diff --git a/2016/5xxx/CVE-2016-5851.json b/2016/5xxx/CVE-2016-5851.json index ced44be84e6..561db75ba20 100644 --- a/2016/5xxx/CVE-2016-5851.json +++ b/2016/5xxx/CVE-2016-5851.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-aa6ebc01be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XU2WSYRNB7CLBBFCGSX34XHACTA2SWDZ/" + }, + { + "refsource": "MISC", + "name": "https://github.com/python-openxml/python-docx/commit/61b40b161b64173ab8e362aec1fd197948431beb", + "url": "https://github.com/python-openxml/python-docx/commit/61b40b161b64173ab8e362aec1fd197948431beb" } ] } diff --git a/2017/16xxx/CVE-2017-16877.json b/2017/16xxx/CVE-2017-16877.json index 8e93e04de06..b64b3437fb4 100644 --- a/2017/16xxx/CVE-2017-16877.json +++ b/2017/16xxx/CVE-2017-16877.json @@ -56,6 +56,11 @@ "name": "https://github.com/zeit/next.js/releases/tag/2.4.1", "refsource": "CONFIRM", "url": "https://github.com/zeit/next.js/releases/tag/2.4.1" + }, + { + "refsource": "MISC", + "name": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00", + "url": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00" } ] } diff --git a/2018/25xxx/CVE-2018-25023.json b/2018/25xxx/CVE-2018-25023.json index 9cdfdcd181e..826f5bcc3c5 100644 --- a/2018/25xxx/CVE-2018-25023.json +++ b/2018/25xxx/CVE-2018-25023.json @@ -61,6 +61,11 @@ "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/smallvec/RUSTSEC-2018-0018.md", "refsource": "MISC", "name": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/smallvec/RUSTSEC-2018-0018.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/servo/rust-smallvec/commit/e64afc8c473d43e375ab42bd33db2d0d4ac4e41b", + "url": "https://github.com/servo/rust-smallvec/commit/e64afc8c473d43e375ab42bd33db2d0d4ac4e41b" } ] } diff --git a/2020/35xxx/CVE-2020-35857.json b/2020/35xxx/CVE-2020-35857.json index bd2fa4b54df..f1916c65a7e 100644 --- a/2020/35xxx/CVE-2020-35857.json +++ b/2020/35xxx/CVE-2020-35857.json @@ -56,6 +56,11 @@ "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html", "refsource": "MISC", "name": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3", + "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3" } ] } diff --git a/2021/31xxx/CVE-2021-31542.json b/2021/31xxx/CVE-2021-31542.json index 3157b41205f..b4e3f178433 100644 --- a/2021/31xxx/CVE-2021-31542.json +++ b/2021/31xxx/CVE-2021-31542.json @@ -91,6 +91,21 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e7fd530688", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/" + }, + { + "refsource": "MISC", + "name": "https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d", + "url": "https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d" + }, + { + "refsource": "MISC", + "name": "https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48", + "url": "https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48" + }, + { + "refsource": "MISC", + "name": "https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007", + "url": "https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007" } ] } diff --git a/2021/43xxx/CVE-2021-43114.json b/2021/43xxx/CVE-2021-43114.json index 74548c800f3..90293bc2541 100644 --- a/2021/43xxx/CVE-2021-43114.json +++ b/2021/43xxx/CVE-2021-43114.json @@ -61,6 +61,26 @@ "refsource": "DEBIAN", "name": "DSA-5033", "url": "https://www.debian.org/security/2021/dsa-5033" + }, + { + "refsource": "MISC", + "name": "https://github.com/NICMx/FORT-validator/commit/425e0f4037b4543fe8044ac96ca71d6d02d7d8c5", + "url": "https://github.com/NICMx/FORT-validator/commit/425e0f4037b4543fe8044ac96ca71d6d02d7d8c5" + }, + { + "refsource": "MISC", + "name": "https://github.com/NICMx/FORT-validator/commit/673c679b6bf3f4187cd5242c31a795bf8a6c22b3", + "url": "https://github.com/NICMx/FORT-validator/commit/673c679b6bf3f4187cd5242c31a795bf8a6c22b3" + }, + { + "refsource": "MISC", + "name": "https://github.com/NICMx/FORT-validator/commit/eb68ebbaab50f3365aa51bbaa17cb862bf4607fa", + "url": "https://github.com/NICMx/FORT-validator/commit/eb68ebbaab50f3365aa51bbaa17cb862bf4607fa" + }, + { + "refsource": "MISC", + "name": "https://github.com/NICMx/FORT-validator/commit/274dc14aed1eb9b3350029d1063578a6b9c77b54", + "url": "https://github.com/NICMx/FORT-validator/commit/274dc14aed1eb9b3350029d1063578a6b9c77b54" } ] } diff --git a/2023/46xxx/CVE-2023-46693.json b/2023/46xxx/CVE-2023-46693.json index 70355b924a4..9ea0abec619 100644 --- a/2023/46xxx/CVE-2023-46693.json +++ b/2023/46xxx/CVE-2023-46693.