From f8637a57e99dd3eece57cf2e9467f4e12ba960f0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 Nov 2023 16:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/48xxx/CVE-2022-48554.json | 5 ++ 2023/26xxx/CVE-2023-26368.json | 103 +++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2680.json | 5 ++ 2023/30xxx/CVE-2023-30987.json | 5 ++ 2023/30xxx/CVE-2023-30991.json | 5 ++ 2023/31xxx/CVE-2023-31419.json | 5 ++ 2023/34xxx/CVE-2023-34060.json | 17 +++++- 2023/36xxx/CVE-2023-36478.json | 5 ++ 2023/38xxx/CVE-2023-38552.json | 5 ++ 2023/38xxx/CVE-2023-38719.json | 5 ++ 2023/38xxx/CVE-2023-38720.json | 5 ++ 2023/38xxx/CVE-2023-38728.json | 5 ++ 2023/38xxx/CVE-2023-38740.json | 5 ++ 2023/39xxx/CVE-2023-39331.json | 5 ++ 2023/39xxx/CVE-2023-39332.json | 5 ++ 2023/40xxx/CVE-2023-40372.json | 5 ++ 2023/40xxx/CVE-2023-40373.json | 5 ++ 2023/40xxx/CVE-2023-40374.json | 5 ++ 2023/44xxx/CVE-2023-44466.json | 5 ++ 2023/45xxx/CVE-2023-45145.json | 5 ++ 2023/45xxx/CVE-2023-45862.json | 5 ++ 2023/47xxx/CVE-2023-47046.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47047.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47048.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47049.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47050.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47051.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47052.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47053.json | 103 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47054.json | 103 +++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4527.json | 5 ++ 2023/6xxx/CVE-2023-6177.json | 18 ++++++ 32 files changed, 1124 insertions(+), 41 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6177.json diff --git a/2022/48xxx/CVE-2022-48554.json b/2022/48xxx/CVE-2022-48554.json index 8c8309f4f3b..a64e9cb9963 100644 --- a/2022/48xxx/CVE-2022-48554.json +++ b/2022/48xxx/CVE-2022-48554.json @@ -61,6 +61,11 @@ "refsource": "DEBIAN", "name": "DSA-5489", "url": "https://www.debian.org/security/2023/dsa-5489" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20231116-0002/", + "url": "https://security.netapp.com/advisory/ntap-20231116-0002/" } ] } diff --git a/2023/26xxx/CVE-2023-26368.json b/2023/26xxx/CVE-2023-26368.json index 9bf77872046..431064c8cb8 100644 --- a/2023/26xxx/CVE-2023-26368.json +++ b/2023/26xxx/CVE-2023-26368.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26368", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "InCopy", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "17.4.2", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/incopy/apsb23-60.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/incopy/apsb23-60.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2680.json b/2023/2xxx/CVE-2023-2680.json index fe45876bad5..472dff23f19 100644 --- a/2023/2xxx/CVE-2023-2680.json +++ b/2023/2xxx/CVE-2023-2680.json @@ -189,6 +189,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0001/" } ] }, diff --git a/2023/30xxx/CVE-2023-30987.json b/2023/30xxx/CVE-2023-30987.json index 58ced13225d..9b65828bc7e 100644 --- a/2023/30xxx/CVE-2023-30987.json +++ b/2023/30xxx/CVE-2023-30987.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0006/" } ] }, diff --git a/2023/30xxx/CVE-2023-30991.json b/2023/30xxx/CVE-2023-30991.json index b12d9459ae0..e9a3f32e194 100644 --- a/2023/30xxx/CVE-2023-30991.json +++ b/2023/30xxx/CVE-2023-30991.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0005/" } ] }, diff --git a/2023/31xxx/CVE-2023-31419.json b/2023/31xxx/CVE-2023-31419.json index c5f8da9e076..ede65b5aa21 100644 --- a/2023/31xxx/CVE-2023-31419.json +++ b/2023/31xxx/CVE-2023-31419.json @@ -69,6 +69,11 @@ "url": "https://www.elastic.co/community/security", "refsource": "MISC", "name": "https://www.elastic.co/community/security" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0010/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0010/" } ] }, diff --git a/2023/34xxx/CVE-2023-34060.json b/2023/34xxx/CVE-2023-34060.json index ff5a7120961..9ccb0a7b7ed 100644 --- a/2023/34xxx/CVE-2023-34060.json +++ b/2023/34xxx/CVE-2023-34060.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from\nan older version.\u00a0On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login\nrestrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider\nand tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present." + "value": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from\nan older version.