diff --git a/2022/23xxx/CVE-2022-23913.json b/2022/23xxx/CVE-2022-23913.json
index 7b0aa9c6465..41f99ed5b2b 100644
--- a/2022/23xxx/CVE-2022-23913.json
+++ b/2022/23xxx/CVE-2022-23913.json
@@ -1,43 +1,12 @@
{
- "CVE_data_meta": {
- "ASSIGNER": "security@apache.org",
- "ID": "CVE-2022-23913",
- "STATE": "PUBLIC",
- "TITLE": "Apache ActiveMQ Artemis DoS"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "Apache ActiveMQ Artemis",
- "version": {
- "version_data": [
- {
- "version_affected": "<",
- "version_name": "2.19.0",
- "version_value": "2.20.0"
- },
- {
- "version_affected": "<",
- "version_name": "2.19.0",
- "version_value": "2.19.1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Apache Software Foundation"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
"data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2022-23913",
+ "ASSIGNER": "security@apache.org",
+ "STATE": "PUBLIC"
+ },
"description": {
"description_data": [
{
@@ -46,45 +15,82 @@
}
]
},
- "generator": {
- "engine": "Vulnogram 0.0.9"
- },
- "impact": [
- {}
- ],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
- "value": "CWE-400 Uncontrolled Resource Consumption"
+ "value": "CWE-770 Allocation of Resources Without Limits or Throttling",
+ "cweId": "CWE-770"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache ActiveMQ Artemis",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "2.19.1",
+ "status": "unaffected"
+ }
+ ],
+ "lessThan": "2.20.0",
+ "status": "affected",
+ "version": "2.19.0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
- "refsource": "MISC",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
+ "refsource": "MISC",
"name": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
},
{
- "refsource": "CONFIRM",
- "name": "https://security.netapp.com/advisory/ntap-20220303-0003/",
- "url": "https://security.netapp.com/advisory/ntap-20220303-0003/"
+ "url": "https://security.netapp.com/advisory/ntap-20220303-0003/",
+ "refsource": "MISC",
+ "name": "https://security.netapp.com/advisory/ntap-20220303-0003/"
}
]
},
+ "generator": {
+ "engine": "Vulnogram 0.0.9"
+ },
"source": {
"advisory": "ARTEMIS-3593",
"discovery": "UNKNOWN"
},
"work_around": [
{
- "lang": "eng",
+ "lang": "en",
"value": "Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using Java 8)."
}
]
diff --git a/2022/28xxx/CVE-2022-28331.json b/2022/28xxx/CVE-2022-28331.json
index a10394de335..2292dd4e25c 100644
--- a/2022/28xxx/CVE-2022-28331.json
+++ b/2022/28xxx/CVE-2022-28331.json
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-787 Out-of-bounds Write",
- "cweId": "CWE-787"
+ "value": "CWE-190 Integer Overflow or Wraparound",
+ "cweId": "CWE-190"
}
]
}
@@ -40,8 +40,9 @@
"version": {
"version_data": [
{
- "version_value": "0",
- "version_affected": "="
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "1.7.0"
}
]
}
diff --git a/2023/25xxx/CVE-2023-25201.json b/2023/25xxx/CVE-2023-25201.json
index 27f885f41f6..04385612742 100644
--- a/2023/25xxx/CVE-2023-25201.json
+++ b/2023/25xxx/CVE-2023-25201.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-25201",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-25201",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://herolab.usd.de/security-advisories/",
+ "refsource": "MISC",
+ "name": "https://herolab.usd.de/security-advisories/"
+ },
+ {
+ "url": "https://www.multitech.com",
+ "refsource": "MISC",
+ "name": "https://www.multitech.com"
}
]
}
diff --git a/2023/29xxx/CVE-2023-29998.json b/2023/29xxx/CVE-2023-29998.json
index 23505573c06..8bba866a29c 100644
--- a/2023/29xxx/CVE-2023-29998.json
+++ b/2023/29xxx/CVE-2023-29998.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-29998",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-29998",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/g3w-suite",
+ "refsource": "MISC",
+ "name": "https://github.com/g3w-suite"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://labs.yarix.com/2023/07/gis3w-persistent-xss-in-g3wsuite-3-5-cve-2023-29998/",
+ "url": "https://labs.yarix.com/2023/07/gis3w-persistent-xss-in-g3wsuite-3-5-cve-2023-29998/"
}
]
}
diff --git a/2023/33xxx/CVE-2023-33664.json b/2023/33xxx/CVE-2023-33664.json
index 7a369ea1094..1e38b12f67f 100644
--- a/2023/33xxx/CVE-2023-33664.json
+++ b/2023/33xxx/CVE-2023-33664.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-33664",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-33664",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.boutique.ai-dev.fr/en/ergonomie/61-combinations-on-fly.html",
+ "refsource": "MISC",
+ "name": "https://www.boutique.ai-dev.fr/en/ergonomie/61-combinations-on-fly.html"
+ },
+ {
+ "refsource": "CONFIRM",
+ "name": "https://security.friendsofpresta.org/modules/2023/06/28/aicombinationsonfly.html",
+ "url": "https://security.friendsofpresta.org/modules/2023/06/28/aicombinationsonfly.html"
}
]
}
diff --git a/2023/36xxx/CVE-2023-36201.json b/2023/36xxx/CVE-2023-36201.json
index f2484ea3d6a..65a073fbc87 100644
--- a/2023/36xxx/CVE-2023-36201.json
+++ b/2023/36xxx/CVE-2023-36201.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-36201",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-36201",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/jerryscript-project/jerryscript/issues/5026",
+ "refsource": "MISC",
+ "name": "https://github.com/jerryscript-project/jerryscript/issues/5026"
}
]
}
diff --git a/2023/3xxx/CVE-2023-3541.json b/2023/3xxx/CVE-2023-3541.json
index 0ece7a9f93f..88d4ddeb515 100644
--- a/2023/3xxx/CVE-2023-3541.json
+++ b/2023/3xxx/CVE-2023-3541.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3541",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "In ThinuTech ThinuCMS 1.5 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /author_posts.php. Mittels dem Manipulieren des Arguments author mit der Eingabe g6g12o8sdm mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ThinuTech",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ThinuCMS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.5"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.233293",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.233293"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.233293",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.233293"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2023/3xxx/CVE-2023-3542.json b/2023/3xxx/CVE-2023-3542.json
index 105e36b5068..f07acd9a3a7 100644
--- a/2023/3xxx/CVE-2023-3542.json
+++ b/2023/3xxx/CVE-2023-3542.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3542",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine Schwachstelle wurde in ThinuTech ThinuCMS 1.5 gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /contact.php. Mittels Manipulieren des Arguments name/body mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ThinuTech",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ThinuCMS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.5"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.233294",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.233294"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.233294",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.233294"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "skalvin (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "baseSeverity": "MEDIUM"
}
]
}