From f27fe0567667ffb003075d7e95697ca87b1d69cc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 21 Jun 2024 20:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/8xxx/CVE-2018-8032.json | 5 ++ 2019/0xxx/CVE-2019-0227.json | 5 ++ 2019/1xxx/CVE-2019-1547.json | 5 ++ 2020/15xxx/CVE-2020-15366.json | 5 ++ 2020/1xxx/CVE-2020-1971.json | 5 ++ 2020/28xxx/CVE-2020-28458.json | 5 ++ 2021/23xxx/CVE-2021-23445.json | 5 ++ 2021/23xxx/CVE-2021-23839.json | 5 ++ 2021/23xxx/CVE-2021-23840.json | 5 ++ 2021/23xxx/CVE-2021-23841.json | 5 ++ 2021/28xxx/CVE-2021-28167.json | 7 ++- 2021/28xxx/CVE-2021-28363.json | 5 ++ 2021/31xxx/CVE-2021-31684.json | 5 ++ 2021/35xxx/CVE-2021-35550.json | 5 ++ 2021/35xxx/CVE-2021-35556.json | 5 ++ 2021/35xxx/CVE-2021-35559.json | 5 ++ 2021/35xxx/CVE-2021-35560.json | 5 ++ 2021/35xxx/CVE-2021-35564.json | 5 ++ 2021/35xxx/CVE-2021-35565.json | 5 ++ 2021/35xxx/CVE-2021-35578.json | 5 ++ 2021/35xxx/CVE-2021-35586.json | 5 ++ 2021/35xxx/CVE-2021-35588.json | 5 ++ 2021/35xxx/CVE-2021-35603.json | 5 ++ 2021/3xxx/CVE-2021-3449.json | 5 ++ 2021/3xxx/CVE-2021-3572.json | 5 ++ 2021/3xxx/CVE-2021-3711.json | 5 ++ 2021/3xxx/CVE-2021-3712.json | 5 ++ 2021/41xxx/CVE-2021-41035.json | 7 ++- 2021/43xxx/CVE-2021-43138.json | 5 ++ 2021/44xxx/CVE-2021-44906.json | 5 ++ 2021/4xxx/CVE-2021-4160.json | 5 ++ 2022/0xxx/CVE-2022-0778.json | 5 ++ 2022/1xxx/CVE-2022-1471.json | 5 ++ 2022/21xxx/CVE-2022-21299.json | 5 ++ 2022/21xxx/CVE-2022-21434.json | 5 ++ 2022/21xxx/CVE-2022-21443.json | 5 ++ 2022/21xxx/CVE-2022-21496.json | 5 ++ 2022/23xxx/CVE-2022-23539.json | 15 ++++-- 2022/23xxx/CVE-2022-23540.json | 15 ++++-- 2022/23xxx/CVE-2022-23541.json | 21 +++++---- 2022/2xxx/CVE-2022-2097.json | 5 ++ 2022/34xxx/CVE-2022-34169.json | 5 ++ 2022/34xxx/CVE-2022-34357.json | 5 ++ 2022/3xxx/CVE-2022-3080.json | 5 ++ 2022/40xxx/CVE-2022-40897.json | 5 ++ 2022/41xxx/CVE-2022-41854.json | 5 ++ 2022/48xxx/CVE-2022-48285.json | 5 ++ 2023/0xxx/CVE-2023-0215.json | 5 ++ 2023/0xxx/CVE-2023-0464.json | 5 ++ 2023/1xxx/CVE-2023-1370.json | 7 ++- 2023/21xxx/CVE-2023-21930.json | 5 ++ 2023/21xxx/CVE-2023-21937.json | 5 ++ 2023/21xxx/CVE-2023-21938.json | 5 ++ 2023/21xxx/CVE-2023-21939.json | 5 ++ 2023/21xxx/CVE-2023-21954.json | 5 ++ 2023/21xxx/CVE-2023-21967.json | 5 ++ 2023/21xxx/CVE-2023-21968.json | 5 ++ 2023/22xxx/CVE-2023-22049.json | 5 ++ 2023/26xxx/CVE-2023-26115.json | 5 ++ 2023/26xxx/CVE-2023-26136.json | 5 ++ 2023/2xxx/CVE-2023-2597.json | 5 ++ 2023/30xxx/CVE-2023-30588.json | 5 ++ 2023/30xxx/CVE-2023-30589.json | 5 ++ 2023/30xxx/CVE-2023-30996.json | 5 ++ 2023/31xxx/CVE-2023-31484.json | 5 ++ 2023/32xxx/CVE-2023-32344.json | 5 ++ 2023/34xxx/CVE-2023-34462.json | 5 ++ 2023/35xxx/CVE-2023-35009.json | 5 ++ 2023/35xxx/CVE-2023-35011.json | 5 ++ 2023/36xxx/CVE-2023-36478.json | 5 ++ 2023/37xxx/CVE-2023-37898.json | 81 ++++++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38359.json | 5 ++ 2023/38xxx/CVE-2023-38506.json | 76 ++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39410.json | 5 ++ 2023/39xxx/CVE-2023-39517.json | 86 ++++++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3817.json | 5 ++ 2023/43xxx/CVE-2023-43051.json | 5 ++ 2023/44xxx/CVE-2023-44487.json | 10 ++++ 2023/44xxx/CVE-2023-44981.json | 5 ++ 2023/45xxx/CVE-2023-45673.json | 81 ++++++++++++++++++++++++++++++-- 2023/45xxx/CVE-2023-45745.json | 5 ++ 2023/45xxx/CVE-2023-45857.json | 5 ++ 2023/47xxx/CVE-2023-47855.json | 5 ++ 2023/5xxx/CVE-2023-5072.json | 5 ++ 2024/25xxx/CVE-2024-25047.json | 5 ++ 2024/4xxx/CVE-2024-4577.json | 5 ++ 2024/4xxx/CVE-2024-4603.json | 5 ++ 87 files changed, 749 insertions(+), 37 deletions(-) diff --git a/2018/8xxx/CVE-2018-8032.json b/2018/8xxx/CVE-2018-8032.json index b0c3a6ca33f..67e2e15b3b5 100644 --- a/2018/8xxx/CVE-2018-8032.json +++ b/2018/8xxx/CVE-2018-8032.json @@ -122,6 +122,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2019/0xxx/CVE-2019-0227.json b/2019/0xxx/CVE-2019-0227.json index 8f831fd6ddd..80c77e94f48 100644 --- a/2019/0xxx/CVE-2019-0227.json +++ b/2019/0xxx/CVE-2019-0227.json @@ -103,6 +103,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index a197bb9bc8d..9f12d240090 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -242,6 +242,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2020/15xxx/CVE-2020-15366.json b/2020/15xxx/CVE-2020-15366.json index 44947ed891f..7fac0b1ce8d 100644 --- a/2020/15xxx/CVE-2020-15366.json +++ b/2020/15xxx/CVE-2020-15366.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/ajv-validator/ajv/releases/tag/v6.12.3", "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.12.3" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0007/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] } diff --git a/2020/1xxx/CVE-2020-1971.json b/2020/1xxx/CVE-2020-1971.json index 7739ae4b29b..3054d668365 100644 --- a/2020/1xxx/CVE-2020-1971.json +++ b/2020/1xxx/CVE-2020-1971.json @@ -194,6 +194,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2020/28xxx/CVE-2020-28458.json b/2020/28xxx/CVE-2020-28458.json index 8036faa0ae9..747f89be595 100644 --- a/2020/28xxx/CVE-2020-28458.json +++ b/2020/28xxx/CVE-2020-28458.json @@ -76,6 +76,11 @@ "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806", "name": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2021/23xxx/CVE-2021-23445.json b/2021/23xxx/CVE-2021-23445.json index 1c6ec10c947..65222ca88e3 100644 --- a/2021/23xxx/CVE-2021-23445.json +++ b/2021/23xxx/CVE-2021-23445.