diff --git a/2005/1xxx/CVE-2005-1513.json b/2005/1xxx/CVE-2005-1513.json index 4b9dd24a77f..fe546c06bcf 100644 --- a/2005/1xxx/CVE-2005-1513.json +++ b/2005/1xxx/CVE-2005-1513.json @@ -136,6 +136,11 @@ "refsource": "FULLDISC", "name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863", "url": "http://seclists.org/fulldisclosure/2023/Jun/2" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html" } ] } diff --git a/2023/1xxx/CVE-2023-1133.json b/2023/1xxx/CVE-2023-1133.json index 5ba1054a399..fcbacc0d460 100644 --- a/2023/1xxx/CVE-2023-1133.json +++ b/2023/1xxx/CVE-2023-1133.json @@ -58,6 +58,11 @@ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02", "refsource": "MISC", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-02" + }, + { + "url": "http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172799/Delta-Electronics-InfraSuite-Device-Master-Deserialization.html" } ] }, diff --git a/2023/22xxx/CVE-2023-22833.json b/2023/22xxx/CVE-2023-22833.json index a9a5bfc7ea9..6188793acda 100644 --- a/2023/22xxx/CVE-2023-22833.json +++ b/2023/22xxx/CVE-2023-22833.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Palantir discovered a software bug in a recently released version of Foundry\u2019s Lime2 service, one of the services backing the Ontology. The software bug has been fixed and the fix has been deployed to your hosted Foundry environment. The vulnerability allowed authenticated users within a Foundry organization to potentially bypass discretionary or mandatory access controls under certain circumstances." + "value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances." } ] }, diff --git a/2023/33xxx/CVE-2023-33863.json b/2023/33xxx/CVE-2023-33863.json index d83ecfd58fb..873376cf3ea 100644 --- a/2023/33xxx/CVE-2023-33863.json +++ b/2023/33xxx/CVE-2023-33863.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863", "url": "http://seclists.org/fulldisclosure/2023/Jun/2" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html" } ] } diff --git a/2023/33xxx/CVE-2023-33864.json b/2023/33xxx/CVE-2023-33864.json index e1fd96c3e56..bce625fa208 100644 --- a/2023/33xxx/CVE-2023-33864.json +++ b/2023/33xxx/CVE-2023-33864.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863", "url": "http://seclists.org/fulldisclosure/2023/Jun/2" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html" } ] } diff --git a/2023/33xxx/CVE-2023-33865.json b/2023/33xxx/CVE-2023-33865.json index 5fc8a1627ad..8d75779b3ad 100644 --- a/2023/33xxx/CVE-2023-33865.json +++ b/2023/33xxx/CVE-2023-33865.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863", "url": "http://seclists.org/fulldisclosure/2023/Jun/2" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html" } ] } diff --git a/2023/3xxx/CVE-2023-3165.json b/2023/3xxx/CVE-2023-3165.json new file mode 100644 index 00000000000..5ba7c6c0c0c --- /dev/null +++ b/2023/3xxx/CVE-2023-3165.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3165", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Life Insurance Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei insertNominee.php der Komponente POST Parameter Handler. Durch Beeinflussen des Arguments nominee_id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Life Insurance Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.231109", + "refsource": "MISC", + "name": "https://vuldb.com/?id.231109" + }, + { + "url": "https://vuldb.com/?ctiid.231109", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.231109" + }, + { + "url": "https://github.com/Hanwengao/CVERequests/blob/main/XSS.md", + "refsource": "MISC", + "name": "https://github.com/Hanwengao/CVERequests/blob/main/XSS.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wengao (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file