From 36d9096360fb74d4a9e52a25940063b07e913345 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Oct 2023 05:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/28xxx/CVE-2021-28651.json | 5 ++ 2021/28xxx/CVE-2021-28652.json | 5 ++ 2021/28xxx/CVE-2021-28662.json | 5 ++ 2021/31xxx/CVE-2021-31806.json | 5 ++ 2021/31xxx/CVE-2021-31807.json | 5 ++ 2021/31xxx/CVE-2021-31808.json | 5 ++ 2021/33xxx/CVE-2021-33620.json | 5 ++ 2023/34xxx/CVE-2023-34209.json | 91 ++++++++++++++++++++++++++++++++-- 2023/34xxx/CVE-2023-34210.json | 91 ++++++++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38039.json | 5 ++ 2023/42xxx/CVE-2023-42824.json | 5 ++ 2023/45xxx/CVE-2023-45357.json | 70 +++++++++++++++++++++++--- 2023/45xxx/CVE-2023-45358.json | 70 +++++++++++++++++++++++--- 2023/45xxx/CVE-2023-45375.json | 56 ++++++++++++++++++--- 2023/45xxx/CVE-2023-45386.json | 56 ++++++++++++++++++--- 2023/5xxx/CVE-2023-5217.json | 5 ++ 16 files changed, 452 insertions(+), 32 deletions(-) diff --git a/2021/28xxx/CVE-2021-28651.json b/2021/28xxx/CVE-2021-28651.json index 10017427490..1eaba572005 100644 --- a/2021/28xxx/CVE-2021-28651.json +++ b/2021/28xxx/CVE-2021-28651.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/3" + }, + { + "refsource": "FULLDISC", + "name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", + "url": "http://seclists.org/fulldisclosure/2023/Oct/14" } ] } diff --git a/2021/28xxx/CVE-2021-28652.json b/2021/28xxx/CVE-2021-28652.json index aca0b521ef4..0134e70ce4a 100644 --- a/2021/28xxx/CVE-2021-28652.json +++ b/2021/28xxx/CVE-2021-28652.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/3" + }, + { + "refsource": "FULLDISC", + "name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", + "url": "http://seclists.org/fulldisclosure/2023/Oct/14" } ] } diff --git a/2021/28xxx/CVE-2021-28662.json b/2021/28xxx/CVE-2021-28662.json index 1d310d0cf7a..466f1436653 100644 --- a/2021/28xxx/CVE-2021-28662.json +++ b/2021/28xxx/CVE-2021-28662.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/3" + }, + { + "refsource": "FULLDISC", + "name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", + "url": "http://seclists.org/fulldisclosure/2023/Oct/14" } ] } diff --git a/2021/31xxx/CVE-2021-31806.json b/2021/31xxx/CVE-2021-31806.json index 4c93f38813b..895823efd16 100644 --- a/2021/31xxx/CVE-2021-31806.json +++ b/2021/31xxx/CVE-2021-31806.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/3" + }, + { + "refsource": "FULLDISC", + "name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", + "url": "http://seclists.org/fulldisclosure/2023/Oct/14" } ] } diff --git a/2021/31xxx/CVE-2021-31807.json b/2021/31xxx/CVE-2021-31807.json index b323574af37..2062fe1ebd5 100644 --- a/2021/31xxx/CVE-2021-31807.json +++ b/2021/31xxx/CVE-2021-31807.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/3" + }, + { + "refsource": "FULLDISC", + "name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", + "url": "http://seclists.org/fulldisclosure/2023/Oct/14" } ] } diff --git a/2021/31xxx/CVE-2021-31808.json b/2021/31xxx/CVE-2021-31808.json index 67f718ebeaa..bd78f149a50 100644 --- a/2021/31xxx/CVE-2021-31808.json +++ b/2021/31xxx/CVE-2021-31808.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/3" + }, + { + "refsource": "FULLDISC", + "name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", + "url": "http://seclists.org/fulldisclosure/2023/Oct/14" } ] } diff --git a/2021/33xxx/CVE-2021-33620.json b/2021/33xxx/CVE-2021-33620.json index e21336d4e84..be563c718c0 100644 --- a/2021/33xxx/CVE-2021-33620.json +++ b/2021/33xxx/CVE-2021-33620.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/3" + }, + { + "refsource": "FULLDISC", + "name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", + "url": "http://seclists.org/fulldisclosure/2023/Oct/14" } ] }, diff --git a/2023/34xxx/CVE-2023-34209.json b/2023/34xxx/CVE-2023-34209.json index f7d19039e1f..1344dce0c71 100644 --- a/2023/34xxx/CVE-2023-34209.json +++ b/2023/34xxx/CVE-2023-34209.