From 32bed3e098b08fbd394102870688f37067d20d7f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Dec 2023 15:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/45xxx/CVE-2022-45365.json | 113 +++++++++++++- 2023/0xxx/CVE-2023-0757.json | 99 +++++++++++- 2023/37xxx/CVE-2023-37858.json | 4 +- 2023/39xxx/CVE-2023-39167.json | 4 +- 2023/39xxx/CVE-2023-39169.json | 4 +- 2023/45xxx/CVE-2023-45182.json | 89 ++++++++++- 2023/45xxx/CVE-2023-45185.json | 89 ++++++++++- 2023/46xxx/CVE-2023-46141.json | 275 ++++++++++++++++++++++++++++++++- 2023/46xxx/CVE-2023-46142.json | 185 +++++++++++++++++++++- 2023/46xxx/CVE-2023-46143.json | 275 ++++++++++++++++++++++++++++++++- 2023/46xxx/CVE-2023-46144.json | 185 +++++++++++++++++++++- 2023/49xxx/CVE-2023-49168.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49739.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49740.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49743.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49745.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49827.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49828.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49833.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49836.json | 113 +++++++++++++- 2023/49xxx/CVE-2023-49846.json | 85 +++++++++- 2023/50xxx/CVE-2023-50011.json | 56 ++++++- 2023/50xxx/CVE-2023-50073.json | 56 ++++++- 2023/50xxx/CVE-2023-50563.json | 56 ++++++- 2023/50xxx/CVE-2023-50564.json | 56 ++++++- 2023/50xxx/CVE-2023-50565.json | 56 ++++++- 2023/50xxx/CVE-2023-50566.json | 56 ++++++- 2023/5xxx/CVE-2023-5592.json | 99 +++++++++++- 2023/6xxx/CVE-2023-6545.json | 94 ++++++++++- 2023/6xxx/CVE-2023-6818.json | 18 +++ 30 files changed, 2849 insertions(+), 122 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6818.json diff --git a/2022/45xxx/CVE-2022-45365.json b/2022/45xxx/CVE-2022-45365.json index b190aad11bd..76bd7af5ae7 100644 --- a/2022/45xxx/CVE-2022-45365.json +++ b/2022/45xxx/CVE-2022-45365.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uro\u0161evi\u0107 Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Aleksandar Uro\u0161evi\u0107", + "product": { + "product_data": [ + { + "product_name": "Stock Ticker", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.23.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.23.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/stock-ticker/wordpress-stock-ticker-plugin-3-23-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/stock-ticker/wordpress-stock-ticker-plugin-3-23-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.23.3 or a higher version." + } + ], + "value": "Update to\u00a03.23.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Aman Rawat (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0757.json b/2023/0xxx/CVE-2023-0757.json index 2f10124ff33..bad768562fb 100644 --- a/2023/0xxx/CVE-2023-0757.json +++ b/2023/0xxx/CVE-2023-0757.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "MULTIPROG", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ProConOS eCLR (SDK)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2023-051/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2023-051/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-051", + "defect": [ + "CERT@VDE#64360" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Reid Wightman from Dragos, Inc." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/37xxx/CVE-2023-37858.json b/2023/37xxx/CVE-2023-37858.json index 209d6cc0166..2ebe7656fce 100644 --- a/2023/37xxx/CVE-2023-37858.json +++ b/2023/37xxx/CVE-2023-37858.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-798 Use of Hard-coded Credentials", - "cweId": "CWE-798" + "value": "CWE-311 Missing Encryption of Sensitive Data", + "cweId": "CWE-311" } ] } diff --git a/2023/39xxx/CVE-2023-39167.json b/2023/39xxx/CVE-2023-39167.json index a8ccb10d3ac..2d451f689a2 100644 --- a/2023/39xxx/CVE-2023-39167.json +++ b/2023/39xxx/CVE-2023-39167.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-269 Improper Privilege Management", - "cweId": "CWE-269" + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" } ] } diff --git a/2023/39xxx/CVE-2023-39169.json b/2023/39xxx/CVE-2023-39169.json index f668cae14f5..a34298ebcfa 100644 --- a/2023/39xxx/CVE-2023-39169.json +++ b/2023/39xxx/CVE-2023-39169.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-1188 Insecure Default Initialization of Resource", - "cweId": "CWE-1188" + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" } ] } diff --git a/2023/45xxx/CVE-2023-45182.json b/2023/45xxx/CVE-2023-45182.json index 35f6d437741..ba5b5ff00fe 100644 --- a/2023/45xxx/CVE-2023-45182.json +++ b/2023/45xxx/CVE-2023-45182.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nIBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922 Insecure Storage of Sensitive Information", + "cweId": "CWE-922" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i Access Client Solutions", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.2", + "version_value": "1.1.4" + }, + { + "version_affected": "<=", + "version_name": "1.1.4.3", + "version_value": "1.1.9.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7091942", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7091942" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268265", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268265" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45185.json b/2023/45xxx/CVE-2023-45185.json index bfcf583c373..0edfbd2475e 100644 --- a/2023/45xxx/CVE-2023-45185.json +++ b/2023/45xxx/CVE-2023-45185.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i Access Client Solutions", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.1.2", + "version_value": "1.1.4" + }, + { + "version_affected": "<=", + "version_name": "1.1.4.3", + "version_value": "1.1.9.