From 4201423a043bb0bda33929b6626e4bd75b4dd3ee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 7 Jul 2023 16:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/23xxx/CVE-2022-23913.json | 106 +++++++++++++++++---------------- 2022/28xxx/CVE-2022-28331.json | 9 +-- 2023/25xxx/CVE-2023-25201.json | 61 +++++++++++++++++-- 2023/29xxx/CVE-2023-29998.json | 61 +++++++++++++++++-- 2023/33xxx/CVE-2023-33664.json | 61 +++++++++++++++++-- 2023/36xxx/CVE-2023-36201.json | 56 +++++++++++++++-- 2023/3xxx/CVE-2023-3541.json | 85 ++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3542.json | 91 ++++++++++++++++++++++++++-- 8 files changed, 444 insertions(+), 86 deletions(-) diff --git a/2022/23xxx/CVE-2022-23913.json b/2022/23xxx/CVE-2022-23913.json index 7b0aa9c6465..41f99ed5b2b 100644 --- a/2022/23xxx/CVE-2022-23913.json +++ b/2022/23xxx/CVE-2022-23913.json @@ -1,43 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2022-23913", - "STATE": "PUBLIC", - "TITLE": "Apache ActiveMQ Artemis DoS" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apache ActiveMQ Artemis", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.19.0", - "version_value": "2.20.0" - }, - { - "version_affected": "<", - "version_name": "2.19.0", - "version_value": "2.19.1" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-23913", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -46,45 +15,82 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": [ - {} - ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption" + "value": "CWE-770 Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache ActiveMQ Artemis", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.19.1", + "status": "unaffected" + } + ], + "lessThan": "2.20.0", + "status": "affected", + "version": "2.19.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", + "refsource": "MISC", "name": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220303-0003/", - "url": "https://security.netapp.com/advisory/ntap-20220303-0003/" + "url": "https://security.netapp.com/advisory/ntap-20220303-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20220303-0003/" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "advisory": "ARTEMIS-3593", "discovery": "UNKNOWN" }, "work_around": [ { - "lang": "eng", + "lang": "en", "value": "Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using Java 8)." } ] diff --git a/2022/28xxx/CVE-2022-28331.json b/2022/28xxx/CVE-2022-28331.json index a10394de335..2292dd4e25c 100644 --- a/2022/28xxx/CVE-2022-28331.json +++ b/2022/28xxx/CVE-2022-28331.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-787 Out-of-bounds Write", - "cweId": "CWE-787" + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" } ] } @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<=", + "version_name": "0", + "version_value": "1.7.0" } ] } diff --git a/2023/25xxx/CVE-2023-25201.json b/2023/25xxx/CVE-2023-25201.json index 27f885f41f6..04385612742 100644 --- a/2023/25xxx/CVE-2023-25201.json +++ b/2023/25xxx/CVE-2023-25201.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-25201", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-25201", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://herolab.usd.de/security-advisories/", + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/" + }, + { + "url": "https://www.multitech.com", + "refsource": "MISC", + "name": "https://www.multitech.com" } ] } diff --git a/2023/29xxx/CVE-2023-29998.json b/2023/29xxx/CVE-2023-29998.json index 23505573c06..8bba866a29c 100644 --- a/2023/29xxx/CVE-2023-29998.json +++ b/2023/29xxx/CVE-2023-29998.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29998", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29998", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/g3w-suite", + "refsource": "MISC", + "name": "https://github.com/g3w-suite" + }, + { + "refsource": "CONFIRM", + "name": "https://labs.yarix.com/2023/07/gis3w-persistent-xss-in-g3wsuite-3-5-cve-2023-29998/", + "url": "https://labs.yarix.com/2023/07/gis3w-persistent-xss-in-g3wsuite-3-5-cve-2023-29998/" } ] } diff --git a/2023/33xxx/CVE-2023-33664.json b/2023/33xxx/CVE-2023-33664.json index 7a369ea1094..1e38b12f67f 100644 --- a/2023/33xxx/CVE-2023-33664.json +++ b/2023/33xxx/CVE-2023-33664.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33664", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33664", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.boutique.ai-dev.fr/en/ergonomie/61-combinations-on-fly.html", + "refsource": "MISC", + "name": "https://www.boutique.ai-dev.fr/en/ergonomie/61-combinations-on-fly.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.friendsofpresta.org/modules/2023/06/28/aicombinationsonfly.html", + "url": "https://security.friendsofpresta.org/modules/2023/06/28/aicombinationsonfly.html" } ] } diff --git a/2023/36xxx/CVE-2023-36201.json b/2023/36xxx/CVE-2023-36201.json index f2484ea3d6a..65a073fbc87 100644 --- a/2023/36xxx/CVE-2023-36201.json +++ b/2023/36xxx/CVE-2023-36201.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36201", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36201", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jerryscript-project/jerryscript/issues/5026", + "refsource": "MISC", + "name": "https://github.com/jerryscript-project/jerryscript/issues/5026" } ] } diff --git a/2023/3xxx/CVE-2023-3541.json b/2023/3xxx/CVE-2023-3541.json index 0ece7a9f93f..88d4ddeb515 100644 --- a/2023/3xxx/CVE-2023-3541.json +++ b/2023/3xxx/CVE-2023-3541.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In ThinuTech ThinuCMS 1.5 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /author_posts.php. Mittels dem Manipulieren des Arguments author mit der Eingabe g6g12o8sdm mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThinuTech", + "product": { + "product_data": [ + { + "product_name": "ThinuCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.233293", + "refsource": "MISC", + "name": "https://vuldb.com/?id.233293" + }, + { + "url": "https://vuldb.com/?ctiid.233293", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.233293" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3542.json b/2023/3xxx/CVE-2023-3542.json index 105e36b5068..f07acd9a3a7 100644 --- a/2023/3xxx/CVE-2023-3542.json +++ b/2023/3xxx/CVE-2023-3542.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in ThinuTech ThinuCMS 1.5 gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /contact.php. Mittels Manipulieren des Arguments name/body mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThinuTech", + "product": { + "product_data": [ + { + "product_name": "ThinuCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.233294", + "refsource": "MISC", + "name": "https://vuldb.com/?id.233294" + }, + { + "url": "https://vuldb.com/?ctiid.233294", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.233294" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "skalvin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] }