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230815 [SECURITY] [DLA 3529-1] datatables.js security update", "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2021/23xxx/CVE-2021-23839.json b/2021/23xxx/CVE-2021-23839.json index 4264eb5154a..442fb13a8de 100644 --- a/2021/23xxx/CVE-2021-23839.json +++ b/2021/23xxx/CVE-2021-23839.json @@ -111,6 +111,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/23xxx/CVE-2021-23840.json b/2021/23xxx/CVE-2021-23840.json index 927b749c418..258016a04e6 100644 --- a/2021/23xxx/CVE-2021-23840.json +++ b/2021/23xxx/CVE-2021-23840.json @@ -164,6 +164,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/23xxx/CVE-2021-23841.json b/2021/23xxx/CVE-2021-23841.json index 41778a0935b..96aab072729 100644 --- a/2021/23xxx/CVE-2021-23841.json +++ b/2021/23xxx/CVE-2021-23841.json @@ -174,6 +174,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/28xxx/CVE-2021-28167.json b/2021/28xxx/CVE-2021-28167.json index f0083a3ad3c..223b7b5ed6c 100644 --- a/2021/28xxx/CVE-2021-28167.json +++ b/2021/28xxx/CVE-2021-28167.json @@ -57,7 +57,12 @@ "name": "https://github.com/eclipse/openj9/issues/12016", "refsource": "CONFIRM", "url": "https://github.com/eclipse/openj9/issues/12016" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } -} +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28363.json b/2021/28xxx/CVE-2021-28363.json index 2c0d53399b9..545da7fae9f 100644 --- a/2021/28xxx/CVE-2021-28363.json +++ b/2021/28xxx/CVE-2021-28363.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-202305-02", "url": "https://security.gentoo.org/glsa/202305-02" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0007/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] } diff --git a/2021/31xxx/CVE-2021-31684.json b/2021/31xxx/CVE-2021-31684.json index 3cb57940519..e951846d969 100644 --- a/2021/31xxx/CVE-2021-31684.json +++ b/2021/31xxx/CVE-2021-31684.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230331 [SECURITY] [DLA 3373-1] json-smart security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35550.json b/2021/35xxx/CVE-2021-35550.json index 35a5381351f..24aa246e5c9 100644 --- a/2021/35xxx/CVE-2021-35550.json +++ b/2021/35xxx/CVE-2021-35550.json @@ -130,6 +130,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35556.json b/2021/35xxx/CVE-2021-35556.json index 17c7795e001..f1407546b7f 100644 --- a/2021/35xxx/CVE-2021-35556.json +++ b/2021/35xxx/CVE-2021-35556.json @@ -139,6 +139,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35559.json b/2021/35xxx/CVE-2021-35559.json index 7a1c8958cea..63ead72c606 100644 --- a/2021/35xxx/CVE-2021-35559.json +++ b/2021/35xxx/CVE-2021-35559.json @@ -139,6 +139,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35560.json b/2021/35xxx/CVE-2021-35560.json index 529913bbc1c..373ec7fa9d3 100644 --- a/2021/35xxx/CVE-2021-35560.json +++ b/2021/35xxx/CVE-2021-35560.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211022-0004/", "url": "https://security.netapp.com/advisory/ntap-20211022-0004/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35564.json b/2021/35xxx/CVE-2021-35564.json index 5e47214da54..278343016c8 100644 --- a/2021/35xxx/CVE-2021-35564.json +++ b/2021/35xxx/CVE-2021-35564.json @@ -139,6 +139,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35565.json b/2021/35xxx/CVE-2021-35565.json index 08ebd775b02..f58a1a8777a 100644 --- a/2021/35xxx/CVE-2021-35565.json +++ b/2021/35xxx/CVE-2021-35565.json @@ -130,6 +130,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35578.json b/2021/35xxx/CVE-2021-35578.json index 3b9010dfce5..3cea417643a 100644 --- a/2021/35xxx/CVE-2021-35578.json +++ b/2021/35xxx/CVE-2021-35578.json @@ -120,6 +120,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35586.json b/2021/35xxx/CVE-2021-35586.json index 83b7c95dd14..6611b194f52 100644 --- a/2021/35xxx/CVE-2021-35586.json +++ b/2021/35xxx/CVE-2021-35586.json @@ -124,6 +124,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35588.json b/2021/35xxx/CVE-2021-35588.json index 9aef5fab0b5..dc296c244df 100644 --- a/2021/35xxx/CVE-2021-35588.json +++ b/2021/35xxx/CVE-2021-35588.json @@ -106,6 +106,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/35xxx/CVE-2021-35603.json b/2021/35xxx/CVE-2021-35603.json index e636033f73f..143a3a04da8 100644 --- a/2021/35xxx/CVE-2021-35603.json +++ b/2021/35xxx/CVE-2021-35603.json @@ -124,6 +124,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-05", "url": "https://security.gentoo.org/glsa/202209-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/3xxx/CVE-2021-3449.json b/2021/3xxx/CVE-2021-3449.json index 96beab2fd94..4145cac58e5 100644 --- a/2021/3xxx/CVE-2021-3449.json +++ b/2021/3xxx/CVE-2021-3449.json @@ -206,6 +206,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/3xxx/CVE-2021-3572.json b/2021/3xxx/CVE-2021-3572.json index 79607a34a85..fa4518f07b3 100644 --- a/2021/3xxx/CVE-2021-3572.json +++ b/2021/3xxx/CVE-2021-3572.