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7091942", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7091942" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268273", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268273" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46141.json b/2023/46xxx/CVE-2023-46141.json index b11cf39a92b..007b7751852 100644 --- a/2023/46xxx/CVE-2023-46141.json +++ b/2023/46xxx/CVE-2023-46141.json @@ -1,17 +1,284 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "Automation Worx Software Suite", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "AXC 1050", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "AXC 1050 XC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "AXC 3050", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "Config+", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "FC 350 PCI ETH", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ILC1x0", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ILC1x1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ILC 3xx", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC Worx", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC Worx Express", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC WORX RT BASIC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC WORX SRT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 430 ETH-IB", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 450 ETH-IB", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 460R PN 3TX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 470S PN 3TX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 480S PN 4TX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2023-055/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2023-055/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-055", + "defect": [ + "CERT@VDE#64608" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Reid Wightman of Dragos, Inc." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46142.json b/2023/46xxx/CVE-2023-46142.json index 24ebed1ff25..7f45e5bece1 100644 --- a/2023/46xxx/CVE-2023-46142.json +++ b/2023/46xxx/CVE-2023-46142.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46142", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "AXC F 1152", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "AXC F 2152", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "AXC F 3152", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "BPC 9102S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "EPC 1502", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "EPC 1522", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "PLCnext Engineer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "RFC 4072R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "RFC 4072S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/", + "refsource": "MISC", + "name": "https://https://cert.vde.com/en/advisories/VDE-2023-056/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-056", + "defect": [ + "CERT@VDE#64609" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Reid Wightman of Dragos, Inc." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46143.json b/2023/46xxx/CVE-2023-46143.json index 0efde5cb16a..46db9b36cfb 100644 --- a/2023/46xxx/CVE-2023-46143.json +++ b/2023/46xxx/CVE-2023-46143.json @@ -1,17 +1,284 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46143", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check", + "cweId": "CWE-494" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "Automation Worx Software Suite", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "AXC 1050", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "AXC 1050 XC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "AXC 3050", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "Config+", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "FC 350 PCI ETH", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ILC1x0", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ILC1x1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ILC 3xx", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC Worx", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC Worx Express", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC WORX RT BASIC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "PC WORX SRT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 430 ETH-IB", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 450 ETH-IB", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 460R PN 3TX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 470S PN 3TX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "RFC 480S PN 4TX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2023-057/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2023-057/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-057", + "defect": [ + "CERT@VDE#64610" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Reid Wightman of Dragos, Inc." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/46xxx/CVE-2023-46144.json b/2023/46xxx/CVE-2023-46144.json index 77234f56a6f..e8c739134f6 100644 --- a/2023/46xxx/CVE-2023-46144.json +++ b/2023/46xxx/CVE-2023-46144.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46144", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494: Download of Code Without Integrity Check", + "cweId": "CWE-494" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "AXC F 1152", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "AXC F 2152", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "AXC F 3152", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "BPC 9102S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "EPC 1502", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "EPC 1522", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "PLCnext Engineer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "RFC 4072R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + }, + { + "product_name": "RFC 4072S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://cert.vde.com/en/advisories/VDE-2023-056/", + "refsource": "MISC", + "name": "https://https://cert.vde.com/en/advisories/VDE-2023-056/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-058", + "defect": [ + "CERT@VDE#64611" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Reid Wightman of Dragos, Inc." