diff --git a/2019/10xxx/CVE-2019-10101.json b/2019/10xxx/CVE-2019-10101.json index ac4f8158c25..182ebb087e2 100644 --- a/2019/10xxx/CVE-2019-10101.json +++ b/2019/10xxx/CVE-2019-10101.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb", "url": "https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0012/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0012/" } ] } diff --git a/2019/10xxx/CVE-2019-10102.json b/2019/10xxx/CVE-2019-10102.json index 8b2df44d61c..5333ecfc46e 100644 --- a/2019/10xxx/CVE-2019-10102.json +++ b/2019/10xxx/CVE-2019-10102.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/", "url": "https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0012/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0012/" } ] } diff --git a/2019/10xxx/CVE-2019-10103.json b/2019/10xxx/CVE-2019-10103.json index 9bec13fc8f5..59dcdc3d6e4 100644 --- a/2019/10xxx/CVE-2019-10103.json +++ b/2019/10xxx/CVE-2019-10103.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/", "url": "https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0012/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0012/" } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index b3eb72775c1..eb218199dbd 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -188,6 +188,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0001/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0001/" } ] }, diff --git a/2020/10xxx/CVE-2020-10650.json b/2020/10xxx/CVE-2020-10650.json index 5eb9ef9a412..6a8496119cf 100644 --- a/2020/10xxx/CVE-2020-10650.json +++ b/2020/10xxx/CVE-2020-10650.json @@ -31,7 +31,6 @@ "vendor": { "vendor_data": [ { - "vendor_name": "n/a", "product": { "product_data": [ { @@ -39,21 +38,14 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "n/a", - "status": "unknown" - } - ] - } + "version_value": "n/a" } ] } } ] - } + }, + "vendor_name": "n/a" } ] } @@ -94,6 +86,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0007/" } ] } diff --git a/2021/23xxx/CVE-2021-23463.json b/2021/23xxx/CVE-2021-23463.json index d3c879b67bd..a283529df32 100644 --- a/2021/23xxx/CVE-2021-23463.json +++ b/2021/23xxx/CVE-2021-23463.json @@ -75,6 +75,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0010/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0010/" } ] }, diff --git a/2021/40xxx/CVE-2021-40690.json b/2021/40xxx/CVE-2021-40690.json index 531cc88b139..6ae6993e507 100644 --- a/2021/40xxx/CVE-2021-40690.json +++ b/2021/40xxx/CVE-2021-40690.json @@ -131,6 +131,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0002/" } ] }, diff --git a/2022/1xxx/CVE-2022-1471.json b/2022/1xxx/CVE-2022-1471.json index 696f2a8c6ce..875708bd747 100644 --- a/2022/1xxx/CVE-2022-1471.json +++ b/2022/1xxx/CVE-2022-1471.json @@ -79,6 +79,11 @@ "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc", "refsource": "MISC", "name": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0015/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0015/" } ] }, diff --git a/2022/23xxx/CVE-2022-23221.json b/2022/23xxx/CVE-2022-23221.json index c5f79a4ad54..c40511af673 100644 --- a/2022/23xxx/CVE-2022-23221.json +++ b/2022/23xxx/CVE-2022-23221.json @@ -96,6 +96,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0011/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0011/" } ] } diff --git a/2023/23xxx/CVE-2023-23934.json b/2023/23xxx/CVE-2023-23934.json index e690c2b9051..30fe2c47dfb 100644 --- a/2023/23xxx/CVE-2023-23934.json +++ b/2023/23xxx/CVE-2023-23934.json @@ -73,6 +73,11 @@ "url": "https://www.debian.org/security/2023/dsa-5470", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5470" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0003/" } ] }, diff --git a/2023/25xxx/CVE-2023-25577.json b/2023/25xxx/CVE-2023-25577.json index a6767012c9f..5eb7878ad11 100644 --- a/2023/25xxx/CVE-2023-25577.json +++ b/2023/25xxx/CVE-2023-25577.json @@ -73,6 +73,11 @@ "url": "https://www.debian.org/security/2023/dsa-5470", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5470" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0003/" } ] }, diff --git a/2023/27xxx/CVE-2023-27558.json b/2023/27xxx/CVE-2023-27558.json index 1e3164555bf..dccfb5ef15e 100644 --- a/2023/27xxx/CVE-2023-27558.json +++ b/2023/27xxx/CVE-2023-27558.json @@ -62,6 +62,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249194", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249194" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0017/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0017/" } ] }, diff --git a/2023/2xxx/CVE-2023-2976.json b/2023/2xxx/CVE-2023-2976.json index e09bf65cdd2..f488d7a9370 100644 --- a/2023/2xxx/CVE-2023-2976.json +++ b/2023/2xxx/CVE-2023-2976.json @@ -58,6 +58,11 @@ "url": "https://github.com/google/guava/issues/2575", "refsource": "MISC", "name": "https://github.com/google/guava/issues/2575" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0008/" } ] }, diff --git a/2023/30xxx/CVE-2023-30861.json b/2023/30xxx/CVE-2023-30861.json index 84d0649566c..5c956d7ec3c 100644 --- a/2023/30xxx/CVE-2023-30861.json +++ b/2023/30xxx/CVE-2023-30861.json @@ -87,6 +87,11 @@ "url": "https://www.debian.org/security/2023/dsa-5442", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5442" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0006/" } ] }, diff --git a/2023/31xxx/CVE-2023-31218.json b/2023/31xxx/CVE-2023-31218.json index 4c149e9620b..54390dbdb98 100644 --- a/2023/31xxx/CVE-2023-31218.json +++ b/2023/31xxx/CVE-2023-31218.json @@ -1,17 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin <=\u00a01.0.6 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "realmag777", + "product": { + "product_data": [ + { + "product_name": "WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-6-cross-site-scripting-xss-via-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-6-cross-site-scripting-xss-via-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.7 or a higher version." + } + ], + "value": "Update to\u00a01.0.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Junsu Yeo (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31232.json b/2023/31xxx/CVE-2023-31232.json index 1090a17f760..fc67ce8c94c 100644 --- a/2023/31xxx/CVE-2023-31232.json +++ b/2023/31xxx/CVE-2023-31232.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31232", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Artiss Plugins List plugin <=\u00a02.5 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "David Artiss", + "product": { + "product_data": [ + { + "product_name": "Plugins List", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.5.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/plugins-list/wordpress-plugins-list-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/plugins-list/wordpress-plugins-list-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.5.1 or a higher version." + } + ], + "value": "Update to\u00a02.5.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Yuki Haruma (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32103.json b/2023/32xxx/CVE-2023-32103.json index 7f5835132e5..9444dda4c55 100644 --- a/2023/32xxx/CVE-2023-32103.json +++ b/2023/32xxx/CVE-2023-32103.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <=\u00a04.4 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Theme Palace", + "product": { + "product_data": [ + { + "product_name": "TP Education", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/tp-education/wordpress-tp-education-plugin-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/tp-education/wordpress-tp-education-plugin-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.5 or a higher version." + } + ], + "value": "Update to\u00a04.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "deokhunKim (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32105.json b/2023/32xxx/CVE-2023-32105.json index 8632cf11fa6..53d877ff795 100644 --- a/2023/32xxx/CVE-2023-32105.json +++ b/2023/32xxx/CVE-2023-32105.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza \u2013 A Restaurant Plugin plugin <=\u00a03.17.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ollybach", + "product": { + "product_data": [ + { + "product_name": "WPPizza \u2013 A Restaurant Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.17.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.17.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wppizza/wordpress-wppizza-a-restaurant-plugin-plugin-3-17-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wppizza/wordpress-wppizza-a-restaurant-plugin-plugin-3-17-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.17.2 or a higher version." + } + ], + "value": "Update to\u00a03.17.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32106.json b/2023/32xxx/CVE-2023-32106.json index 20922baed75..39a9440872c 100644 --- a/2023/32xxx/CVE-2023-32106.json +++ b/2023/32xxx/CVE-2023-32106.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Mahmood WP Docs plugin <=\u00a01.9.9 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fahad Mahmood", + "product": { + "product_data": [ + { + "product_name": "WP Docs", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.0.