From 305dba9def71a22298fcfa018c2a842346276f66 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Feb 2023 12:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/32xxx/CVE-2021-32936.json | 5 ++ 2021/32xxx/CVE-2021-32938.json | 5 ++ 2021/32xxx/CVE-2021-32948.json | 5 ++ 2021/41xxx/CVE-2021-41771.json | 5 ++ 2021/41xxx/CVE-2021-41772.json | 5 ++ 2021/43xxx/CVE-2021-43336.json | 5 ++ 2021/43xxx/CVE-2021-43391.json | 5 ++ 2021/44xxx/CVE-2021-44716.json | 5 ++ 2021/44xxx/CVE-2021-44717.json | 5 ++ 2022/1xxx/CVE-2022-1292.json | 5 ++ 2022/1xxx/CVE-2022-1343.json | 5 ++ 2022/1xxx/CVE-2022-1434.json | 5 ++ 2022/1xxx/CVE-2022-1473.json | 5 ++ 2022/24xxx/CVE-2022-24675.json | 5 ++ 2022/24xxx/CVE-2022-24921.json | 5 ++ 2022/27xxx/CVE-2022-27536.json | 5 ++ 2022/28xxx/CVE-2022-28327.json | 5 ++ 2022/30xxx/CVE-2022-30774.json | 5 ++ 2022/31xxx/CVE-2022-31243.json | 5 ++ 2022/33xxx/CVE-2022-33906.json | 5 ++ 2022/33xxx/CVE-2022-33907.json | 5 ++ 2022/33xxx/CVE-2022-33982.json | 5 ++ 2022/33xxx/CVE-2022-33984.json | 5 ++ 2022/46xxx/CVE-2022-46862.json | 113 +++++++++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0826.json | 18 ++++++ 2023/0xxx/CVE-2023-0827.json | 18 ++++++ 2023/0xxx/CVE-2023-0828.json | 18 ++++++ 2023/24xxx/CVE-2023-24377.json | 113 +++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24382.json | 113 +++++++++++++++++++++++++++++++-- 2023/25xxx/CVE-2023-25065.json | 113 +++++++++++++++++++++++++++++++-- 30 files changed, 605 insertions(+), 16 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0826.json create mode 100644 2023/0xxx/CVE-2023-0827.json create mode 100644 2023/0xxx/CVE-2023-0828.json diff --git a/2021/32xxx/CVE-2021-32936.json b/2021/32xxx/CVE-2021-32936.json index 0fb621e1fe6..440abda81c0 100644 --- a/2021/32xxx/CVE-2021-32936.json +++ b/2021/32xxx/CVE-2021-32936.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] }, diff --git a/2021/32xxx/CVE-2021-32938.json b/2021/32xxx/CVE-2021-32938.json index 6e0936916f1..180dd8256af 100644 --- a/2021/32xxx/CVE-2021-32938.json +++ b/2021/32xxx/CVE-2021-32938.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] }, diff --git a/2021/32xxx/CVE-2021-32948.json b/2021/32xxx/CVE-2021-32948.json index 05350d34629..abde3f30715 100644 --- a/2021/32xxx/CVE-2021-32948.json +++ b/2021/32xxx/CVE-2021-32948.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] }, diff --git a/2021/41xxx/CVE-2021-41771.json b/2021/41xxx/CVE-2021-41771.json index a9f70b19bb0..40f83c06dfe 100644 --- a/2021/41xxx/CVE-2021-41771.json +++ b/2021/41xxx/CVE-2021-41771.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-02", "url": "https://security.gentoo.org/glsa/202208-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2021/41xxx/CVE-2021-41772.json b/2021/41xxx/CVE-2021-41772.json index 2fd2837fd35..0b3ed15ad4e 100644 --- a/2021/41xxx/CVE-2021-41772.json +++ b/2021/41xxx/CVE-2021-41772.json @@ -81,6 +81,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-02", "url": "https://security.gentoo.org/glsa/202208-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2021/43xxx/CVE-2021-43336.json b/2021/43xxx/CVE-2021-43336.json index ade374f3d0e..ac9655679ec 100644 --- a/2021/43xxx/CVE-2021-43336.json +++ b/2021/43xxx/CVE-2021-43336.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-334/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-334/" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } diff --git a/2021/43xxx/CVE-2021-43391.json b/2021/43xxx/CVE-2021-43391.json index 9201cbef2a6..4d4d3387cab 100644 --- a/2021/43xxx/CVE-2021-43391.json +++ b/2021/43xxx/CVE-2021-43391.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } diff --git a/2021/44xxx/CVE-2021-44716.json b/2021/44xxx/CVE-2021-44716.json index 47f65246c8d..6acc93e5c6a 100644 --- a/2021/44xxx/CVE-2021-44716.json +++ b/2021/44xxx/CVE-2021-44716.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-02", "url": "https://security.gentoo.org/glsa/202208-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2021/44xxx/CVE-2021-44717.json b/2021/44xxx/CVE-2021-44717.json index be0aa0c6bfe..852a7ecc22b 100644 --- a/2021/44xxx/CVE-2021-44717.json +++ b/2021/44xxx/CVE-2021-44717.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-02", "url": "https://security.gentoo.org/glsa/202208-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2022/1xxx/CVE-2022-1292.json b/2022/1xxx/CVE-2022-1292.json index 079c9b82560..11f2e011430 100644 --- a/2022/1xxx/CVE-2022-1292.json +++ b/2022/1xxx/CVE-2022-1292.json @@ -137,6 +137,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-02", "url": "https://security.gentoo.org/glsa/202210-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ] } diff --git a/2022/1xxx/CVE-2022-1343.json b/2022/1xxx/CVE-2022-1343.json index e26c5829c31..b01a5407379 100644 --- a/2022/1xxx/CVE-2022-1343.json +++ b/2022/1xxx/CVE-2022-1343.