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49168.json b/2023/49xxx/CVE-2023-49168.json index 9a89df845fc..79b4fa28421 100644 --- a/2023/49xxx/CVE-2023-49168.json +++ b/2023/49xxx/CVE-2023-49168.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WordPlus", + "product": { + "product_data": [ + { + "product_name": "Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.4.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.4.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-bp-better-messages-plugin-2-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/bp-better-messages/wordpress-bp-better-messages-plugin-2-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.4.1 or a higher version." + } + ], + "value": "Update to\u00a02.4.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafshanzani Suhada (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49739.json b/2023/49xxx/CVE-2023-49739.json index 8e221fea776..96a07b84ab9 100644 --- a/2023/49xxx/CVE-2023-49739.json +++ b/2023/49xxx/CVE-2023-49739.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PowerPack Addons for Elementor", + "product": { + "product_data": [ + { + "product_name": "PowerPack Pro for Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.9.24", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.9.23", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/powerpack-elements/wordpress-powerpack-pro-for-elementor-plugin-2-9-23-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/powerpack-elements/wordpress-powerpack-pro-for-elementor-plugin-2-9-23-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.9.24 or a higher version." + } + ], + "value": "Update to\u00a02.9.24 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49740.json b/2023/49xxx/CVE-2023-49740.json index febc36b8a9c..2b87f66b5ad 100644 --- a/2023/49xxx/CVE-2023-49740.json +++ b/2023/49xxx/CVE-2023-49740.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Seraphinite Solutions", + "product": { + "product_data": [ + { + "product_name": "Seraphinite Accelerator", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.20.29", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.20.28", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-28-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-28-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.20.29 or a higher version." + } + ], + "value": "Update to\u00a02.20.29 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49743.json b/2023/49xxx/CVE-2023-49743.json index e6ad4aef73e..f2c94de8b07 100644 --- a/2023/49xxx/CVE-2023-49743.json +++ b/2023/49xxx/CVE-2023-49743.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jeff Starr", + "product": { + "product_data": [ + { + "product_name": "Dashboard Widgets Suite", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.4.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.4.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/dashboard-widgets-suite/wordpress-dashboard-widgets-suite-plugin-3-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/dashboard-widgets-suite/wordpress-dashboard-widgets-suite-plugin-3-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.4.2 or a higher version." + } + ], + "value": "Update to\u00a03.4.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rachit Arora (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49745.json b/2023/49xxx/CVE-2023-49745.json index d25fb5f2cda..c63217d687a 100644 --- a/2023/49xxx/CVE-2023-49745.json +++ b/2023/49xxx/CVE-2023-49745.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spiffy Plugins", + "product": { + "product_data": [ + { + "product_name": "Spiffy Calendar", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.9.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.9.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.9.6 or a higher version." + } + ], + "value": "Update to\u00a04.9.6 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "resecured.io (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49827.json b/2023/49xxx/CVE-2023-49827.json index a8db7d4d74a..10e6fb41630 100644 --- a/2023/49xxx/CVE-2023-49827.json +++ b/2023/49xxx/CVE-2023-49827.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PenciDesign", + "product": { + "product_data": [ + { + "product_name": "Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "8.4.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "8.4.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 8.4.2 or a higher version." + } + ], + "value": "Update to\u00a08.4.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49828.json b/2023/49xxx/CVE-2023-49828.json index f2cc366965c..b5d6bce8306 100644 --- a/2023/49xxx/CVE-2023-49828.json +++ b/2023/49xxx/CVE-2023-49828.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Automattic", + "product": { + "product_data": [ + { + "product_name": "WooPayments \u2013 Fully Integrated Solution Built and Supported by Woo", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.5.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.4.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-payments/wordpress-woopayments-plugin-6-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/woocommerce-payments/wordpress-woopayments-plugin-6-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.5.0 or a higher version." + } + ], + "value": "Update to\u00a06.5.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49833.json b/2023/49xxx/CVE-2023-49833.json index 4356696e290..d883c0eb8bd 100644 --- a/2023/49xxx/CVE-2023-49833.json +++ b/2023/49xxx/CVE-2023-49833.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra \u2013 WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra \u2013 WordPress Gutenberg Blocks: from n/a through 2.7.9.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brainstorm Force", + "product": { + "product_data": [ + { + "product_name": "Spectra \u2013 WordPress Gutenberg Blocks", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.7.10", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.7.