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.9.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-docs/wordpress-wp-docs-plugin-1-9-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-docs/wordpress-wp-docs-plugin-1-9-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.0.0 or a higher version." + } + ], + "value": "Update to\u00a02.0.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32107.json b/2023/32xxx/CVE-2023-32107.json index 9cdb3dcf99c..79498950ef9 100644 --- a/2023/32xxx/CVE-2023-32107.json +++ b/2023/32xxx/CVE-2023-32107.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays \u2013 Responsive Image Gallery plugin <=\u00a05.1.3 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Photo Gallery Team", + "product": { + "product_data": [ + { + "product_name": "Photo Gallery by Ays \u2013 Responsive Image Gallery", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.1.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "5.1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-responsive-image-gallery-plugin-5-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-responsive-image-gallery-plugin-5-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 5.1.4 or a higher version." + } + ], + "value": "Update to\u00a05.1.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34455.json b/2023/34xxx/CVE-2023-34455.json index 6796c078a81..92bf4a08607 100644 --- a/2023/34xxx/CVE-2023-34455.json +++ b/2023/34xxx/CVE-2023-34455.json @@ -73,6 +73,11 @@ "url": "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/SnappyInputStream.java", "refsource": "MISC", "name": "https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/SnappyInputStream.java" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0009/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0009/" } ] }, diff --git a/2023/35xxx/CVE-2023-35012.json b/2023/35xxx/CVE-2023-35012.json index 573663d6f2f..de38c11c008 100644 --- a/2023/35xxx/CVE-2023-35012.json +++ b/2023/35xxx/CVE-2023-35012.json @@ -63,6 +63,11 @@ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257763", "refsource": "MISC", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257763" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0013/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0013/" } ] }, diff --git a/2023/38xxx/CVE-2023-38403.json b/2023/38xxx/CVE-2023-38403.json index bea23f5912c..c51e24e035d 100644 --- a/2023/38xxx/CVE-2023-38403.json +++ b/2023/38xxx/CVE-2023-38403.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-04243a1845", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230818-0016/", + "url": "https://security.netapp.com/advisory/ntap-20230818-0016/" } ] } diff --git a/2023/38xxx/CVE-2023-38902.json b/2023/38xxx/CVE-2023-38902.json index bef4caa6029..291d932efad 100644 --- a/2023/38xxx/CVE-2023-38902.json +++ b/2023/38xxx/CVE-2023-38902.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38." + "value": "A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field." } ] }, diff --git a/2023/3xxx/CVE-2023-3390.json b/2023/3xxx/CVE-2023-3390.json index 3c0afe1aafd..fe1ef857935 100644 --- a/2023/3xxx/CVE-2023-3390.json +++ b/2023/3xxx/CVE-2023-3390.json @@ -79,6 +79,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0004/" } ] }, diff --git a/2023/3xxx/CVE-2023-3609.json b/2023/3xxx/CVE-2023-3609.json index 9d410b36289..1591765d444 100644 --- a/2023/3xxx/CVE-2023-3609.json +++ b/2023/3xxx/CVE-2023-3609.json @@ -64,6 +64,11 @@ "url": "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc", "refsource": "MISC", "name": "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0005/" } ] }, diff --git a/2023/3xxx/CVE-2023-3610.json b/2023/3xxx/CVE-2023-3610.json index 3c8e714df39..08c5349bcde 100644 --- a/2023/3xxx/CVE-2023-3610.json +++ b/2023/3xxx/CVE-2023-3610.json @@ -74,6 +74,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0005/" } ] }, diff --git a/2023/3xxx/CVE-2023-3817.json b/2023/3xxx/CVE-2023-3817.json index 263447f1526..8dd3087b267 100644 --- a/2023/3xxx/CVE-2023-3817.json +++ b/2023/3xxx/CVE-2023-3817.json @@ -108,6 +108,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230818-0014/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230818-0014/" } ] }, diff --git a/2023/40xxx/CVE-2023-40662.json b/2023/40xxx/CVE-2023-40662.json new file mode 100644 index 00000000000..8305bcc2301 --- /dev/null +++ b/2023/40xxx/CVE-2023-40662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40663.json b/2023/40xxx/CVE-2023-40663.json new file mode 100644 index 00000000000..e0329eed336 --- /dev/null +++ b/2023/40xxx/CVE-2023-40663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40664.json b/2023/40xxx/CVE-2023-40664.json new file mode 100644 index 00000000000..c5d2d4e2729 --- /dev/null +++ b/2023/40xxx/CVE-2023-40664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40665.json b/2023/40xxx/CVE-2023-40665.json new file mode 100644 index 00000000000..d17580c7f4b --- /dev/null +++ b/2023/40xxx/CVE-2023-40665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40666.json b/2023/40xxx/CVE-2023-40666.json new file mode 100644 index 00000000000..b3051573eaa --- /dev/null +++ b/2023/40xxx/CVE-2023-40666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40667.json b/2023/40xxx/CVE-2023-40667.json new file mode 100644 index 00000000000..2a35e403b96 --- /dev/null +++ b/2023/40xxx/CVE-2023-40667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40668.json b/2023/40xxx/CVE-2023-40668.json new file mode 100644 index 00000000000..d7ba2f8d9c5 --- /dev/null +++ b/2023/40xxx/CVE-2023-40668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40669.json b/2023/40xxx/CVE-2023-40669.json new file mode 100644 index 00000000000..7f6788f39bf --- /dev/null +++ b/2023/40xxx/CVE-2023-40669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40670.json b/2023/40xxx/CVE-2023-40670.json new file mode 100644 index 00000000000..8f523d3bacf --- /dev/null +++ b/2023/40xxx/CVE-2023-40670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40671.json b/2023/40xxx/CVE-2023-40671.json new file mode 100644 index 00000000000..27bc2407e99 --- /dev/null +++ b/2023/40xxx/CVE-2023-40671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-40671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4410.json b/2023/4xxx/CVE-2023-4410.json index 23b11f81501..4d19377671a 100644 --- a/2023/4xxx/CVE-2023-4410.json +++ b/2023/4xxx/CVE-2023-4410.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 gefunden. Dabei betrifft es die Funktion setDiagnosisCfg. Dank Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "EX1200L", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "EN_V9.3.5u.6146_B20201023" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.237513", + "refsource": "MISC", + "name": "https://vuldb.com/?id.237513" + }, + { + "url": "https://vuldb.com/?ctiid.237513", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.237513" + }, + { + "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8", + "refsource": "MISC", + "name": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "dmknght (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4411.json b/2023/4xxx/CVE-2023-4411.json index ca91965ee1d..451ee8b5e26 100644 --- a/2023/4xxx/CVE-2023-4411.json +++ b/2023/4xxx/CVE-2023-4411.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion setTracerouteCfg. Mit der Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "EX1200L", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "EN_V9.3.5u.6146_B20201023" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.237514", + "refsource": "MISC", + "name": "https://vuldb.com/?id.237514" + }, + { + "url": "https://vuldb.com/?ctiid.237514", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.237514" + }, + { + "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8", + "refsource": "MISC", + "name": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "dmknght (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4417.json b/2023/4xxx/CVE-2023-4417.json new file mode 100644 index 00000000000..6246d14e068 --- /dev/null +++ b/2023/4xxx/CVE-2023-4417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4418.json b/2023/4xxx/CVE-2023-4418.json new file mode 100644 index 00000000000..67ecf89412d --- /dev/null +++ b/2023/4xxx/CVE-2023-4418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4419.json b/2023/4xxx/CVE-2023-4419.json new file mode 100644 index 00000000000..d207d70b01c --- /dev/null +++ b/2023/4xxx/CVE-2023-4419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4420.json b/2023/4xxx/CVE-2023-4420.json new file mode 100644 index 00000000000..458fa71827e --- /dev/null +++ b/2023/4xxx/CVE-2023-4420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4421.json b/2023/4xxx/CVE-2023-4421.json new file mode 100644 index 00000000000..76c3c501409 --- /dev/null +++ b/2023/4xxx/CVE-2023-4421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file