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2021/3xxx/CVE-2021-3711.json b/2021/3xxx/CVE-2021-3711.json index f1f024fa315..47ec0bc006f 100644 --- a/2021/3xxx/CVE-2021-3711.json +++ b/2021/3xxx/CVE-2021-3711.json @@ -146,6 +146,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-02", "url": "https://security.gentoo.org/glsa/202210-02" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/3xxx/CVE-2021-3712.json b/2021/3xxx/CVE-2021-3712.json index ea365bfc769..e97c341c118 100644 --- a/2021/3xxx/CVE-2021-3712.json +++ b/2021/3xxx/CVE-2021-3712.json @@ -169,6 +169,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-02", "url": "https://security.gentoo.org/glsa/202210-02" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/41xxx/CVE-2021-41035.json b/2021/41xxx/CVE-2021-41035.json index 0c284bb5440..6fee6012342 100644 --- a/2021/41xxx/CVE-2021-41035.json +++ b/2021/41xxx/CVE-2021-41035.json @@ -75,7 +75,12 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } -} +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43138.json b/2021/43xxx/CVE-2021-43138.json index 8b5c2d8dab6..3afa545e29c 100644 --- a/2021/43xxx/CVE-2021-43138.json +++ b/2021/43xxx/CVE-2021-43138.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-18fd476362", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/44xxx/CVE-2021-44906.json b/2021/44xxx/CVE-2021-44906.json index ae633618c19..582a28e93fe 100644 --- a/2021/44xxx/CVE-2021-44906.json +++ b/2021/44xxx/CVE-2021-44906.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://github.com/substack/minimist/issues/164", "url": "https://github.com/substack/minimist/issues/164" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2021/4xxx/CVE-2021-4160.json b/2021/4xxx/CVE-2021-4160.json index 38b539bed8e..b93f7138771 100644 --- a/2021/4xxx/CVE-2021-4160.json +++ b/2021/4xxx/CVE-2021-4160.json @@ -117,6 +117,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-02", "url": "https://security.gentoo.org/glsa/202210-02" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2022/0xxx/CVE-2022-0778.json b/2022/0xxx/CVE-2022-0778.json index aaefa71ab6a..c0181b26365 100644 --- a/2022/0xxx/CVE-2022-0778.json +++ b/2022/0xxx/CVE-2022-0778.json @@ -212,6 +212,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-02", "url": "https://security.gentoo.org/glsa/202210-02" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2022/1xxx/CVE-2022-1471.json b/2022/1xxx/CVE-2022-1471.json index 1168bff477e..eafd9f3565c 100644 --- a/2022/1xxx/CVE-2022-1471.json +++ b/2022/1xxx/CVE-2022-1471.json @@ -94,6 +94,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/11/19/1" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2022/21xxx/CVE-2022-21299.json b/2022/21xxx/CVE-2022-21299.json index a5bee42a66b..80e2347462e 100644 --- a/2022/21xxx/CVE-2022-21299.json +++ b/2022/21xxx/CVE-2022-21299.json @@ -102,6 +102,11 @@ "url": "https://security.gentoo.org/glsa/202209-05", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202209-05" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2022/21xxx/CVE-2022-21434.json b/2022/21xxx/CVE-2022-21434.json index 30574f73ddd..f93201d8a55 100644 --- a/2022/21xxx/CVE-2022-21434.json +++ b/2022/21xxx/CVE-2022-21434.json @@ -112,6 +112,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2022/21xxx/CVE-2022-21443.json b/2022/21xxx/CVE-2022-21443.json index 8ae9163f64e..d8ede8c8808 100644 --- a/2022/21xxx/CVE-2022-21443.json +++ b/2022/21xxx/CVE-2022-21443.json @@ -112,6 +112,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2022/21xxx/CVE-2022-21496.json b/2022/21xxx/CVE-2022-21496.json index f5283d9eacb..370930e56dd 100644 --- a/2022/21xxx/CVE-2022-21496.json +++ b/2022/21xxx/CVE-2022-21496.json @@ -112,6 +112,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2022/23xxx/CVE-2022-23539.json b/2022/23xxx/CVE-2022-23539.json index f9f0e1595b3..b82bf13d0d4 100644 --- a/2022/23xxx/CVE-2022-23539.json +++ b/2022/23xxx/CVE-2022-23539.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you\u2019ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions." + "value": "Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you\u2019ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions." } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "<= 8.5.1", - "version_affected": "=" + "version_affected": "=", + "version_value": "<= 8.5.1" } ] } @@ -54,15 +54,20 @@ }, "references": { "reference_data": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33" + }, { "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", "refsource": "MISC", "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" }, { - "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33", + "url": "https://security.netapp.com/advisory/ntap-20240621-0007/", "refsource": "MISC", - "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33" + "name": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] }, diff --git a/2022/23xxx/CVE-2022-23540.json b/2022/23xxx/CVE-2022-23540.json index 7dcb2e5e312..c647ee01d85 100644 --- a/2022/23xxx/CVE-2022-23540.json +++ b/2022/23xxx/CVE-2022-23540.