From 1b25c3605eafd178cd9c294309dca7af08ee63f5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 5 Aug 2023 16:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4557.json | 6 +-- 2023/2xxx/CVE-2023-2885.json | 6 +-- 2023/4xxx/CVE-2023-4166.json | 96 ++++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4167.json | 96 ++++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4177.json | 18 +++++++ 2023/4xxx/CVE-2023-4178.json | 18 +++++++ 6 files changed, 226 insertions(+), 14 deletions(-) create mode 100644 2023/4xxx/CVE-2023-4177.json create mode 100644 2023/4xxx/CVE-2023-4178.json diff --git a/2022/4xxx/CVE-2022-4557.json b/2022/4xxx/CVE-2022-4557.json index d3bf5616116..5ffe225a6d4 100644 --- a/2022/4xxx/CVE-2022-4557.json +++ b/2022/4xxx/CVE-2022-4557.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.\n\n" } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" } ] } diff --git a/2023/2xxx/CVE-2023-2885.json b/2023/2xxx/CVE-2023-2885.json index a2d6417bde6..1b2d4d8be3f 100644 --- a/2023/2xxx/CVE-2023-2885.json +++ b/2023/2xxx/CVE-2023-2885.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n" + "value": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n" } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-300 Channel Accessible by Non-Endpoint", - "cweId": "CWE-300" + "value": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", + "cweId": "CWE-924" } ] } diff --git a/2023/4xxx/CVE-2023-4166.json b/2023/4xxx/CVE-2023-4166.json index 6388349febf..51be7c02b82 100644 --- a/2023/4xxx/CVE-2023-4166.json +++ b/2023/4xxx/CVE-2023-4166.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tongda OA wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei general/system/seal_manage/dianju/delete_log.php. Dank Manipulation des Arguments DELETE_STR mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 11.10 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tongda", + "product": { + "product_data": [ + { + "product_name": "OA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.236182", + "refsource": "MISC", + "name": "https://vuldb.com/?id.236182" + }, + { + "url": "https://vuldb.com/?ctiid.236182", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.236182" + }, + { + "url": "https://github.com/Das1yGa0/cve/blob/main/sql.md", + "refsource": "MISC", + "name": "https://github.com/Das1yGa0/cve/blob/main/sql.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "DasiyGao (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4167.json b/2023/4xxx/CVE-2023-4167.json index b34e849cb67..b7df249334f 100644 --- a/2023/4xxx/CVE-2023-4167.json +++ b/2023/4xxx/CVE-2023-4167.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4167", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Media Browser Emby Server 4.7.13.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /web/. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Media Browser", + "product": { + "product_data": [ + { + "product_name": "Emby Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.7.13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.236183", + "refsource": "MISC", + "name": "https://vuldb.com/?id.236183" + }, + { + "url": "https://vuldb.com/?ctiid.236183", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.236183" + }, + { + "url": "https://github.com/whoamiecho/vuls/blob/main/emby.md", + "refsource": "MISC", + "name": "https://github.com/whoamiecho/vuls/blob/main/emby.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "whoamiechor (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4177.json b/2023/4xxx/CVE-2023-4177.json new file mode 100644 index 00000000000..4140694cd8a --- /dev/null +++ b/2023/4xxx/CVE-2023-4177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4178.json b/2023/4xxx/CVE-2023-4178.json new file mode 100644 index 00000000000..2432b87f623 --- /dev/null +++ b/2023/4xxx/CVE-2023-4178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file