diff --git a/2022/24xxx/CVE-2022-24350.json b/2022/24xxx/CVE-2022-24350.json index 414981d7b95..1b69dc8eacc 100644 --- a/2022/24xxx/CVE-2022-24350.json +++ b/2022/24xxx/CVE-2022-24350.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege." + "value": "An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buffer size error." } ] }, diff --git a/2023/27xxx/CVE-2023-27867.json b/2023/27xxx/CVE-2023-27867.json index d3459f2500a..0c2ad19200d 100644 --- a/2023/27xxx/CVE-2023-27867.json +++ b/2023/27xxx/CVE-2023-27867.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249514", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249514" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0006/" } ] }, diff --git a/2023/27xxx/CVE-2023-27868.json b/2023/27xxx/CVE-2023-27868.json index 21643a9c7fe..90adba77610 100644 --- a/2023/27xxx/CVE-2023-27868.json +++ b/2023/27xxx/CVE-2023-27868.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0006/" } ] }, diff --git a/2023/27xxx/CVE-2023-27869.json b/2023/27xxx/CVE-2023-27869.json index 7a154029271..7711b3619e0 100644 --- a/2023/27xxx/CVE-2023-27869.json +++ b/2023/27xxx/CVE-2023-27869.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249517" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0006/" } ] }, diff --git a/2023/2xxx/CVE-2023-2727.json b/2023/2xxx/CVE-2023-2727.json index 01df798b57e..3ca3cbc101d 100644 --- a/2023/2xxx/CVE-2023-2727.json +++ b/2023/2xxx/CVE-2023-2727.json @@ -81,6 +81,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/07/06/2", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/07/06/2" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0004/" } ] }, diff --git a/2023/2xxx/CVE-2023-2728.json b/2023/2xxx/CVE-2023-2728.json index 3cb1e09026a..4ada21dd186 100644 --- a/2023/2xxx/CVE-2023-2728.json +++ b/2023/2xxx/CVE-2023-2728.json @@ -81,6 +81,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/07/06/3", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/07/06/3" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0004/" } ] }, diff --git a/2023/30xxx/CVE-2023-30586.json b/2023/30xxx/CVE-2023-30586.json index e9b7c09be83..55cfcf813a1 100644 --- a/2023/30xxx/CVE-2023-30586.json +++ b/2023/30xxx/CVE-2023-30586.json @@ -58,6 +58,11 @@ "url": "https://hackerone.com/reports/1954535", "refsource": "MISC", "name": "https://hackerone.com/reports/1954535" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0008/" } ] } diff --git a/2023/30xxx/CVE-2023-30589.json b/2023/30xxx/CVE-2023-30589.json index d2ee0c75a2b..200ed312863 100644 --- a/2023/30xxx/CVE-2023-30589.json +++ b/2023/30xxx/CVE-2023-30589.json @@ -88,6 +88,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0009/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0009/" } ] } diff --git a/2023/34xxx/CVE-2023-34457.json b/2023/34xxx/CVE-2023-34457.json index f062e7af375..6401971d940 100644 --- a/2023/34xxx/CVE-2023-34457.json +++ b/2023/34xxx/CVE-2023-34457.json @@ -68,6 +68,11 @@ "url": "https://github.com/MechanicalSoup/MechanicalSoup/releases/tag/v1.3.0", "refsource": "MISC", "name": "https://github.com/MechanicalSoup/MechanicalSoup/releases/tag/v1.3.0" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0005/" } ] }, diff --git a/2023/34xxx/CVE-2023-34462.json b/2023/34xxx/CVE-2023-34462.json index ec1ddbd8617..444fd92f614 100644 --- a/2023/34xxx/CVE-2023-34462.json +++ b/2023/34xxx/CVE-2023-34462.json @@ -63,6 +63,11 @@ "url": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32", "refsource": "MISC", "name": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0001/" } ] }, diff --git a/2023/35xxx/CVE-2023-35823.json b/2023/35xxx/CVE-2023-35823.json index bf30d30518e..bda0d04d4be 100644 --- a/2023/35xxx/CVE-2023-35823.json +++ b/2023/35xxx/CVE-2023-35823.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230803-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" } ] } diff --git a/2023/35xxx/CVE-2023-35824.json b/2023/35xxx/CVE-2023-35824.json index 3820d6d6d97..f2363ddafb6 100644 --- a/2023/35xxx/CVE-2023-35824.json +++ b/2023/35xxx/CVE-2023-35824.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230803-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" } ] } diff --git a/2023/35xxx/CVE-2023-35826.json b/2023/35xxx/CVE-2023-35826.json index 49dcb9e9e2b..d820def6a1d 100644 --- a/2023/35xxx/CVE-2023-35826.json +++ b/2023/35xxx/CVE-2023-35826.json @@ -71,6 +71,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50d0a7aea4809cef87979d4669911276aa23b71f", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50d0a7aea4809cef87979d4669911276aa23b71f" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230803-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" } ] } diff --git a/2023/35xxx/CVE-2023-35827.json b/2023/35xxx/CVE-2023-35827.json index 9a97869a900..8a0f3c6985d 100644 --- a/2023/35xxx/CVE-2023-35827.json +++ b/2023/35xxx/CVE-2023-35827.json @@ -61,6 +61,11 @@ "url": "https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1@huawei.com/T/", "refsource": "MISC", "name": "https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1@huawei.com/T/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230803-0003/", + "url": "https://security.netapp.com/advisory/ntap-20230803-0003/" } ] } diff --git a/2023/35xxx/CVE-2023-35828.json b/2023/35xxx/CVE-2023-35828.json index 723fa14cd92..ae30dbbb36b 100644 --- a/2023/35xxx/CVE-2023-35828.json +++ b/2023/35xxx/CVE-2023-35828.