diff --git a/2023/34xxx/CVE-2023-34053.json b/2023/34xxx/CVE-2023-34053.json index d4133c95a5e..a96b7a196e6 100644 --- a/2023/34xxx/CVE-2023-34053.json +++ b/2023/34xxx/CVE-2023-34053.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC or Spring WebFlux\n * io.micrometer:micrometer-core\u00a0is on the classpath\n * an ObservationRegistry is configured in the application to record observations\n\n\nTypically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator\u00a0dependency to meet all conditions.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spring", + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://spring.io/security/cve-2023-34053", + "refsource": "MISC", + "name": "https://spring.io/security/cve-2023-34053" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34054.json b/2023/34xxx/CVE-2023-34054.json index 6c43641dd41..c4e72dbbdde 100644 --- a/2023/34xxx/CVE-2023-34054.json +++ b/2023/34xxx/CVE-2023-34054.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nIn Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spring", + "product": { + "product_data": [ + { + "product_name": "Reactor Netty", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.1.0", + "version_value": "1.1.13" + }, + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.0.39" + }, + { + "version_affected": "=", + "version_value": "older unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://spring.io/security/cve-2023-34054", + "refsource": "MISC", + "name": "https://spring.io/security/cve-2023-34054" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34055.json b/2023/34xxx/CVE-2023-34055.json index c960909e27f..e1e1a97c101 100644 --- a/2023/34xxx/CVE-2023-34055.json +++ b/2023/34xxx/CVE-2023-34055.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * the application uses Spring MVC or Spring WebFlux\n * org.springframework.boot:spring-boot-actuator\u00a0is on the classpath\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spring", + "product": { + "product_data": [ + { + "product_name": "Spring Boot", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.7.0", + "version_value": "2.7.18" + }, + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.0.13" + }, + { + "version_affected": "<", + "version_name": "3.1.0", + "version_value": "3.1.6" + }, + { + "version_affected": "=", + "version_value": "older unsupported versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://spring.io/security/cve-2023-34055", + "refsource": "MISC", + "name": "https://spring.io/security/cve-2023-34055" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3550.json b/2023/3xxx/CVE-2023-3550.json index 5b80db3ea7b..e1bdcd0663e 100644 --- a/2023/3xxx/CVE-2023-3550.json +++ b/2023/3xxx/CVE-2023-3550.json @@ -68,6 +68,11 @@ "url": "https://www.debian.org/security/2023/dsa-5520", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5520" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" } ] }, diff --git a/2023/42xxx/CVE-2023-42004.json b/2023/42xxx/CVE-2023-42004.json index 31b722d1ed3..197b20b399e 100644 --- a/2023/42xxx/CVE-2023-42004.json +++ b/2023/42xxx/CVE-2023-42004.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", + "cweId": "CWE-1236" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3, 11.4, 11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7069241", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7069241" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265262", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265262" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45362.json b/2023/45xxx/CVE-2023-45362.json index 50f75ef85ee..404eaaf5ebe 100644 --- a/2023/45xxx/CVE-2023-45362.json +++ b/2023/45xxx/CVE-2023-45362.json @@ -56,6 +56,11 @@ "url": "https://phabricator.wikimedia.org/T341529", "refsource": "MISC", "name": "https://phabricator.wikimedia.org/T341529" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231128 [SECURITY] [DLA 3671-1] mediawiki security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" } ] } diff --git a/2023/45xxx/CVE-2023-45363.json b/2023/45xxx/CVE-2023-45363.json index b2aa0fe5a50..7b73b1aef86 100644 --- a/2023/45xxx/CVE-2023-45363.json +++ b/2023/45xxx/CVE-2023-45363.json @@ -61,6 +61,11 @@ "refsource": "DEBIAN", "name": "DSA-5520", "url": "https://www.debian.org/security/2023/dsa-5520" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20231128 [SECURITY] [DLA 3671-1] mediawiki security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html" } ] } diff --git a/2023/46xxx/CVE-2023-46595.json b/2023/46xxx/CVE-2023-46595.json index 158cee12419..314a04d7c4a 100644 --- a/2023/46xxx/CVE-2023-46595.json +++ b/2023/46xxx/CVE-2023-46595.json @@ -55,9 +55,9 @@ "references": { "reference_data": [ { - "url": "https://cwe.mitre.org/data/definitions/79.html", + "url": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm", "refsource": "MISC", - "name": "https://cwe.mitre.org/data/definitions/79.html" + "name": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm" } ] }, diff --git a/2023/48xxx/CVE-2023-48042.json b/2023/48xxx/CVE-2023-48042.json index 7910561b9a0..9b2a89ab72f 100644 --- a/2023/48xxx/CVE-2023-48042.json +++ b/2023/48xxx/CVE-2023-48042.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48042", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48042", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html", + "refsource": "MISC", + "name": "https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e", + "url": "https://medium.com/@nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e" } ] } diff --git a/2023/49xxx/CVE-2023-49621.json b/2023/49xxx/CVE-2023-49621.json new file mode 100644 index 00000000000..e181e8bc51e --- /dev/null +++ b/2023/49xxx/CVE-2023-49621.