diff --git a/2022/3xxx/CVE-2022-3116.json b/2022/3xxx/CVE-2022-3116.json index 3e93bb4150a..549d29ede60 100644 --- a/2022/3xxx/CVE-2022-3116.json +++ b/2022/3xxx/CVE-2022-3116.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.kb.cert.org/vuls/id/730793", "url": "https://www.kb.cert.org/vuls/id/730793" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0010/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0010/" } ] }, diff --git a/2022/3xxx/CVE-2022-3294.json b/2022/3xxx/CVE-2022-3294.json index 012c64744d3..9c5abccf735 100644 --- a/2022/3xxx/CVE-2022-3294.json +++ b/2022/3xxx/CVE-2022-3294.json @@ -101,6 +101,11 @@ "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/113757", "name": "https://github.com/kubernetes/kubernetes/issues/113757" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0007/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0007/" } ] }, diff --git a/2022/48xxx/CVE-2022-48423.json b/2022/48xxx/CVE-2022-48423.json index d0696b4301e..ab5d0c49b88 100644 --- a/2022/48xxx/CVE-2022-48423.json +++ b/2022/48xxx/CVE-2022-48423.json @@ -61,6 +61,11 @@ "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3", "refsource": "MISC", "name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0003/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0003/" } ] } diff --git a/2022/48xxx/CVE-2022-48424.json b/2022/48xxx/CVE-2022-48424.json index 83ba705348b..ed3de950fb9 100644 --- a/2022/48xxx/CVE-2022-48424.json +++ b/2022/48xxx/CVE-2022-48424.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4f1dc7d9756e66f3f876839ea174df2e656b7f79", "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4f1dc7d9756e66f3f876839ea174df2e656b7f79" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0002/" } ] } diff --git a/2023/1xxx/CVE-2023-1078.json b/2023/1xxx/CVE-2023-1078.json index 18b5e9e3912..d330f13680a 100644 --- a/2023/1xxx/CVE-2023-1078.json +++ b/2023/1xxx/CVE-2023-1078.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0004/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0004/" } ] }, diff --git a/2023/1xxx/CVE-2023-1252.json b/2023/1xxx/CVE-2023-1252.json index 660b46f6b32..e1e7356c632 100644 --- a/2023/1xxx/CVE-2023-1252.json +++ b/2023/1xxx/CVE-2023-1252.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/", "url": "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0005/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0005/" } ] }, diff --git a/2023/20xxx/CVE-2023-20860.json b/2023/20xxx/CVE-2023-20860.json index 9dc184e4fe3..50c7a1fc154 100644 --- a/2023/20xxx/CVE-2023-20860.json +++ b/2023/20xxx/CVE-2023-20860.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://spring.io/security/cve-2023-20860", "url": "https://spring.io/security/cve-2023-20860" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0006/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0006/" } ] }, diff --git a/2023/24xxx/CVE-2023-24999.json b/2023/24xxx/CVE-2023-24999.json index b9307c46828..00d9aba8761 100644 --- a/2023/24xxx/CVE-2023-24999.json +++ b/2023/24xxx/CVE-2023-24999.json @@ -91,6 +91,11 @@ "url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305", "refsource": "MISC", "name": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230505-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230505-0001/" } ] }, diff --git a/2023/26xxx/CVE-2023-26464.json b/2023/26xxx/CVE-2023-26464.json index 8f9d90b4972..1bdd699f3a5 100644 --- a/2023/26xxx/CVE-2023-26464.json +++ b/2023/26xxx/CVE-2023-26464.json @@ -74,6 +74,11 @@ "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t", "refsource": "MISC", "name": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230505-0008/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230505-0008/" } ] }, diff --git a/2023/26xxx/CVE-2023-26604.json b/2023/26xxx/CVE-2023-26604.json index 68762dbdb1c..732e509bc1f 100644 --- a/2023/26xxx/CVE-2023-26604.json +++ b/2023/26xxx/CVE-2023-26604.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20230331 [SECURITY] [DLA 3377-1] systemd security update", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230505-0009/", + "url": "https://security.netapp.com/advisory/ntap-20230505-0009/" } ] } diff --git a/2023/2xxx/CVE-2023-2550.json b/2023/2xxx/CVE-2023-2550.json index d72f752f5af..f07cb6edc52 100644 --- a/2023/2xxx/CVE-2023-2550.json +++ b/2023/2xxx/CVE-2023-2550.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-2550", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.13" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-2550", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.13" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf" - } - ] - }, - "source": { - "advisory": "840c8d91-c97e-4116-a9f8-4ab1a38d239b", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf" + } + ] + }, + "source": { + "advisory": "840c8d91-c97e-4116-a9f8-4ab1a38d239b", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2551.json b/2023/2xxx/CVE-2023-2551.json index 0a53323fb87..04cb53d7a37 100644 --- a/2023/2xxx/CVE-2023-2551.json +++ b/2023/2xxx/CVE-2023-2551.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-2551", - "STATE": "PUBLIC", - "TITLE": "PHP Remote File Inclusion in unilogies/bumsys" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "unilogies/bumsys", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "2.1.1" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-2551", + "STATE": "PUBLIC", + "TITLE": "PHP Remote File Inclusion in unilogies/bumsys" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "unilogies/bumsys", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "unilogies" } - } ] - }, - "vendor_name": "unilogies" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/5723613c-55c6-4f18-9ed3-61ad44f5de9c", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/5723613c-55c6-4f18-9ed3-61ad44f5de9c" - }, - { - "name": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a", - "refsource": "MISC", - "url": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a" - } - ] - }, - "source": { - "advisory": "5723613c-55c6-4f18-9ed3-61ad44f5de9c", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a", + "refsource": "MISC", + "url": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a" + }, + { + "name": "https://huntr.dev/bounties/5723613c-55c6-4f18-9ed3-61ad44f5de9c", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/5723613c-55c6-4f18-9ed3-61ad44f5de9c" + } + ] + }, + "source": { + "advisory": "5723613c-55c6-4f18-9ed3-61ad44f5de9c", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2552.json b/2023/2xxx/CVE-2023-2552.json index e156de7aae5..997e15e609e 100644 --- a/2023/2xxx/CVE-2023-2552.json +++ b/2023/2xxx/CVE-2023-2552.