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230803-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" } ] } diff --git a/2023/35xxx/CVE-2023-35829.json b/2023/35xxx/CVE-2023-35829.json index 1e74cbb7dc8..c8b1ee40e39 100644 --- a/2023/35xxx/CVE-2023-35829.json +++ b/2023/35xxx/CVE-2023-35829.json @@ -71,6 +71,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3228cec23b8b29215e18090c6ba635840190993d", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3228cec23b8b29215e18090c6ba635840190993d" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230803-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" } ] } diff --git a/2023/35xxx/CVE-2023-35947.json b/2023/35xxx/CVE-2023-35947.json index c770f17cff6..b4583d9506f 100644 --- a/2023/35xxx/CVE-2023-35947.json +++ b/2023/35xxx/CVE-2023-35947.json @@ -72,6 +72,11 @@ "url": "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", "refsource": "MISC", "name": "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0007/" } ] }, diff --git a/2023/36xxx/CVE-2023-36298.json b/2023/36xxx/CVE-2023-36298.json index 672ad0c4eb7..7006b0a0646 100644 --- a/2023/36xxx/CVE-2023-36298.json +++ b/2023/36xxx/CVE-2023-36298.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36298", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36298", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/MentalityXt/Dedecms-v5.7.109-RCE", + "url": "https://github.com/MentalityXt/Dedecms-v5.7.109-RCE" } ] } diff --git a/2023/36xxx/CVE-2023-36299.json b/2023/36xxx/CVE-2023-36299.json index 78ba4d16daf..b5c42e18f30 100644 --- a/2023/36xxx/CVE-2023-36299.json +++ b/2023/36xxx/CVE-2023-36299.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36299", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36299", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/typecho/typecho/releases/tag/v1.2.1", + "refsource": "MISC", + "name": "https://github.com/typecho/typecho/releases/tag/v1.2.1" + }, + { + "refsource": "MISC", + "name": "https://github.com/MentalityXt/typecho-v1.2.1-RCE", + "url": "https://github.com/MentalityXt/typecho-v1.2.1-RCE" } ] } diff --git a/2023/38xxx/CVE-2023-38408.json b/2023/38xxx/CVE-2023-38408.json index 2d976c47902..255eb4c2ea5 100644 --- a/2023/38xxx/CVE-2023-38408.json +++ b/2023/38xxx/CVE-2023-38408.json @@ -121,6 +121,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-79a18e1725", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230803-0010/", + "url": "https://security.netapp.com/advisory/ntap-20230803-0010/" } ] } diff --git a/2023/39xxx/CVE-2023-39096.json b/2023/39xxx/CVE-2023-39096.json index a4399a6995f..1e45486323c 100644 --- a/2023/39xxx/CVE-2023-39096.json +++ b/2023/39xxx/CVE-2023-39096.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39096", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39096", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.realinfosec.net/advisories/WEBBOSS-P-XSS-2023-0xt2tt.html", + "url": "https://www.realinfosec.net/advisories/WEBBOSS-P-XSS-2023-0xt2tt.html" } ] } diff --git a/2023/39xxx/CVE-2023-39097.json b/2023/39xxx/CVE-2023-39097.json index 2d3d29ca205..b2008d8e8b1 100644 --- a/2023/39xxx/CVE-2023-39097.json +++ b/2023/39xxx/CVE-2023-39097.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39097", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39097", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://realinfosec.net/advisories/WEBBOSS-P-XSS-2023-0xf8gi.html", + "url": "https://realinfosec.net/advisories/WEBBOSS-P-XSS-2023-0xf8gi.html" } ] } diff --git a/2023/3xxx/CVE-2023-3180.json b/2023/3xxx/CVE-2023-3180.json index 72445fdd24e..223778e2303 100644 --- a/2023/3xxx/CVE-2023-3180.json +++ b/2023/3xxx/CVE-2023-3180.json @@ -1,17 +1,199 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "qemu", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Extra Packages for Enterprise Linux", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3180", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-3180" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3446.json b/2023/3xxx/CVE-2023-3446.json index 50b23ecf91b..8bbb6324ef7 100644 --- a/2023/3xxx/CVE-2023-3446.json +++ b/2023/3xxx/CVE-2023-3446.json @@ -113,6 +113,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/07/31/1" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230803-0011/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230803-0011/" } ] }, diff --git a/2023/4xxx/CVE-2023-4132.json b/2023/4xxx/CVE-2023-4132.json index 9bd877ac20f..7640f7e18c5 100644 --- a/2023/4xxx/CVE-2023-4132.json +++ b/2023/4xxx/CVE-2023-4132.json @@ -1,17 +1,190 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4132", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.3-rc1", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4132", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4132" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221707", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2221707" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4133.json b/2023/4xxx/CVE-2023-4133.json index 2ed6390226e..ab81323ec7f 100644 --- a/2023/4xxx/CVE-2023-4133.json +++ b/2023/4xxx/CVE-2023-4133.json @@ -1,17 +1,190 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.3", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4133", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-4133" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221702", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2221702" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4143.json b/2023/4xxx/CVE-2023-4143.json new file mode 100644 index 00000000000..8f7cdf92e26 --- /dev/null +++ b/2023/4xxx/CVE-2023-4143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file