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-49621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4667.json b/2023/4xxx/CVE-2023-4667.json index 2a60c895aa7..b8fc496fa53 100644 --- a/2023/4xxx/CVE-2023-4667.json +++ b/2023/4xxx/CVE-2023-4667.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@idemia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nThe web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface.\u00a0\n\n\n\nThe root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware.\n\nThis could lead to\u00a0\u00a0unauthorized access and data leakage\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IDEMIA", + "product": { + "product_data": [ + { + "product_name": "SIGMA Lite & Lite +", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "SIGMA Wide", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "SIGMA Extreme", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "MorphoWave Compact/XP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "VisionPass", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "MorphoWave SP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.idemia.com/vulnerability-information", + "refsource": "MISC", + "name": "https://www.idemia.com/vulnerability-information" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5981.json b/2023/5xxx/CVE-2023-5981.json index c40e16fd30c..8436791e979 100644 --- a/2023/5xxx/CVE-2023-5981.json +++ b/2023/5xxx/CVE-2023-5981.json @@ -168,11 +168,6 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2248445" - }, - { - "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23", - "refsource": "MISC", - "name": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23" } ] }, diff --git a/2023/6xxx/CVE-2023-6150.json b/2023/6xxx/CVE-2023-6150.json index a3690c18704..a5bc2e0f03e 100644 --- a/2023/6xxx/CVE-2023-6150.json +++ b/2023/6xxx/CVE-2023-6150.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ESKOM Computer", + "product": { + "product_data": [ + { + "product_name": "e-municipality module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "v.105" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0664", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0664" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0664", + "defect": [ + "TR-23-0664" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Mustafa An\u0131l YILDIRIM" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6151.json b/2023/6xxx/CVE-2023-6151.json index 68d6c5fc142..3628f6154fa 100644 --- a/2023/6xxx/CVE-2023-6151.json +++ b/2023/6xxx/CVE-2023-6151.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ESKOM Computer", + "product": { + "product_data": [ + { + "product_name": "e-municipality module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "v.105" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0664", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0664" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0664", + "defect": [ + "TR-23-0664" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Mustafa An\u0131l YILDIRIM" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6201.json b/2023/6xxx/CVE-2023-6201.json index 521c9c547a6..b9335e0907e 100644 --- a/2023/6xxx/CVE-2023-6201.json +++ b/2023/6xxx/CVE-2023-6201.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Univera Computer System ", + "product": { + "product_data": [ + { + "product_name": "Panorama", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0665", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0665" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0665", + "defect": [ + "TR-23-0665" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Said Tun\u00e7" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6358.json b/2023/6xxx/CVE-2023-6358.json new file mode 100644 index 00000000000..28c6874167c --- /dev/null +++ b/2023/6xxx/CVE-2023-6358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6359.json b/2023/6xxx/CVE-2023-6359.json new file mode 100644 index 00000000000..ddbd0fdb668 --- /dev/null +++ b/2023/6xxx/CVE-2023-6359.json @@ -0,0 +1,107 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-6359", + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the 'localidad' field on the /users/editmy page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Grupo Alumne", + "product": { + "product_data": [ + { + "product_name": "Alumne LMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0.1.08" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-alumne-lms", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-alumne-lms" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerability has been fixed in Alumne LMS version 4.0.0.1.44." + } + ], + "value": "The vulnerability has been fixed in Alumne LMS version 4.0.0.1.44." + } + ], + "credits": [ + { + "lang": "en", + "value": "Ignacio Lis Malag\u00f3n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6360.json b/2023/6xxx/CVE-2023-6360.json new file mode 100644 index 00000000000..742da3df9e0 --- /dev/null +++ b/2023/6xxx/CVE-2023-6360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6361.json b/2023/6xxx/CVE-2023-6361.json new file mode 100644 index 00000000000..300772e359a --- /dev/null +++ b/2023/6xxx/CVE-2023-6361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6362.json b/2023/6xxx/CVE-2023-6362.json new file mode 100644 index 00000000000..0477219ebc1 --- /dev/null +++ b/2023/6xxx/CVE-2023-6362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file