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don\u2019t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options." + "value": "In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don\u2019t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.\n" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "<= 8.5.1", - "version_affected": "=" + "version_affected": "=", + "version_value": "<= 8.5.1" } ] } @@ -54,15 +54,20 @@ }, "references": { "reference_data": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6" + }, { "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", "refsource": "MISC", "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" }, { - "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", + "url": "https://security.netapp.com/advisory/ntap-20240621-0007/", "refsource": "MISC", - "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6" + "name": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] }, diff --git a/2022/23xxx/CVE-2022-23541.json b/2022/23xxx/CVE-2022-23541.json index e68ce6158c7..8bad5a77707 100644 --- a/2022/23xxx/CVE-2022-23541.json +++ b/2022/23xxx/CVE-2022-23541.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0." + "value": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0." } ] }, @@ -49,8 +49,8 @@ "version": { "version_data": [ { - "version_value": "<= 8.5.1", - "version_affected": "=" + "version_affected": "=", + "version_value": "<= 8.5.1" } ] } @@ -63,20 +63,25 @@ }, "references": { "reference_data": [ - { - "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", - "refsource": "MISC", - "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" - }, { "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959", "refsource": "MISC", "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959" }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" + }, { "url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", "refsource": "MISC", "name": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] }, diff --git a/2022/2xxx/CVE-2022-2097.json b/2022/2xxx/CVE-2022-2097.json index 4582b6d56fc..6c6ab436866 100644 --- a/2022/2xxx/CVE-2022-2097.json +++ b/2022/2xxx/CVE-2022-2097.json @@ -129,6 +129,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230420-0008/", "url": "https://security.netapp.com/advisory/ntap-20230420-0008/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2022/34xxx/CVE-2022-34169.json b/2022/34xxx/CVE-2022-34169.json index a7320bf5593..d0a608b5c33 100644 --- a/2022/34xxx/CVE-2022-34169.json +++ b/2022/34xxx/CVE-2022-34169.json @@ -168,6 +168,11 @@ "url": "https://security.gentoo.org/glsa/202401-25", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202401-25" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2022/34xxx/CVE-2022-34357.json b/2022/34xxx/CVE-2022-34357.json index 67ef9854e20..9112773ee09 100644 --- a/2022/34xxx/CVE-2022-34357.json +++ b/2022/34xxx/CVE-2022-34357.json @@ -68,6 +68,11 @@ "url": "https://security.netapp.com/advisory/ntap-20240405-0001/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20240405-0001/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2022/3xxx/CVE-2022-3080.json b/2022/3xxx/CVE-2022-3080.json index 4ae1ce51b73..3d55c6bd973 100644 --- a/2022/3xxx/CVE-2022-3080.json +++ b/2022/3xxx/CVE-2022-3080.json @@ -129,6 +129,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-25", "url": "https://security.gentoo.org/glsa/202210-25" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0002/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0002/" } ] }, diff --git a/2022/40xxx/CVE-2022-40897.json b/2022/40xxx/CVE-2022-40897.json index 42dfef10f88..90b302897fe 100644 --- a/2022/40xxx/CVE-2022-40897.json +++ b/2022/40xxx/CVE-2022-40897.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-60e2b22be0", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2022/41xxx/CVE-2022-41854.json b/2022/41xxx/CVE-2022-41854.json index 6317ffceac1..59c0df2cc14 100644 --- a/2022/41xxx/CVE-2022-41854.json +++ b/2022/41xxx/CVE-2022-41854.json @@ -98,6 +98,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20240315-0009/", "url": "https://security.netapp.com/advisory/ntap-20240315-0009/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2022/48xxx/CVE-2022-48285.json b/2022/48xxx/CVE-2022-48285.json index 3a61466d8b6..1d00448d650 100644 --- a/2022/48xxx/CVE-2022-48285.json +++ b/2022/48xxx/CVE-2022-48285.json @@ -71,6 +71,11 @@ "url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0", "refsource": "MISC", "name": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0005/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0005/" } ] } diff --git a/2023/0xxx/CVE-2023-0215.json b/2023/0xxx/CVE-2023-0215.json index a4e07d3d0a7..accc6b06a91 100644 --- a/2023/0xxx/CVE-2023-0215.json +++ b/2023/0xxx/CVE-2023-0215.json @@ -98,6 +98,11 @@ "url": "https://security.gentoo.org/glsa/202402-08", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202402-08" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/0xxx/CVE-2023-0464.json b/2023/0xxx/CVE-2023-0464.json index df0324b79b4..17a12b58d07 100644 --- a/2023/0xxx/CVE-2023-0464.json +++ b/2023/0xxx/CVE-2023-0464.json @@ -113,6 +113,11 @@ "url": "https://security.gentoo.org/glsa/202402-08", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202402-08" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/1xxx/CVE-2023-1370.json b/2023/1xxx/CVE-2023-1370.json index c2175d8f806..c2dddf7cadf 100644 --- a/2023/1xxx/CVE-2023-1370.json +++ b/2023/1xxx/CVE-2023-1370.