\u00a0On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login\nrestrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider\nand tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\u00a0VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5)." } ] }, @@ -57,6 +57,21 @@ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html", "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html" + }, + { + "url": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143", + "refsource": "MISC", + "name": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143" + }, + { + "url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512", + "refsource": "MISC", + "name": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512" + }, + { + "url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687", + "refsource": "MISC", + "name": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687" } ] }, diff --git a/2023/36xxx/CVE-2023-36478.json b/2023/36xxx/CVE-2023-36478.json index 154f3b7dd64..65785d8e874 100644 --- a/2023/36xxx/CVE-2023-36478.json +++ b/2023/36xxx/CVE-2023-36478.json @@ -110,6 +110,11 @@ "url": "https://www.debian.org/security/2023/dsa-5540", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5540" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0011/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0011/" } ] }, diff --git a/2023/38xxx/CVE-2023-38552.json b/2023/38xxx/CVE-2023-38552.json index f3172d7ca38..d8ad264fd72 100644 --- a/2023/38xxx/CVE-2023-38552.json +++ b/2023/38xxx/CVE-2023-38552.json @@ -93,6 +93,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0013/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0013/" } ] } diff --git a/2023/38xxx/CVE-2023-38719.json b/2023/38xxx/CVE-2023-38719.json index 299f3a3314a..4a50d6e5703 100644 --- a/2023/38xxx/CVE-2023-38719.json +++ b/2023/38xxx/CVE-2023-38719.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0008/" } ] }, diff --git a/2023/38xxx/CVE-2023-38720.json b/2023/38xxx/CVE-2023-38720.json index 6e1f8dd5a79..de433d0017a 100644 --- a/2023/38xxx/CVE-2023-38720.json +++ b/2023/38xxx/CVE-2023-38720.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0005/" } ] }, diff --git a/2023/38xxx/CVE-2023-38728.json b/2023/38xxx/CVE-2023-38728.json index 56e96f3f138..d521f08eb0e 100644 --- a/2023/38xxx/CVE-2023-38728.json +++ b/2023/38xxx/CVE-2023-38728.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0006/" } ] }, diff --git a/2023/38xxx/CVE-2023-38740.json b/2023/38xxx/CVE-2023-38740.json index 0332df1e9c0..cd11b6c1f9a 100644 --- a/2023/38xxx/CVE-2023-38740.json +++ b/2023/38xxx/CVE-2023-38740.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0007/" } ] }, diff --git a/2023/39xxx/CVE-2023-39331.json b/2023/39xxx/CVE-2023-39331.json index 8ec234dd813..f5830c2740d 100644 --- a/2023/39xxx/CVE-2023-39331.json +++ b/2023/39xxx/CVE-2023-39331.json @@ -72,6 +72,11 @@ "url": "https://hackerone.com/reports/2092852", "refsource": "MISC", "name": "https://hackerone.com/reports/2092852" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0009/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0009/" } ] }, diff --git a/2023/39xxx/CVE-2023-39332.json b/2023/39xxx/CVE-2023-39332.json index 0f148e47d1b..3211fd45ec6 100644 --- a/2023/39xxx/CVE-2023-39332.json +++ b/2023/39xxx/CVE-2023-39332.json @@ -77,6 +77,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0009/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0009/" } ] } diff --git a/2023/40xxx/CVE-2023-40372.json b/2023/40xxx/CVE-2023-40372.json index 4aba9a64391..90523b2638d 100644 --- a/2023/40xxx/CVE-2023-40372.json +++ b/2023/40xxx/CVE-2023-40372.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0007/" } ] }, diff --git a/2023/40xxx/CVE-2023-40373.json b/2023/40xxx/CVE-2023-40373.json index 6b51613849f..7c45d20db23 100644 --- a/2023/40xxx/CVE-2023-40373.json +++ b/2023/40xxx/CVE-2023-40373.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0006/" } ] }, diff --git a/2023/40xxx/CVE-2023-40374.json b/2023/40xxx/CVE-2023-40374.json index c08fafd9a4a..d5906dd3dcb 100644 --- a/2023/40xxx/CVE-2023-40374.json +++ b/2023/40xxx/CVE-2023-40374.