From 15fc38fc29305f8925eeccb8d95285da3354a4f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Nov 2023 19:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/36xxx/CVE-2022-36777.json | 96 ++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24229.json | 17 ++++- 2023/25xxx/CVE-2023-25682.json | 89 ++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2437.json | 5 ++ 2023/2xxx/CVE-2023-2446.json | 5 ++ 2023/2xxx/CVE-2023-2448.json | 5 ++ 2023/2xxx/CVE-2023-2449.json | 5 ++ 2023/39xxx/CVE-2023-39925.json | 113 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47171.json | 18 ++++++ 2023/47xxx/CVE-2023-47755.json | 85 +++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47758.json | 85 +++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47765.json | 85 +++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47775.json | 113 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47781.json | 100 +++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47785.json | 113 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47791.json | 85 +++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47792.json | 113 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47819.json | 85 +++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6009.json | 5 ++ 2023/6xxx/CVE-2023-6264.json | 70 ++++++++++++++++++++ 20 files changed, 1243 insertions(+), 49 deletions(-) create mode 100644 2023/47xxx/CVE-2023-47171.json create mode 100644 2023/6xxx/CVE-2023-6264.json diff --git a/2022/36xxx/CVE-2022-36777.json b/2022/36xxx/CVE-2022-36777.json index a95789d2047..82f72806b3c 100644 --- a/2022/36xxx/CVE-2022-36777.json +++ b/2022/36xxx/CVE-2022-36777.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-36777", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak for Security", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.0.0", + "version_value": "1.10.11.0" + } + ] + } + }, + { + "product_name": "QRadar Suite Software", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.12.0", + "version_value": "1.10.16.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7080058", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7080058" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233665", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233665" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24229.json b/2023/24xxx/CVE-2023-24229.json index 4d41b468bd0..65bd849365a 100644 --- a/2023/24xxx/CVE-2023-24229.json +++ b/2023/24xxx/CVE-2023-24229.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component." + "value": "DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter." } ] }, @@ -61,6 +61,21 @@ "refsource": "MISC", "name": "https://github.com/sadwwcxz/Vul", "url": "https://github.com/sadwwcxz/Vul" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul", + "url": "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul" + }, + { + "refsource": "MISC", + "name": "https://www.draytek.co.uk/support/guides/kb-remotemanagement", + "url": "https://www.draytek.co.uk/support/guides/kb-remotemanagement" + }, + { + "refsource": "MISC", + "name": "https://www.draytek.com/support/knowledge-base/5465", + "url": "https://www.draytek.com/support/knowledge-base/5465" } ] } diff --git a/2023/25xxx/CVE-2023-25682.json b/2023/25xxx/CVE-2023-25682.json index b196dd80f4f..fd96f1bc940 100644 --- a/2023/25xxx/CVE-2023-25682.json +++ b/2023/25xxx/CVE-2023-25682.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.0.0", + "version_value": "6.0.3.8" + }, + { + "version_affected": "<=", + "version_name": "6.1.0.0", + "version_value": "6.1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7080172", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7080172" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247034", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247034" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2437.json b/2023/2xxx/CVE-2023-2437.json index 44a63a30b18..50f5d6c778f 100644 --- a/2023/2xxx/CVE-2023-2437.json +++ b/2023/2xxx/CVE-2023-2437.json @@ -63,6 +63,11 @@ "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "refsource": "MISC", "name": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681" + }, + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2446.json b/2023/2xxx/CVE-2023-2446.json index 2c596e9d8cd..2c97823f7de 100644 --- a/2023/2xxx/CVE-2023-2446.json +++ b/2023/2xxx/CVE-2023-2446.json @@ -63,6 +63,11 @@ "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "refsource": "MISC", "name": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681" + }, + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2448.json b/2023/2xxx/CVE-2023-2448.json index 443a51bddf4..fe06e3daa0d 100644 --- a/2023/2xxx/CVE-2023-2448.json +++ b/2023/2xxx/CVE-2023-2448.json @@ -63,6 +63,11 @@ "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "refsource": "MISC", "name": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681" + }, + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html" } ] }, diff --git a/2023/2xxx/CVE-2023-2449.json b/2023/2xxx/CVE-2023-2449.json index 2b5b615e439..fe59079e066 100644 --- a/2023/2xxx/CVE-2023-2449.json +++ b/2023/2xxx/CVE-2023-2449.json @@ -63,6 +63,11 @@ "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "refsource": "MISC", "name": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681" + }, + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html" } ] }, diff --git a/2023/39xxx/CVE-2023-39925.json b/2023/39xxx/CVE-2023-39925.json index 11da55080d5..0a12d7597ad 100644 --- a/2023/39xxx/CVE-2023-39925.json +++ b/2023/39xxx/CVE-2023-39925.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <=\u00a06.1.6.0 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PeepSo", + "product": { + "product_data": [ + { + "product_name": "Download Community by PeepSo", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.2.0.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.1.6.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-peepso-plugin-6-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-peepso-plugin-6-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.2.0.0 or a higher version." + } + ], + "value": "Update to\u00a06.2.0.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47171.json b/2023/47xxx/CVE-2023-47171.json new file mode 100644 index 00000000000..527f1692c92 --- /dev/null +++ b/2023/47xxx/CVE-2023-47171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47755.json b/2023/47xxx/CVE-2023-47755.json index 17d65f8adb5..440c7491d7c 100644 --- a/2023/47xxx/CVE-2023-47755.json +++ b/2023/47xxx/CVE-2023-47755.