832",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@apache.org",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor."
            }
        ]
-    }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-611 Improper Restriction of XML External Entity Reference",
+                        "cweId": "CWE-611"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Apache Software Foundation",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Apache NiFi",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.2.0",
+                                            "version_affected": "="
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://nifi.apache.org/security.html#CVE-2023-22832",
+                "refsource": "MISC",
+                "name": "https://nifi.apache.org/security.html#CVE-2023-22832"
+            },
+            {
+                "url": "https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w",
+                "refsource": "MISC",
+                "name": "https://lists.apache.org/thread/b51qs6y7b7r58vovddkv6wc16g2xbl3w"
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.1.0-dev"
+    },
+    "source": {
+        "defect": [
+            "NIFI-11029"
+        ],
+        "discovery": "EXTERNAL"
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Yi Cai of Chaitin Tech"
+        }
+    ]
 }