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ART@zuso.ai", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EasyUse Digital Technology", + "product": { + "product_data": [ + { + "product_name": "MailHunter Ultimate", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2023", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://zuso.ai/Advisory/ZA-2023-06", + "refsource": "MISC", + "name": "https://zuso.ai/Advisory/ZA-2023-06" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "ZA-2023-06" + ], + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34210.json b/2023/34xxx/CVE-2023-34210.json index 59c9510c1ea..58fee4d2425 100644 --- a/2023/34xxx/CVE-2023-34210.json +++ b/2023/34xxx/CVE-2023-34210.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ART@zuso.ai", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EasyUse Digital Technology", + "product": { + "product_data": [ + { + "product_name": "MailHunter Ultimate", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2023", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://zuso.ai/Advisory/ZA-2023-07", + "refsource": "MISC", + "name": "https://zuso.ai/Advisory/ZA-2023-07" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "ZA-2023-07" + ], + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38039.json b/2023/38xxx/CVE-2023-38039.json index 6e456aa01bf..3b91a42c4ca 100644 --- a/2023/38xxx/CVE-2023-38039.json +++ b/2023/38xxx/CVE-2023-38039.json @@ -97,6 +97,11 @@ "url": "https://security.netapp.com/advisory/ntap-20231013-0005/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20231013-0005/" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Oct/17", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Oct/17" } ] } diff --git a/2023/42xxx/CVE-2023-42824.json b/2023/42xxx/CVE-2023-42824.json index 0f3ed36d704..8b3b3b10f00 100644 --- a/2023/42xxx/CVE-2023-42824.json +++ b/2023/42xxx/CVE-2023-42824.json @@ -68,6 +68,11 @@ "url": "https://support.apple.com/kb/HT213972", "refsource": "MISC", "name": "https://support.apple.com/kb/HT213972" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Oct/16", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Oct/16" } ] } diff --git a/2023/45xxx/CVE-2023-45357.json b/2023/45xxx/CVE-2023-45357.json index b33dec1e0d8..4536d478562 100644 --- a/2023/45xxx/CVE-2023-45357.json +++ b/2023/45xxx/CVE-2023-45357.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45357", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45357", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617", + "url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45358.json b/2023/45xxx/CVE-2023-45358.json index f904d023775..1e049642224 100644 --- a/2023/45xxx/CVE-2023-45358.json +++ b/2023/45xxx/CVE-2023-45358.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45358", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45358", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617", + "url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45375.json b/2023/45xxx/CVE-2023-45375.json index f6d3df282ae..dea3ccaa3fb 100644 --- a/2023/45xxx/CVE-2023-45375.json +++ b/2023/45xxx/CVE-2023-45375.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module \"PireosPay\" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html", + "url": "https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html" } ] } diff --git a/2023/45xxx/CVE-2023-45386.json b/2023/45xxx/CVE-2023-45386.json index 63cc31dc23d..e34f551f4a2 100644 --- a/2023/45xxx/CVE-2023-45386.json +++ b/2023/45xxx/CVE-2023-45386.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45386", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45386", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2023/10/12/extratabspro.html", + "url": "https://security.friendsofpresta.org/modules/2023/10/12/extratabspro.html" } ] } diff --git a/2023/5xxx/CVE-2023-5217.json b/2023/5xxx/CVE-2023-5217.json index 22a11bf53f5..15f3631ea87 100644 --- a/2023/5xxx/CVE-2023-5217.json +++ b/2023/5xxx/CVE-2023-5217.json @@ -300,6 +300,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Oct/16", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Oct/16" } ] }