admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-11 08:00:39 +00:00
parent c7865bc709
commit 282d4b01f4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 1319 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2022/0xxx/CVE-2022-0634.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request."
"value": "The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"value": "CWE-862 Missing Authorization"
}
]
},
@ -43,7 +43,7 @@
"product": {
"product_data": [
{
"product_name": "ThirstyAffiliates Affiliate Link Manager",
"product_name": "ThirstyAffiliates",
"version": {
"version_data": [
{

111
2022/2xxx/CVE-2022-2596.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2596",
"STATE": "PUBLIC",
"TITLE": "Denial of Service in node-fetch/node-fetch"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "node-fetch",
"product": {
"product_data": [
{
@ -16,36 +40,56 @@
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "3.2.10"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "3.2.10"
},
{
"version_affected": ">=",
"version_value": "3.0.0"
"lessThan": "unspecified",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
},
"vendor_name": "node-fetch"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10."
"url": "https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7"
},
{
"url": "https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d",
"refsource": "MISC",
"name": "https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "a7e6a136-0a4b-46c4-ad20-802f1dd60bf7",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -56,38 +100,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7"
},
{
"name": "https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d",
"refsource": "MISC",
"url": "https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d"
}
]
},
"source": {
"advisory": "a7e6a136-0a4b-46c4-ad20-802f1dd60bf7",
"discovery": "EXTERNAL"
}
}

104
2022/2xxx/CVE-2022-2598.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2598",
"STATE": "PUBLIC",
"TITLE": "Undefined Behavior for Input to API in vim/vim"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write to API",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vim",
"product": {
"product_data": [
{
@ -17,31 +41,47 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "9.0.0100"
}
]
}
}
]
},
"vendor_name": "vim"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100."
"url": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e"
},
{
"url": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d",
"refsource": "MISC",
"name": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "2f08363a-47a2-422d-a7de-ce96a89ad08e",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -52,43 +92,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-475 Undefined Behavior for Input to API"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e"
},
{
"name": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d",
"refsource": "MISC",
"url": "https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
}
]
},
"source": {
"advisory": "2f08363a-47a2-422d-a7de-ce96a89ad08e",
"discovery": "EXTERNAL"
}
}

85
2022/45xxx/CVE-2022-45823.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <=\u00a03.2 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GalleryPlugins",
"product": {
"product_data": [
{
"product_name": "Video Contest WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/video-contest/wordpress-video-contest-wordpress-plugin-plugin-3-2-cross-site-request-forgery-csrf?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/video-contest/wordpress-video-contest-wordpress-plugin-plugin-3-2-cross-site-request-forgery-csrf?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Cat (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

98
2022/4xxx/CVE-2022-4111.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-4111",
"STATE": "PUBLIC",
"TITLE": "Denial of Service in tooljet/tooljet"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1284 Improper Validation of Specified Quantity in Input",
"cweId": "CWE-1284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tooljet",
"product": {
"product_data": [
{
@ -17,73 +41,55 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "v1.27.0"
}
]
}
}
]
},
"vendor_name": "tooljet"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB."
"url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
},
{
"url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc",
"refsource": "MISC",
"name": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "5596d072-66d2-4361-8cac-101c9c781c3d",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
},
{
"name": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc",
"refsource": "MISC",
"url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
}
]
},
"source": {
"advisory": "5596d072-66d2-4361-8cac-101c9c781c3d",
"discovery": "EXTERNAL"
}
}

10
2022/4xxx/CVE-2022-4148.json
View File

@ -21,7 +21,15 @@
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
"value": "CWE-862 Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}

94
2022/4xxx/CVE-2022-4505.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-4505",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in openemr/openemr"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openemr",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "7.0.0.2"
}
]
}
}
]
},
"vendor_name": "openemr"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2."
"url": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92"
},
{
"url": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33",
"refsource": "MISC",
"name": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "e36ca754-bb9f-4686-ad72-7fb849e97d92",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92"
},
{
"name": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33"
}
]
},
"source": {
"advisory": "e36ca754-bb9f-4686-ad72-7fb849e97d92",
"discovery": "EXTERNAL"
}
}

100
2023/1xxx/CVE-2023-1936.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.7",
"version_value": "15.11.10"
},
{
"version_affected": "<",
"version_name": "16.0",
"version_value": "16.0.6"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/405150",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/405150"
},
{
"url": "https://hackerone.com/reports/1933829",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1933829"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 15.11.10, 16.0.6, 16.1.1 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [ricardobrito](https://hackerone.com/ricardobrito) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
]
}

113
2023/23xxx/CVE-2023-23704.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <=\u00a01.1.6 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pixelgrade",
"product": {
"product_data": [
{
"product_name": "Comments Ratings",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.1.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.1.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.1.7 or a higher version."
}
],
"value": "Update to\u00a01.1.7 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "yuyudhn (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/23xxx/CVE-2023-23731.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <=\u00a01.3.3 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HasTheme",
"product": {
"product_data": [
{
"product_name": "WishSuite",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.3.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wishsuite/wordpress-wishsuite-wishlist-for-woocommerce-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wishsuite/wordpress-wishsuite-wishlist-for-woocommerce-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.3.4 or a higher version.<br>"
}
],
"value": "Update to 1.3.4 or a higher version.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/23xxx/CVE-2023-23997.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <=\u00a01.2.7 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dave Jesch",
"product": {
"product_data": [
{
"product_name": "Database Collation Fix",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/database-collation-fix/wordpress-database-collation-fix-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/database-collation-fix/wordpress-database-collation-fix-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.2.8 or a higher version."
}
],
"value": "Update to\u00a01.2.8 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/24xxx/CVE-2023-24421.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24421",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <=\u00a01.5.2 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WP Engine",
"product": {
"product_data": [
{
"product_name": "PHP Compatibility Checker",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.6.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/php-compatibility-checker/wordpress-php-compatibility-checker-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/php-compatibility-checker/wordpress-php-compatibility-checker-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.6.0 or a higher version."
}
],
"value": "Update to\u00a01.6.0 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

85
2023/25xxx/CVE-2023-25051.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <=\u00a01.4 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Denishua",
"product": {
"product_data": [
{
"product_name": "Comment Reply Notification",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/comment-reply-notification/wordpress-comment-reply-notification-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/comment-reply-notification/wordpress-comment-reply-notification-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

85
2023/25xxx/CVE-2023-25468.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <=\u00a01.0.11 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Reservation.Studio",
"product": {
"product_data": [
{
"product_name": "Reservation.Studio widget",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/reservation-studio-widget/wordpress-reservation-studio-widget-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/reservation-studio-widget/wordpress-reservation-studio-widget-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Lokesh Dachepalli (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/25xxx/CVE-2023-25487.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25487",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <=\u00a01.4.14 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pixelgrade",
"product": {
"product_data": [
{
"product_name": "PixTypes",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.4.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.14",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-14-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-14-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.4.15 or a higher version."
}
],
"value": "Update to\u00a01.4.15 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/35xxx/CVE-2023-35781.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-35781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <=\u00a02.3.0 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LWS",
"product": {
"product_data": [
{
"product_name": "LWS Cleaner",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/lws-cleaner/wordpress-lws-cleaner-plugin-2-3-0-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/lws-cleaner/wordpress-lws-cleaner-plugin-2-3-0-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.3.1 or a higher version."
}
],
"value": "Update to\u00a02.3.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "konagash (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}