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.7.10 or a higher version." + } + ], + "value": "Update to\u00a02.7.10 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49836.json b/2023/49xxx/CVE-2023-49836.json index 6216c21e8e9..65048a7c957 100644 --- a/2023/49xxx/CVE-2023-49836.json +++ b/2023/49xxx/CVE-2023-49836.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brontobytes", + "product": { + "product_data": [ + { + "product_name": "Cookie Bar", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/cookie-bar/wordpress-cookie-bar-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cookie-bar/wordpress-cookie-bar-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1 or a higher version." + } + ], + "value": "Update to\u00a02.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Muhammad Daffa (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49846.json b/2023/49xxx/CVE-2023-49846.json index 2befb13713c..9f7614e6c46 100644 --- a/2023/49xxx/CVE-2023-49846.json +++ b/2023/49xxx/CVE-2023-49846.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Paul Bearne", + "product": { + "product_data": [ + { + "product_name": "Author Avatars List/Block", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.1.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/author-avatars/wordpress-author-avatars-list-block-plugin-2-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/author-avatars/wordpress-author-avatars-list-block-plugin-2-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50011.json b/2023/50xxx/CVE-2023-50011.json index 7e7a626beb6..c149693307c 100644 --- a/2023/50xxx/CVE-2023-50011.json +++ b/2023/50xxx/CVE-2023-50011.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50011", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50011", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/175924/PopojiCMS-2.0.1-Remote-Command-Execution.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/175924/PopojiCMS-2.0.1-Remote-Command-Execution.html" } ] } diff --git a/2023/50xxx/CVE-2023-50073.json b/2023/50xxx/CVE-2023-50073.json index 762cd15c1f5..c8ddeb8f4cd 100644 --- a/2023/50xxx/CVE-2023-50073.json +++ b/2023/50xxx/CVE-2023-50073.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/leadscloud/EmpireCMS/issues/7", + "refsource": "MISC", + "name": "https://github.com/leadscloud/EmpireCMS/issues/7" } ] } diff --git a/2023/50xxx/CVE-2023-50563.json b/2023/50xxx/CVE-2023-50563.json index d614071ab0f..1818d276757 100644 --- a/2023/50xxx/CVE-2023-50563.json +++ b/2023/50xxx/CVE-2023-50563.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50563", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50563", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SecBridge/Cms_Vuls_test/blob/main/Semcms/Semcms_Sql_Inject.md", + "refsource": "MISC", + "name": "https://github.com/SecBridge/Cms_Vuls_test/blob/main/Semcms/Semcms_Sql_Inject.md" } ] } diff --git a/2023/50xxx/CVE-2023-50564.json b/2023/50xxx/CVE-2023-50564.json index 85d835045b7..65fbc05fbdc 100644 --- a/2023/50xxx/CVE-2023-50564.json +++ b/2023/50xxx/CVE-2023-50564.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50564", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50564", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SecBridge/Cms_Vuls_test/blob/main/Pluckcms/Pluck_v4.7.18_Any_File_Upload_Getshell.md", + "refsource": "MISC", + "name": "https://github.com/SecBridge/Cms_Vuls_test/blob/main/Pluckcms/Pluck_v4.7.18_Any_File_Upload_Getshell.md" } ] } diff --git a/2023/50xxx/CVE-2023-50565.json b/2023/50xxx/CVE-2023-50565.json index 97437ba8627..0519855662f 100644 --- a/2023/50xxx/CVE-2023-50565.json +++ b/2023/50xxx/CVE-2023-50565.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50565", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50565", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ralap-z/rpcms/issues/7", + "refsource": "MISC", + "name": "https://github.com/ralap-z/rpcms/issues/7" } ] } diff --git a/2023/50xxx/CVE-2023-50566.json b/2023/50xxx/CVE-2023-50566.json index d146d9db810..b72c6e6c0cc 100644 --- a/2023/50xxx/CVE-2023-50566.json +++ b/2023/50xxx/CVE-2023-50566.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50566", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50566", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/weng-xianhu/eyoucms/issues/56", + "refsource": "MISC", + "name": "https://github.com/weng-xianhu/eyoucms/issues/56" } ] } diff --git a/2023/5xxx/CVE-2023-5592.json b/2023/5xxx/CVE-2023-5592.json index 6d5348c0895..255e51367a0 100644 --- a/2023/5xxx/CVE-2023-5592.json +++ b/2023/5xxx/CVE-2023-5592.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check", + "cweId": "CWE-494" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "MULTIPROG", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + }, + { + "product_name": "ProConOS eCLR (SDK)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2023-054/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2023-054/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-051", + "defect": [ + "CERT@VDE#64360" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Reid Wightman of Dragos, Inc." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6545.json b/2023/6xxx/CVE-2023-6545.json index 0ae1477974d..d732caef220 100644 --- a/2023/6xxx/CVE-2023-6545.json +++ b/2023/6xxx/CVE-2023-6545.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Beckhoff", + "product": { + "product_data": [ + { + "product_name": "authelia-bhf of TwinCAT/BSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.37.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2023-067/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2023-067/" + }, + { + "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2023-001.pdf", + "refsource": "MISC", + "name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2023-001.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-067", + "defect": [ + "CERT@VDE#64625" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Benedikt K\u00fchne, Siemens Energy" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6818.json b/2023/6xxx/CVE-2023-6818.json new file mode 100644 index 00000000000..e08d6816fba --- /dev/null +++ b/2023/6xxx/CVE-2023-6818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file