diff --git a/2022/46xxx/CVE-2022-46480.json b/2022/46xxx/CVE-2022-46480.json index 1e9f5253cc7..0ddb7d7653a 100644 --- a/2022/46xxx/CVE-2022-46480.json +++ b/2022/46xxx/CVE-2022-46480.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent" + }, + { + "refsource": "MISC", + "name": "https://arxiv.org/abs/2312.00021", + "url": "https://arxiv.org/abs/2312.00021" } ] } diff --git a/2023/26xxx/CVE-2023-26941.json b/2023/26xxx/CVE-2023-26941.json index 515305d7318..06978c258ce 100644 --- a/2023/26xxx/CVE-2023-26941.json +++ b/2023/26xxx/CVE-2023-26941.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent" + }, + { + "refsource": "MISC", + "name": "https://arxiv.org/abs/2312.00021", + "url": "https://arxiv.org/abs/2312.00021" } ] } diff --git a/2023/26xxx/CVE-2023-26942.json b/2023/26xxx/CVE-2023-26942.json index 6834525ff42..40d830e020c 100644 --- a/2023/26xxx/CVE-2023-26942.json +++ b/2023/26xxx/CVE-2023-26942.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent" + }, + { + "refsource": "MISC", + "name": "https://arxiv.org/abs/2312.00021", + "url": "https://arxiv.org/abs/2312.00021" } ] } diff --git a/2023/26xxx/CVE-2023-26943.json b/2023/26xxx/CVE-2023-26943.json index ae89a85aa23..78856cec2f8 100644 --- a/2023/26xxx/CVE-2023-26943.json +++ b/2023/26xxx/CVE-2023-26943.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", "url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent" + }, + { + "refsource": "MISC", + "name": "https://arxiv.org/abs/2312.00021", + "url": "https://arxiv.org/abs/2312.00021" } ] } diff --git a/2023/41xxx/CVE-2023-41619.json b/2023/41xxx/CVE-2023-41619.json index 8160c10a6f9..c5574428332 100644 --- a/2023/41xxx/CVE-2023-41619.json +++ b/2023/41xxx/CVE-2023-41619.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-41619", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-41619", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/emlog/emlog", + "refsource": "MISC", + "name": "https://github.com/emlog/emlog" + }, + { + "refsource": "MISC", + "name": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41619", + "url": "https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41619" } ] } diff --git a/2023/43xxx/CVE-2023-43449.json b/2023/43xxx/CVE-2023-43449.json index 5ca5bb09bbe..742b30eeeec 100644 --- a/2023/43xxx/CVE-2023-43449.json +++ b/2023/43xxx/CVE-2023-43449.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43449", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43449", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HummerRisk/HummerRisk/issues/446", + "refsource": "MISC", + "name": "https://github.com/HummerRisk/HummerRisk/issues/446" } ] } diff --git a/2023/47xxx/CVE-2023-47459.json b/2023/47xxx/CVE-2023-47459.json index a57183c9c64..ce0477e8468 100644 --- a/2023/47xxx/CVE-2023-47459.json +++ b/2023/47xxx/CVE-2023-47459.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47459", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47459", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.knovos.com", + "refsource": "MISC", + "name": "https://www.knovos.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/aleksey-vi/CVE-2023-47459", + "url": "https://github.com/aleksey-vi/CVE-2023-47459" } ] } diff --git a/2023/47xxx/CVE-2023-47460.json b/2023/47xxx/CVE-2023-47460.json index 1b881e66118..8a85d1104a6 100644 --- a/2023/47xxx/CVE-2023-47460.json +++ b/2023/47xxx/CVE-2023-47460.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47460", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47460", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.knovos.com", + "refsource": "MISC", + "name": "https://www.knovos.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/aleksey-vi/CVE-2023-47460", + "url": "https://github.com/aleksey-vi/CVE-2023-47460" } ] } diff --git a/2023/51xxx/CVE-2023-51059.json b/2023/51xxx/CVE-2023-51059.json index bb611682b9e..3780b269171 100644 --- a/2023/51xxx/CVE-2023-51059.json +++ b/2023/51xxx/CVE-2023-51059.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51059", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf", + "refsource": "MISC", + "name": "https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management", + "url": "https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management" } ] } diff --git a/2023/51xxx/CVE-2023-51257.json b/2023/51xxx/CVE-2023-51257.json index ebd32aedb33..611c0ffb084 100644 --- a/2023/51xxx/CVE-2023-51257.json +++ b/2023/51xxx/CVE-2023-51257.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51257", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51257", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jasper-software/jasper/issues/367", + "refsource": "MISC", + "name": "https://github.com/jasper-software/jasper/issues/367" } ] } diff --git a/2023/51xxx/CVE-2023-51282.json b/2023/51xxx/CVE-2023-51282.json index afd12faebc7..7b6359785b0 100644 --- a/2023/51xxx/CVE-2023-51282.json +++ b/2023/51xxx/CVE-2023-51282.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51282", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51282", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mingSoft/MCMS/issues/I4Q4NV", + "url": "https://gitee.com/mingSoft/MCMS/issues/I4Q4NV" + }, + { + "url": "https://github.com/tanalala/CVE/blob/main/Code.md", + "refsource": "MISC", + "name": "https://github.com/tanalala/CVE/blob/main/Code.md" } ] } diff --git a/2023/6xxx/CVE-2023-6457.json b/2023/6xxx/CVE-2023-6457.json index 931d58c2e90..1e49370d0da 100644 --- a/2023/6xxx/CVE-2023-6457.json +++ b/2023/6xxx/CVE-2023-6457.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hirt@hitachi.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi", + "product": { + "product_data": [ + { + "product_name": "Hitachi Tuning Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "8.8.5-04", + "status": "unaffected" + } + ], + "lessThan": "8.8.5-04", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-104/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-104/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "hitachi-sec-2024-104", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] }