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220602-0009/", "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ] } diff --git a/2022/1xxx/CVE-2022-1434.json b/2022/1xxx/CVE-2022-1434.json index 7c94ec7631d..fa226dcd31c 100644 --- a/2022/1xxx/CVE-2022-1434.json +++ b/2022/1xxx/CVE-2022-1434.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220602-0009/", "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ] } diff --git a/2022/1xxx/CVE-2022-1473.json b/2022/1xxx/CVE-2022-1473.json index 17f6068a5c5..f299648c309 100644 --- a/2022/1xxx/CVE-2022-1473.json +++ b/2022/1xxx/CVE-2022-1473.json @@ -86,6 +86,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-02", "url": "https://security.gentoo.org/glsa/202210-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ] } diff --git a/2022/24xxx/CVE-2022-24675.json b/2022/24xxx/CVE-2022-24675.json index 30ffc7c4c28..c1c14d3c061 100644 --- a/2022/24xxx/CVE-2022-24675.json +++ b/2022/24xxx/CVE-2022-24675.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220915-0010/", "url": "https://security.netapp.com/advisory/ntap-20220915-0010/" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2022/24xxx/CVE-2022-24921.json b/2022/24xxx/CVE-2022-24921.json index 8f263e075da..f774112e9cc 100644 --- a/2022/24xxx/CVE-2022-24921.json +++ b/2022/24xxx/CVE-2022-24921.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-02", "url": "https://security.gentoo.org/glsa/202208-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2022/27xxx/CVE-2022-27536.json b/2022/27xxx/CVE-2022-27536.json index 7a9fdd850b5..c56d843d534 100644 --- a/2022/27xxx/CVE-2022-27536.json +++ b/2022/27xxx/CVE-2022-27536.json @@ -66,6 +66,11 @@ "refsource": "GENTOO", "name": "GLSA-202208-02", "url": "https://security.gentoo.org/glsa/202208-02" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2022/28xxx/CVE-2022-28327.json b/2022/28xxx/CVE-2022-28327.json index b958803ab4d..f4c6255b8de 100644 --- a/2022/28xxx/CVE-2022-28327.json +++ b/2022/28xxx/CVE-2022-28327.json @@ -106,6 +106,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220915-0010/", "url": "https://security.netapp.com/advisory/ntap-20220915-0010/" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } diff --git a/2022/30xxx/CVE-2022-30774.json b/2022/30xxx/CVE-2022-30774.json index 4664f90f412..59112b6d00a 100644 --- a/2022/30xxx/CVE-2022-30774.json +++ b/2022/30xxx/CVE-2022-30774.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.insyde.com/security-pledge/SA-2022043", "url": "https://www.insyde.com/security-pledge/SA-2022043" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf" } ] } diff --git a/2022/31xxx/CVE-2022-31243.json b/2022/31xxx/CVE-2022-31243.json index b358a56db70..38f786399c8 100644 --- a/2022/31xxx/CVE-2022-31243.json +++ b/2022/31xxx/CVE-2022-31243.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.insyde.com/security-pledge/SA-2022044", "url": "https://www.insyde.com/security-pledge/SA-2022044" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf" } ] } diff --git a/2022/33xxx/CVE-2022-33906.json b/2022/33xxx/CVE-2022-33906.json index d73ed9eff9f..84a7a764dcf 100644 --- a/2022/33xxx/CVE-2022-33906.json +++ b/2022/33xxx/CVE-2022-33906.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.insyde.com/security-pledge/SA-2022048", "url": "https://www.insyde.com/security-pledge/SA-2022048" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf" } ] }, diff --git a/2022/33xxx/CVE-2022-33907.json b/2022/33xxx/CVE-2022-33907.json index 7cebb2dcd47..216b8cdcc59 100644 --- a/2022/33xxx/CVE-2022-33907.json +++ b/2022/33xxx/CVE-2022-33907.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.insyde.com/security-pledge/SA-2022049", "url": "https://www.insyde.com/security-pledge/SA-2022049" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf" } ] }, diff --git a/2022/33xxx/CVE-2022-33982.json b/2022/33xxx/CVE-2022-33982.json index 9c2256e8309..183ef1dc90c 100644 --- a/2022/33xxx/CVE-2022-33982.json +++ b/2022/33xxx/CVE-2022-33982.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.insyde.com/security-pledge/SA-2022052", "url": "https://www.insyde.com/security-pledge/SA-2022052" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf" } ] }, diff --git a/2022/33xxx/CVE-2022-33984.json b/2022/33xxx/CVE-2022-33984.json index 16758846e26..f670a381ce3 100644 --- a/2022/33xxx/CVE-2022-33984.json +++ b/2022/33xxx/CVE-2022-33984.