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software." + "value": "[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.\n\nWhen reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively.\n\nIt was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.\n\n" } ] }, @@ -59,6 +59,11 @@ "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "refsource": "MISC", "name": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/21xxx/CVE-2023-21930.json b/2023/21xxx/CVE-2023-21930.json index 4fd3681172e..aa2fd749f9e 100644 --- a/2023/21xxx/CVE-2023-21930.json +++ b/2023/21xxx/CVE-2023-21930.json @@ -110,6 +110,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/21xxx/CVE-2023-21937.json b/2023/21xxx/CVE-2023-21937.json index ac08c872915..da5975271f2 100644 --- a/2023/21xxx/CVE-2023-21937.json +++ b/2023/21xxx/CVE-2023-21937.json @@ -110,6 +110,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/21xxx/CVE-2023-21938.json b/2023/21xxx/CVE-2023-21938.json index 58da5fc7e5e..2d14e2fa81b 100644 --- a/2023/21xxx/CVE-2023-21938.json +++ b/2023/21xxx/CVE-2023-21938.json @@ -110,6 +110,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/21xxx/CVE-2023-21939.json b/2023/21xxx/CVE-2023-21939.json index 6f48aeaa9bf..d94adfadc73 100644 --- a/2023/21xxx/CVE-2023-21939.json +++ b/2023/21xxx/CVE-2023-21939.json @@ -110,6 +110,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/21xxx/CVE-2023-21954.json b/2023/21xxx/CVE-2023-21954.json index 5d68285179c..8b2fa4647ea 100644 --- a/2023/21xxx/CVE-2023-21954.json +++ b/2023/21xxx/CVE-2023-21954.json @@ -106,6 +106,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/21xxx/CVE-2023-21967.json b/2023/21xxx/CVE-2023-21967.json index aa703901a9c..fddb7d14962 100644 --- a/2023/21xxx/CVE-2023-21967.json +++ b/2023/21xxx/CVE-2023-21967.json @@ -110,6 +110,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/21xxx/CVE-2023-21968.json b/2023/21xxx/CVE-2023-21968.json index 42884fd1cd1..e561b13a0ca 100644 --- a/2023/21xxx/CVE-2023-21968.json +++ b/2023/21xxx/CVE-2023-21968.json @@ -110,6 +110,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22049.json b/2023/22xxx/CVE-2023-22049.json index 87297cd04df..b4b0c4f2ac4 100644 --- a/2023/22xxx/CVE-2023-22049.json +++ b/2023/22xxx/CVE-2023-22049.json @@ -113,6 +113,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/26xxx/CVE-2023-26115.json b/2023/26xxx/CVE-2023-26115.json index d81f9c4d882..c4e33c6176c 100644 --- a/2023/26xxx/CVE-2023-26115.json +++ b/2023/26xxx/CVE-2023-26115.json @@ -86,6 +86,11 @@ "url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4", "refsource": "MISC", "name": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/26xxx/CVE-2023-26136.json b/2023/26xxx/CVE-2023-26136.json index 5ebcaa012b8..e115a96e7a8 100644 --- a/2023/26xxx/CVE-2023-26136.json +++ b/2023/26xxx/CVE-2023-26136.json @@ -89,6 +89,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/2xxx/CVE-2023-2597.json b/2023/2xxx/CVE-2023-2597.json index 5709cb48001..9b665a113de 100644 --- a/2023/2xxx/CVE-2023-2597.json +++ b/2023/2xxx/CVE-2023-2597.json @@ -64,6 +64,11 @@ "name": "https://github.com/eclipse-openj9/openj9/pull/17259", "refsource": "CONFIRM", "url": "https://github.com/eclipse-openj9/openj9/pull/17259" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2023/30xxx/CVE-2023-30588.json b/2023/30xxx/CVE-2023-30588.json index 3edb50ec9e0..7b804e78a86 100644 --- a/2023/30xxx/CVE-2023-30588.json +++ b/2023/30xxx/CVE-2023-30588.json @@ -68,6 +68,11 @@ "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "refsource": "MISC", "name": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2023/30xxx/CVE-2023-30589.json b/2023/30xxx/CVE-2023-30589.json index 11028f7ccb4..1d8a202d7a8 100644 --- a/2023/30xxx/CVE-2023-30589.json +++ b/2023/30xxx/CVE-2023-30589.json @@ -103,6 +103,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } diff --git a/2023/30xxx/CVE-2023-30996.json b/2023/30xxx/CVE-2023-30996.json index e07a7ab6f27..ffd16dc2b0e 100644 --- a/2023/30xxx/CVE-2023-30996.json +++ b/2023/30xxx/CVE-2023-30996.json @@ -68,6 +68,11 @@ "url": "https://security.netapp.com/advisory/ntap-20240405-0004/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20240405-0004/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/31xxx/CVE-2023-31484.json b/2023/31xxx/CVE-2023-31484.json index a26b963d542..6bbf6b3c1bf 100644 --- a/2023/31xxx/CVE-2023-31484.json +++ b/2023/31xxx/CVE-2023-31484.json @@ -101,6 +101,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-46924e402a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20240621-0007/", + "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] } diff --git a/2023/32xxx/CVE-2023-32344.json b/2023/32xxx/CVE-2023-32344.json index f5efa686618..8dd83a476fb 100644 --- a/2023/32xxx/CVE-2023-32344.json +++ b/2023/32xxx/CVE-2023-32344.json @@ -68,6 +68,11 @@ "url": "https://security.netapp.com/advisory/ntap-20240405-0002/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20240405-0002/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/34xxx/CVE-2023-34462.json b/2023/34xxx/CVE-2023-34462.json index 896364ab52d..a9554af2ce2 100644 --- a/2023/34xxx/CVE-2023-34462.json +++ b/2023/34xxx/CVE-2023-34462.json @@ -73,6 +73,11 @@ "url": "https://www.debian.org/security/2023/dsa-5558", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5558" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0007/" } ] }, diff --git a/2023/35xxx/CVE-2023-35009.json b/2023/35xxx/CVE-2023-35009.json index 5c12cbaa141..32faf1a3204 100644 --- a/2023/35xxx/CVE-2023-35009.json +++ b/2023/35xxx/CVE-2023-35009.json @@ -68,6 +68,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230831-0014/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230831-0014/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0005/" } ] }, diff --git a/2023/35xxx/CVE-2023-35011.json b/2023/35xxx/CVE-2023-35011.json index 36d31a0e0fb..0f0172ecfda 100644 --- a/2023/35xxx/CVE-2023-35011.json +++ b/2023/35xxx/CVE-2023-35011.json @@ -68,6 +68,11 @@ "url": "https://security.netapp.com/advisory/ntap-20230921-0005/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20230921-0005/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0005/" } ] }, diff --git a/2023/36xxx/CVE-2023-36478.json b/2023/36xxx/CVE-2023-36478.json index 65785d8e874..002255b1403 100644 --- a/2023/36xxx/CVE-2023-36478.json +++ b/2023/36xxx/CVE-2023-36478.json @@ -115,6 +115,11 @@ "url": "https://security.netapp.com/advisory/ntap-20231116-0011/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20231116-0011/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20240621-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] }, diff --git a/2023/37xxx/CVE-2023-37898.json b/2023/37xxx/CVE-2023-37898.json index 4f43870239a..b64b0a749d3 100644 --- a/2023/37xxx/CVE-2023-37898.json +++ b/2023/37xxx/CVE-2023-37898.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. `packages/renderer/MarkupToHtml.ts` renders note content in safe mode by surrounding it with 
 and
, without escaping any interior HTML tags. Thus, an attacker can create a note that closes the opening 
 tag, then includes HTML that runs JavaScript. Because the rendered markdown iframe has the same origin as the toplevel document and is not sandboxed, any scripts running in the preview iframe can access the top variable and, thus, access the toplevel NodeJS `require` function. `require` can then be used to import modules like fs or child_process and run arbitrary commands. This issue has been addressed in version 2.12.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "laurent22",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "joplin",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "< 2.12.9"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8",
+                "refsource": "MISC",
+                "name": "https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8"
+            },
+            {
+                "url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
+                "refsource": "MISC",
+                "name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-hjmq-3qh4-g2r8",
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "LOW",
+                "baseScore": 8.2,
+                "baseSeverity": "HIGH",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "LOW",
+                "privilegesRequired": "LOW",
+                "scope": "CHANGED",
+                "userInteraction": "REQUIRED",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
+                "version": "3.1"
             }
         ]
     }
diff --git a/2023/38xxx/CVE-2023-38359.json b/2023/38xxx/CVE-2023-38359.json
index 0a0dec4da35..f37aac52864 100644
--- a/2023/38xxx/CVE-2023-38359.json
+++ b/2023/38xxx/CVE-2023-38359.json
@@ -68,6 +68,11 @@
                 "url": "https://security.netapp.com/advisory/ntap-20240405-0003/",
                 "refsource": "MISC",
                 "name": "https://security.netapp.com/advisory/ntap-20240405-0003/"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
             }
         ]
     },
diff --git a/2023/38xxx/CVE-2023-38506.json b/2023/38xxx/CVE-2023-38506.json
index f5e96ef8b02..8a6b24ca58e 100644
--- a/2023/38xxx/CVE-2023-38506.json
+++ b/2023/38xxx/CVE-2023-38506.json
@@ -1,17 +1,85 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2023-38506",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security-advisories@github.com",