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46693", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46693", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.formalms.org/download/342-forma-lms-4-0-5.html", + "url": "https://www.formalms.org/download/342-forma-lms-4-0-5.html" } ] } diff --git a/2023/5xxx/CVE-2023-5808.json b/2023/5xxx/CVE-2023-5808.json index d22ab320e23..a0fa7b36257 100644 --- a/2023/5xxx/CVE-2023-5808.json +++ b/2023/5xxx/CVE-2023-5808.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).\n" + "value": "SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access HNAS configuration backup and diagnostic data, that would normally be barred to those specific administrative roles." } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "000001", + "version_affected": "<", + "version_name": "6.0", "version_value": "14.8.7825.01" } ] @@ -79,15 +79,15 @@ { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } ] diff --git a/2023/6xxx/CVE-2023-6578.json b/2023/6xxx/CVE-2023-6578.json index ba4751cb385..1f6fc36f795 100644 --- a/2023/6xxx/CVE-2023-6578.json +++ b/2023/6xxx/CVE-2023-6578.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Software AG WebMethods 10.11.x/10.15.x entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei wm.server/connect/. Durch Beeinflussen mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Software AG", + "product": { + "product_data": [ + { + "product_name": "WebMethods", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.11.x" + }, + { + "version_affected": "=", + "version_value": "10.15.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247158", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247158" + }, + { + "url": "https://vuldb.com/?ctiid.247158", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247158" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mohammedhashayka (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/6xxx/CVE-2023-6579.json b/2023/6xxx/CVE-2023-6579.json index 3f175629ba9..0c5e77a2bc4 100644 --- a/2023/6xxx/CVE-2023-6579.json +++ b/2023/6xxx/CVE-2023-6579.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in osCommerce 4 entdeckt. Davon betroffen ist unbekannter Code der Datei /b2b-supermarket/shopping-cart der Komponente POST Parameter Handler. Dank Manipulation des Arguments estimate[country_id] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "osCommerce", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247160", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247160" + }, + { + "url": "https://vuldb.com/?ctiid.247160", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247160" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "skalvin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/6xxx/CVE-2023-6580.json b/2023/6xxx/CVE-2023-6580.json index 5b45e517f29..aeef267c220 100644 --- a/2023/6xxx/CVE-2023-6580.json +++ b/2023/6xxx/CVE-2023-6580.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in D-Link DIR-846 FW100A53DBR gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /HNAP1/ der Komponente QoS POST Handler. Mit der Manipulation des Arguments smartqos_express_devices/smartqos_normal_devices mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "D-Link", + "product": { + "product_data": [ + { + "product_name": "DIR-846", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "FW100A53DBR" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247161", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247161" + }, + { + "url": "https://vuldb.com/?ctiid.247161", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247161" + }, + { + "url": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md", + "refsource": "MISC", + "name": "https://github.com/c2dc/cve-reported/blob/main/CVE-2023-6580/CVE-2023-6580.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Fran\u00e7oa Taffarel" + }, + { + "lang": "en", + "value": "francoa.taffarel (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2023/6xxx/CVE-2023-6598.json b/2023/6xxx/CVE-2023-6598.json new file mode 100644 index 00000000000..e5d016e89da --- /dev/null +++ b/2023/6xxx/CVE-2023-6598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file