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.insyde.com/security-pledge/SA-2022054", "url": "https://www.insyde.com/security-pledge/SA-2022054" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf" } ] }, diff --git a/2022/46xxx/CVE-2022-46862.json b/2022/46xxx/CVE-2022-46862.json index 373c4ff631c..764483718d0 100644 --- a/2022/46xxx/CVE-2022-46862.json +++ b/2022/46xxx/CVE-2022-46862.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ExpressTech", + "product": { + "product_data": [ + { + "product_name": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "8.0.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "8.0.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-0-7-cross-site-request-forgery-csrf?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-0-7-cross-site-request-forgery-csrf?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 8.0.8 or a higher version." + } + ], + "value": "Update to\u00a08.0.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Oliver K. (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0826.json b/2023/0xxx/CVE-2023-0826.json new file mode 100644 index 00000000000..308f33759c2 --- /dev/null +++ b/2023/0xxx/CVE-2023-0826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0827.json b/2023/0xxx/CVE-2023-0827.json new file mode 100644 index 00000000000..b0821d9d2da --- /dev/null +++ b/2023/0xxx/CVE-2023-0827.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0827", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0828.json b/2023/0xxx/CVE-2023-0828.json new file mode 100644 index 00000000000..1d1e86d5de1 --- /dev/null +++ b/2023/0xxx/CVE-2023-0828.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0828", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24377.json b/2023/24xxx/CVE-2023-24377.json index a388668110e..4e092abf700 100644 --- a/2023/24xxx/CVE-2023-24377.json +++ b/2023/24xxx/CVE-2023-24377.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ecwid Ecommerce", + "product": { + "product_data": [ + { + "product_name": "Ecwid Ecommerce Shopping Cart", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.11.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.11.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-11-3-cross-site-request-forgery-csrf?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-11-3-cross-site-request-forgery-csrf?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.11.4 or a higher version." + } + ], + "value": "Update to\u00a06.11.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Lana Codes (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24382.json b/2023/24xxx/CVE-2023-24382.json index 2c695755f09..a92488f1f19 100644 --- a/2023/24xxx/CVE-2023-24382.json +++ b/2023/24xxx/CVE-2023-24382.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Photon WP", + "product": { + "product_data": [ + { + "product_name": "Material Design Icons for Page Builders", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.4.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.4.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/material-design-icons-for-elementor/wordpress-material-design-icons-for-page-builders-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/material-design-icons-for-elementor/wordpress-material-design-icons-for-page-builders-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.4.3 or a higher version." + } + ], + "value": "Update to\u00a01.4.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Lana Codes (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25065.json b/2023/25xxx/CVE-2023-25065.json index ec62c7ff69c..fb7fd06f5dc 100644 --- a/2023/25xxx/CVE-2023-25065.json +++ b/2023/25xxx/CVE-2023-25065.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs \u2013 Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ShapedPlugin", + "product": { + "product_data": [ + { + "product_name": "WP Tabs \u2013 Responsive Tabs Plugin for WordPress", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.15", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.14", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-1-14-cross-site-request-forgery-csrf?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-1-14-cross-site-request-forgery-csrf?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1.15 or a higher version." + } + ], + "value": "Update to\u00a02.1.15 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Lana Codes (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] }