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0007/" } ] }, diff --git a/2023/44xxx/CVE-2023-44466.json b/2023/44xxx/CVE-2023-44466.json index 0cef6a5c455..809ec26c061 100644 --- a/2023/44xxx/CVE-2023-44466.json +++ b/2023/44xxx/CVE-2023-44466.json @@ -71,6 +71,11 @@ "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97", "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20231116-0003/", + "url": "https://security.netapp.com/advisory/ntap-20231116-0003/" } ] } diff --git a/2023/45xxx/CVE-2023-45145.json b/2023/45xxx/CVE-2023-45145.json index 4203f4c4538..667159fcc43 100644 --- a/2023/45xxx/CVE-2023-45145.json +++ b/2023/45xxx/CVE-2023-45145.json @@ -91,6 +91,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0014/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0014/" } ] }, diff --git a/2023/45xxx/CVE-2023-45862.json b/2023/45xxx/CVE-2023-45862.json index 87ff8dd0b3c..f9a6c926b78 100644 --- a/2023/45xxx/CVE-2023-45862.json +++ b/2023/45xxx/CVE-2023-45862.json @@ -61,6 +61,11 @@ "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.5", "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.5" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20231116-0004/", + "url": "https://security.netapp.com/advisory/ntap-20231116-0004/" } ] } diff --git a/2023/47xxx/CVE-2023-47046.json b/2023/47xxx/CVE-2023-47046.json index 42ed2e3faae..c078f8c9a67 100644 --- a/2023/47xxx/CVE-2023-47046.json +++ b/2023/47xxx/CVE-2023-47046.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "NONE", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47047.json b/2023/47xxx/CVE-2023-47047.json index 91a668df8c1..543c1a73814 100644 --- a/2023/47xxx/CVE-2023-47047.json +++ b/2023/47xxx/CVE-2023-47047.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Uninitialized Pointer (CWE-824)", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "NONE", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47048.json b/2023/47xxx/CVE-2023-47048.json index 8da8326b4a8..ce032e6f189 100644 --- a/2023/47xxx/CVE-2023-47048.json +++ b/2023/47xxx/CVE-2023-47048.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "NONE", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47049.json b/2023/47xxx/CVE-2023-47049.json index 56d9d2975a2..5b44854d913 100644 --- a/2023/47xxx/CVE-2023-47049.json +++ b/2023/47xxx/CVE-2023-47049.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "NONE", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47050.json b/2023/47xxx/CVE-2023-47050.json index 25f20fe35f9..5478e67e5c9 100644 --- a/2023/47xxx/CVE-2023-47050.json +++ b/2023/47xxx/CVE-2023-47050.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "NONE", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47051.json b/2023/47xxx/CVE-2023-47051.json index 2cb769d71c6..11dd3246047 100644 --- a/2023/47xxx/CVE-2023-47051.json +++ b/2023/47xxx/CVE-2023-47051.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "NONE", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47052.json b/2023/47xxx/CVE-2023-47052.json index d72f3ac13e3..793229854ee 100644 --- a/2023/47xxx/CVE-2023-47052.json +++ b/2023/47xxx/CVE-2023-47052.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.5, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "NONE", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 5.5, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47053.json b/2023/47xxx/CVE-2023-47053.json index b0971e1ec91..eb7d1f4f8fd 100644 --- a/2023/47xxx/CVE-2023-47053.json +++ b/2023/47xxx/CVE-2023-47053.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Uninitialized Pointer (CWE-824)", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.5, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "NONE", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 5.5, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47054.json b/2023/47xxx/CVE-2023-47054.json index 35d4be3269b..367690f9a25 100644 --- a/2023/47xxx/CVE-2023-47054.json +++ b/2023/47xxx/CVE-2023-47054.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Uninitialized Pointer (CWE-824)", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "23.6.1", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 3.3, + "environmentalSeverity": "LOW", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "NONE", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 3.3, + "temporalSeverity": "LOW", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4527.json b/2023/4xxx/CVE-2023-4527.json index eb6689c1d3b..f0886c7d9a5 100644 --- a/2023/4xxx/CVE-2023-4527.json +++ b/2023/4xxx/CVE-2023-4527.json @@ -235,6 +235,11 @@ "url": "https://security.gentoo.org/glsa/202310-03", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202310-03" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231116-0012/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20231116-0012/" } ] }, diff --git a/2023/6xxx/CVE-2023-6177.json b/2023/6xxx/CVE-2023-6177.json new file mode 100644 index 00000000000..1ffccd66f3f --- /dev/null +++ b/2023/6xxx/CVE-2023-6177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file