+        "STATE": "PUBLIC"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "laurent22",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "joplin",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "< 2.12.10"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399",
+                "refsource": "MISC",
+                "name": "https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-m59c-9rrj-c399",
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "LOW",
+                "baseScore": 8.2,
+                "baseSeverity": "HIGH",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "LOW",
+                "privilegesRequired": "LOW",
+                "scope": "CHANGED",
+                "userInteraction": "REQUIRED",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
+                "version": "3.1"
             }
         ]
     }
diff --git a/2023/39xxx/CVE-2023-39410.json b/2023/39xxx/CVE-2023-39410.json
index 5ace9083245..45007e64563 100644
--- a/2023/39xxx/CVE-2023-39410.json
+++ b/2023/39xxx/CVE-2023-39410.json
@@ -64,6 +64,11 @@
                 "url": "https://www.openwall.com/lists/oss-security/2023/09/29/6",
                 "refsource": "MISC",
                 "name": "https://www.openwall.com/lists/oss-security/2023/09/29/6"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
             }
         ]
     },
diff --git a/2023/39xxx/CVE-2023-39517.json b/2023/39xxx/CVE-2023-39517.json
index 0454c78735d..e71db3286d1 100644
--- a/2023/39xxx/CVE-2023-39517.json
+++ b/2023/39xxx/CVE-2023-39517.json
@@ -1,17 +1,95 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2023-39517",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security-advisories@github.com",
+        "STATE": "PUBLIC"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `` `` links. However, unlike `` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "laurent22",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "joplin",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "< 2.12.8"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m",
+                "refsource": "MISC",
+                "name": "https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m"
+            },
+            {
+                "url": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f",
+                "refsource": "MISC",
+                "name": "https://github.com/laurent22/joplin/commit/7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f"
+            },
+            {
+                "url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
+                "refsource": "MISC",
+                "name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-2h88-m32f-qh5m",
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "LOW",
+                "baseScore": 8.2,
+                "baseSeverity": "HIGH",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "LOW",
+                "privilegesRequired": "LOW",
+                "scope": "CHANGED",
+                "userInteraction": "REQUIRED",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
+                "version": "3.1"
             }
         ]
     }
diff --git a/2023/3xxx/CVE-2023-3817.json b/2023/3xxx/CVE-2023-3817.json
index 5564236f068..39508e6651f 100644
--- a/2023/3xxx/CVE-2023-3817.json
+++ b/2023/3xxx/CVE-2023-3817.json
@@ -138,6 +138,11 @@
                 "url": "https://security.gentoo.org/glsa/202402-08",
                 "refsource": "MISC",
                 "name": "https://security.gentoo.org/glsa/202402-08"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
             }
         ]
     },
diff --git a/2023/43xxx/CVE-2023-43051.json b/2023/43xxx/CVE-2023-43051.json
index 7f0441e8856..d058705a8b6 100644
--- a/2023/43xxx/CVE-2023-43051.json
+++ b/2023/43xxx/CVE-2023-43051.json
@@ -68,6 +68,11 @@
                 "url": "https://security.netapp.com/advisory/ntap-20240322-0008/",
                 "refsource": "MISC",
                 "name": "https://security.netapp.com/advisory/ntap-20240322-0008/"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0006/"
             }
         ]
     },
diff --git a/2023/44xxx/CVE-2023-44487.json b/2023/44xxx/CVE-2023-44487.json
index 2f0d1576656..85bf4da34e2 100644
--- a/2023/44xxx/CVE-2023-44487.json
+++ b/2023/44xxx/CVE-2023-44487.json
@@ -741,6 +741,16 @@
                 "refsource": "CONFIRM",
                 "name": "https://security.netapp.com/advisory/ntap-20240426-0007/",
                 "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0007/",
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
             }
         ]
     }
diff --git a/2023/44xxx/CVE-2023-44981.json b/2023/44xxx/CVE-2023-44981.json
index ad1c86f9f57..0c56e0feaff 100644
--- a/2023/44xxx/CVE-2023-44981.json
+++ b/2023/44xxx/CVE-2023-44981.json
@@ -89,6 +89,11 @@
                 "url": "https://www.debian.org/security/2023/dsa-5544",
                 "refsource": "MISC",
                 "name": "https://www.debian.org/security/2023/dsa-5544"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
             }
         ]
