admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-06 21:00:35 +00:00
parent 7ef969816c
commit 0ca5def663
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 607 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
2014/125xxx/CVE-2014-125094.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-125094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In phpMiniAdmin bis 1.8.120510 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.9.140405 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "phpMiniAdmin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.8.120510"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225001",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225001"
},
{
"url": "https://vuldb.com/?ctiid.225001",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225001"
},
{
"url": "https://github.com/osalabs/phpminiadmin/blob/master/changelog.md",
"refsource": "MISC",
"name": "https://github.com/osalabs/phpminiadmin/blob/master/changelog.md"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}

85
2023/1xxx/CVE-2023-1927.json Normal file
View File

@ -0,0 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-1927",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "emrevona",
"product": {
"product_data": [
{
"product_name": "WP Fastest Cache",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve"
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}
}

85
2023/1xxx/CVE-2023-1928.json Normal file
View File

@ -0,0 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-1928",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "emrevona",
"product": {
"product_data": [
{
"product_name": "WP Fastest Cache",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve"
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}
}

80
2023/1xxx/CVE-2023-1929.json Normal file
View File

@ -0,0 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-1929",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "emrevona",
"product": {
"product_data": [
{
"product_name": "WP Fastest Cache",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}
}

85
2023/1xxx/CVE-2023-1930.json Normal file
View File

@ -0,0 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-1930",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "emrevona",
"product": {
"product_data": [
{
"product_name": "WP Fastest Cache",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve"
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}
}

85
2023/1xxx/CVE-2023-1931.json Normal file
View File

@ -0,0 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-1931",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "emrevona",
"product": {
"product_data": [
{
"product_name": "WP Fastest Cache",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve"
}
]
},
"credits": [
{
"lang": "en",
"value": "Marco Wotschka"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}
}

18
2023/1xxx/CVE-2023-1932.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2023/28xxx/CVE-2023-28500.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@adobe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Adobe",
"product": {
"product_data": [
{
"product_name": "LiveCycle ES4",
"version": {
"version_data": [
{
"version_value": "11.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://coastalsecurity.gitbook.io/critical-vulnerability-adobe-livecycle-es4v11.0/",
"url": "https://coastalsecurity.gitbook.io/critical-vulnerability-adobe-livecycle-es4v11.0/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle application, and the use of Java environments 7u21 and earlier. The code execution is performed in the context of the account that is running the Adobe LiveCycle application. If the account is privileged, exploitation provides privileged access to the operating system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
}

18
2023/29xxx/CVE-2023-29468.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29469.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}