From 48f8126a61581fac99e5fd611a069b178ad30888 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 9 Jun 2023 21:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/26xxx/CVE-2023-26465.json | 76 ++++++++++++++++++++++- 2023/29xxx/CVE-2023-29751.json | 56 +++++++++++++++-- 2023/29xxx/CVE-2023-29753.json | 56 +++++++++++++++-- 2023/3xxx/CVE-2023-3187.json | 106 +++++++++++++++++++++++++++++++++ 4 files changed, 279 insertions(+), 15 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3187.json diff --git a/2023/26xxx/CVE-2023-26465.json b/2023/26xxx/CVE-2023-26465.json index dee224448fa..c16c78fa784 100644 --- a/2023/26xxx/CVE-2023-26465.json +++ b/2023/26xxx/CVE-2023-26465.json @@ -4,14 +4,84 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-26465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pega.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pegasystems", + "product": { + "product_data": [ + { + "product_name": "Pega Infinity", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "7.2" + }, + { + "version_affected": "<", + "version_value": "8.8.2" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Maciej Piechota" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "AC": "L", + "PR": "L", + "UI": "R", + "S": "U", + "C": "H", + "I": "H", + "A": "H", + "SCORE": "8.0" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.pega.com/support-doc/pega-security-advisory-a23-vulnerability-remediation-note", + "refsource": "MISC", + "name": "https://support.pega.com/support-doc/pega-security-advisory-a23-vulnerability-remediation-note" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue." } ] } diff --git a/2023/29xxx/CVE-2023-29751.json b/2023/29xxx/CVE-2023-29751.json index 130ce702547..2d0ec4e856b 100644 --- a/2023/29xxx/CVE-2023-29751.json +++ b/2023/29xxx/CVE-2023-29751.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29751", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29751", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29751/CVE%20detailed.md", + "url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29751/CVE%20detailed.md" } ] } diff --git a/2023/29xxx/CVE-2023-29753.json b/2023/29xxx/CVE-2023-29753.json index 58c4cc8b269..5e908e43317 100644 --- a/2023/29xxx/CVE-2023-29753.json +++ b/2023/29xxx/CVE-2023-29753.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29753", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29753", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29753/CVE%20detailed.md", + "url": "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29753/CVE%20detailed.md" } ] } diff --git a/2023/3xxx/CVE-2023-3187.json b/2023/3xxx/CVE-2023-3187.json new file mode 100644 index 00000000000..3d04f0619e6 --- /dev/null +++ b/2023/3xxx/CVE-2023-3187.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3187", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in PHPGurukul Teachers Record Management System 1.0 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /changeimage.php der Komponente Profile Picture Handler. Dank der Manipulation des Arguments newpic mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Teachers Record Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.231176", + "refsource": "MISC", + "name": "https://vuldb.com/?id.231176" + }, + { + "url": "https://vuldb.com/?ctiid.231176", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.231176" + }, + { + "url": "https://github.com/ctflearner/Vulnerability/blob/main/Teacher_Record_Management_System/trms.md", + "refsource": "MISC", + "name": "https://github.com/ctflearner/Vulnerability/blob/main/Teacher_Record_Management_System/trms.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Affan (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file