     },
diff --git a/2023/45xxx/CVE-2023-45673.json b/2023/45xxx/CVE-2023-45673.json
index 360c53ba4d6..fa5ca6ffa9d 100644
--- a/2023/45xxx/CVE-2023-45673.json
+++ b/2023/45xxx/CVE-2023-45673.json
@@ -1,17 +1,90 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2023-45673",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security-advisories@github.com",
+        "STATE": "PUBLIC"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
+                        "cweId": "CWE-94"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "laurent22",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "joplin",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "< 2.13.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59",
+                "refsource": "MISC",
+                "name": "https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59"
+            },
+            {
+                "url": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox",
+                "refsource": "MISC",
+                "name": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-g8qx-5vcm-3x59",
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "LOW",
+                "baseScore": 8.9,
+                "baseSeverity": "HIGH",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "HIGH",
+                "privilegesRequired": "LOW",
+                "scope": "CHANGED",
+                "userInteraction": "REQUIRED",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
+                "version": "3.1"
             }
         ]
     }
diff --git a/2023/45xxx/CVE-2023-45745.json b/2023/45xxx/CVE-2023-45745.json
index 3fa302e4312..af3f2c1eb8c 100644
--- a/2023/45xxx/CVE-2023-45745.json
+++ b/2023/45xxx/CVE-2023-45745.json
@@ -62,6 +62,11 @@
                 "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
                 "refsource": "MISC",
                 "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0003/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0003/"
             }
         ]
     },
diff --git a/2023/45xxx/CVE-2023-45857.json b/2023/45xxx/CVE-2023-45857.json
index 6d0eed5e112..fe0c1f795ff 100644
--- a/2023/45xxx/CVE-2023-45857.json
+++ b/2023/45xxx/CVE-2023-45857.json
@@ -56,6 +56,11 @@
                 "refsource": "MISC",
                 "name": "https://github.com/axios/axios/issues/6006",
                 "url": "https://github.com/axios/axios/issues/6006"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0006/",
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
             }
         ]
     }
diff --git a/2023/47xxx/CVE-2023-47855.json b/2023/47xxx/CVE-2023-47855.json
index ef31e43d101..b8863f4eb41 100644
--- a/2023/47xxx/CVE-2023-47855.json
+++ b/2023/47xxx/CVE-2023-47855.json
@@ -62,6 +62,11 @@
                 "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
                 "refsource": "MISC",
                 "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0003/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0003/"
             }
         ]
     },
diff --git a/2023/5xxx/CVE-2023-5072.json b/2023/5xxx/CVE-2023-5072.json
index 2b6be8ffbdc..cdd71ad69ec 100644
--- a/2023/5xxx/CVE-2023-5072.json
+++ b/2023/5xxx/CVE-2023-5072.json
@@ -69,6 +69,11 @@
                 "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4",
                 "refsource": "MISC",
                 "name": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
             }
         ]
     },
diff --git a/2024/25xxx/CVE-2024-25047.json b/2024/25xxx/CVE-2024-25047.json
index 8b318405ad6..97cf9818513 100644
--- a/2024/25xxx/CVE-2024-25047.json
+++ b/2024/25xxx/CVE-2024-25047.json
@@ -63,6 +63,11 @@
                 "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956",
                 "refsource": "MISC",
                 "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0007/"
             }
         ]
     },
diff --git a/2024/4xxx/CVE-2024-4577.json b/2024/4xxx/CVE-2024-4577.json
index 3d4b40002e9..c21394b26e5 100644
--- a/2024/4xxx/CVE-2024-4577.json
+++ b/2024/4xxx/CVE-2024-4577.json
@@ -165,6 +165,11 @@
                 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/",
                 "refsource": "MISC",
                 "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0008/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0008/"
             }
         ]
     },
diff --git a/2024/4xxx/CVE-2024-4603.json b/2024/4xxx/CVE-2024-4603.json
index 172a6c41daf..1ef9825a11f 100644
--- a/2024/4xxx/CVE-2024-4603.json
+++ b/2024/4xxx/CVE-2024-4603.json
@@ -98,6 +98,11 @@
                 "url": "http://www.openwall.com/lists/oss-security/2024/05/16/2",
                 "refsource": "MISC",
                 "name": "http://www.openwall.com/lists/oss-security/2024/05/16/2"
+            },
+            {
+                "url": "https://security.netapp.com/advisory/ntap-20240621-0001/",
+                "refsource": "MISC",
+                "name": "https://security.netapp.com/advisory/ntap-20240621-0001/"
             }
         ]
     },