From ee35ec779cb18722113a0b11a5afa87e19351b2a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 12 May 2023 18:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/25xxx/CVE-2023-25927.json | 83 ++++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2457.json | 59 ++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2458.json | 59 ++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2573.json | 5 ++ 2023/2xxx/CVE-2023-2574.json | 5 ++ 2023/2xxx/CVE-2023-2575.json | 5 ++ 6 files changed, 204 insertions(+), 12 deletions(-) diff --git a/2023/25xxx/CVE-2023-25927.json b/2023/25xxx/CVE-2023-25927.json index e62003c9515..b2b82c213c4 100644 --- a/2023/25xxx/CVE-2023-25927.json +++ b/2023/25xxx/CVE-2023-25927.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.ibm.com/support/pages/node/6989653", + "refsource": "MISC", + "name": "https://https://www.ibm.com/support/pages/node/6989653" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247635" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2457.json b/2023/2xxx/CVE-2023-2457.json index 08b475105a8..4176f524d83 100644 --- a/2023/2xxx/CVE-2023-2457.json +++ b/2023/2xxx/CVE-2023-2457.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "113.0.5672.114", + "version_value": "113.0.5672.114" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html" + }, + { + "url": "https://crbug.com/1420790", + "refsource": "MISC", + "name": "https://crbug.com/1420790" } ] } diff --git a/2023/2xxx/CVE-2023-2458.json b/2023/2xxx/CVE-2023-2458.json index 32c9cd43344..a7e7896c5ae 100644 --- a/2023/2xxx/CVE-2023-2458.json +++ b/2023/2xxx/CVE-2023-2458.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "113.0.5672.114", + "version_value": "113.0.5672.114" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html" + }, + { + "url": "https://crbug.com/1430692", + "refsource": "MISC", + "name": "https://crbug.com/1430692" } ] } diff --git a/2023/2xxx/CVE-2023-2573.json b/2023/2xxx/CVE-2023-2573.json index 6c9b28bf7c3..ef42f5c0f7f 100644 --- a/2023/2xxx/CVE-2023-2573.json +++ b/2023/2xxx/CVE-2023-2573.json @@ -103,6 +103,11 @@ "url": "http://seclists.org/fulldisclosure/2023/May/4", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2023/May/4" + }, + { + "url": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2574.json b/2023/2xxx/CVE-2023-2574.json index 5692f750d60..9411ea82241 100644 --- a/2023/2xxx/CVE-2023-2574.json +++ b/2023/2xxx/CVE-2023-2574.json @@ -103,6 +103,11 @@ "url": "http://seclists.org/fulldisclosure/2023/May/4", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2023/May/4" + }, + { + "url": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2575.json b/2023/2xxx/CVE-2023-2575.json index c46a616a97e..8237f79e5bb 100644 --- a/2023/2xxx/CVE-2023-2575.json +++ b/2023/2xxx/CVE-2023-2575.json @@ -103,6 +103,11 @@ "url": "http://seclists.org/fulldisclosure/2023/May/4", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2023/May/4" + }, + { + "url": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html" } ] },