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-2552", - "STATE": "PUBLIC", - "TITLE": "Cross-Site Request Forgery (CSRF) in unilogies/bumsys" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "unilogies/bumsys", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "2.1.1" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-2552", + "STATE": "PUBLIC", + "TITLE": "Cross-Site Request Forgery (CSRF) in unilogies/bumsys" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "unilogies/bumsys", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "unilogies" } - } ] - }, - "vendor_name": "unilogies" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/ab0b4655-f57a-4113-849b-2237eeb75b32", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/ab0b4655-f57a-4113-849b-2237eeb75b32" - }, - { - "name": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a", - "refsource": "MISC", - "url": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a" - } - ] - }, - "source": { - "advisory": "ab0b4655-f57a-4113-849b-2237eeb75b32", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/ab0b4655-f57a-4113-849b-2237eeb75b32", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/ab0b4655-f57a-4113-849b-2237eeb75b32" + }, + { + "name": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a", + "refsource": "MISC", + "url": "https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a" + } + ] + }, + "source": { + "advisory": "ab0b4655-f57a-4113-849b-2237eeb75b32", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2553.json b/2023/2xxx/CVE-2023-2553.json index eee1e533517..3a3135c1d29 100644 --- a/2023/2xxx/CVE-2023-2553.json +++ b/2023/2xxx/CVE-2023-2553.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-2553", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Stored in unilogies/bumsys" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "unilogies/bumsys", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "2.2.0" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-2553", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in unilogies/bumsys" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "unilogies/bumsys", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "unilogies" } - } ] - }, - "vendor_name": "unilogies" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 4.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/4e1f5b56-e846-40d8-a83c-533efd56aacf", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/4e1f5b56-e846-40d8-a83c-533efd56aacf" - }, - { - "name": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978", - "refsource": "MISC", - "url": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978" - } - ] - }, - "source": { - "advisory": "4e1f5b56-e846-40d8-a83c-533efd56aacf", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978", + "refsource": "MISC", + "url": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978" + }, + { + "name": "https://huntr.dev/bounties/4e1f5b56-e846-40d8-a83c-533efd56aacf", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/4e1f5b56-e846-40d8-a83c-533efd56aacf" + } + ] + }, + "source": { + "advisory": "4e1f5b56-e846-40d8-a83c-533efd56aacf", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2554.json b/2023/2xxx/CVE-2023-2554.json index 44f5337f348..b28cfa0fc9c 100644 --- a/2023/2xxx/CVE-2023-2554.json +++ b/2023/2xxx/CVE-2023-2554.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-2554", - "STATE": "PUBLIC", - "TITLE": "External Control of File Name or Path in unilogies/bumsys" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "unilogies/bumsys", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "2.2.0" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-2554", + "STATE": "PUBLIC", + "TITLE": "External Control of File Name or Path in unilogies/bumsys" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "unilogies/bumsys", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "unilogies" } - } ] - }, - "vendor_name": "unilogies" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-73 External Control of File Name or Path" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/396785a0-7bb6-4db4-b4cb-607b0fd4ab4b", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/396785a0-7bb6-4db4-b4cb-607b0fd4ab4b" - }, - { - "name": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978", - "refsource": "MISC", - "url": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978" - } - ] - }, - "source": { - "advisory": "396785a0-7bb6-4db4-b4cb-607b0fd4ab4b", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73 External Control of File Name or Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/396785a0-7bb6-4db4-b4cb-607b0fd4ab4b", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/396785a0-7bb6-4db4-b4cb-607b0fd4ab4b" + }, + { + "name": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978", + "refsource": "MISC", + "url": "https://github.com/unilogies/bumsys/commit/1b426f58a513194206d0ea8ab58baf1461e54978" + } + ] + }, + "source": { + "advisory": "396785a0-7bb6-4db4-b4cb-607b0fd4ab4b", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2556.json b/2023/2xxx/CVE-2023-2556.json new file mode 100644 index 00000000000..0d7bfb6e2a0 --- /dev/null +++ b/2023/2xxx/CVE-2023-2556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2557.json b/2023/2xxx/CVE-2023-2557.json new file mode 100644 index 00000000000..1faacf74166 --- /dev/null +++ b/2023/2xxx/CVE-2023-2557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2558.json b/2023/2xxx/CVE-2023-2558.json new file mode 100644 index 00000000000..615bdd55a50 --- /dev/null +++ b/2023/2xxx/CVE-2023-2558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file