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <=\u00a03.3.5 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AazzTech", + "product": { + "product_data": [ + { + "product_name": "WooCommerce Product Carousel Slider", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.3.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47758.json b/2023/47xxx/CVE-2023-47758.json index 8d60712ca5e..a18836d52ca 100644 --- a/2023/47xxx/CVE-2023-47758.json +++ b/2023/47xxx/CVE-2023-47758.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <=\u00a01.7.11 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mondula GmbH", + "product": { + "product_data": [ + { + "product_name": "Multi Step Form", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.7.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47765.json b/2023/47xxx/CVE-2023-47765.json index 8e5fc48fb73..d16c254a7f5 100644 --- a/2023/47xxx/CVE-2023-47765.json +++ b/2023/47xxx/CVE-2023-47765.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <=\u00a02.1.9 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CodeBard", + "product": { + "product_data": [ + { + "product_name": "CodeBard's Patron Button and Widgets for Patreon", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47775.json b/2023/47xxx/CVE-2023-47775.json index 72bdd5a2b1f..390e3fd4c72 100644 --- a/2023/47xxx/CVE-2023-47775.json +++ b/2023/47xxx/CVE-2023-47775.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments \u2014 wpDiscuz plugin <=\u00a07.6.11 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gVectors Team", + "product": { + "product_data": [ + { + "product_name": "Comments \u2014 wpDiscuz", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "7.6.12", + "status": "unaffected" + } + ], + "lessThanOrEqual": "7.6.11", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 7.6.12 or a higher version." + } + ], + "value": "Update to\u00a07.6.12 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "FearZzZz (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47781.json b/2023/47xxx/CVE-2023-47781.json index 7bc11c0a19d..b1cd6ca0a4c 100644 --- a/2023/47xxx/CVE-2023-47781.json +++ b/2023/47xxx/CVE-2023-47781.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder <=\u00a03.24.2 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Thrive Themes", + "product": { + "product_data": [ + { + "product_name": "Thrive Theme Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.24.2", + "status": "unaffected" + } + ], + "lessThan": "3.24.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47785.json b/2023/47xxx/CVE-2023-47785.json index 0b86c58a08c..58f36af0157 100644 --- a/2023/47xxx/CVE-2023-47785.json +++ b/2023/47xxx/CVE-2023-47785.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <=\u00a07.7.9 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LayerSlider", + "product": { + "product_data": [ + { + "product_name": "LayerSlider", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "7.7.10", + "status": "unaffected" + } + ], + "lessThanOrEqual": "7.7.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 7.7.10 or a higher version." + } + ], + "value": "Update to\u00a07.7.10 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47791.json b/2023/47xxx/CVE-2023-47791.json index 76d58024182..48eb545d1f7 100644 --- a/2023/47xxx/CVE-2023-47791.json +++ b/2023/47xxx/CVE-2023-47791.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=\u00a01.1.2 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Leadster", + "product": { + "product_data": [ + { + "product_name": "Leadster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/leadster-marketing-conversaciona/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/leadster-marketing-conversaciona/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "BuShiYue (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47792.json b/2023/47xxx/CVE-2023-47792.json index 3f049c20e40..f80afaa08dd 100644 --- a/2023/47xxx/CVE-2023-47792.json +++ b/2023/47xxx/CVE-2023-47792.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads \u2013 Increase Maximum File Upload Size plugin <=\u00a02.1.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Infinite Uploads", + "product": { + "product_data": [ + { + "product_name": "Big File Uploads \u2013 Increase Maximum File Upload Size", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/tuxedo-big-file-uploads/wordpress-big-file-uploads-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/tuxedo-big-file-uploads/wordpress-big-file-uploads-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1.2 or a higher version." + } + ], + "value": "Update to\u00a02.1.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47819.json b/2023/47xxx/CVE-2023-47819.json index f164065839f..e9724a22bab 100644 --- a/2023/47xxx/CVE-2023-47819.json +++ b/2023/47xxx/CVE-2023-47819.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47819", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <=\u00a01.1.0 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dang Ngoc Binh", + "product": { + "product_data": [ + { + "product_name": "Easy Call Now by ThikShare", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/easy-call-now/wordpress-easy-call-now-by-thikshare-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/easy-call-now/wordpress-easy-call-now-by-thikshare-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nguyen Xuan Chien (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6009.json b/2023/6xxx/CVE-2023-6009.json index d327d374e89..91b73453d79 100644 --- a/2023/6xxx/CVE-2023-6009.json +++ b/2023/6xxx/CVE-2023-6009.json @@ -63,6 +63,11 @@ "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "refsource": "MISC", "name": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681" + }, + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6264.json b/2023/6xxx/CVE-2023-6264.json new file mode 100644 index 00000000000..d14d39081af --- /dev/null +++ b/2023/6xxx/CVE-2023-6264.json @@ -0,0 +1,70 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-6264", + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2023.3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2023-0020/", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2023-0020/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file