diff --git a/2022/45xxx/CVE-2022-45170.json b/2022/45xxx/CVE-2022-45170.json index b6f1cfe4d31..f17b9d63fc5 100644 --- a/2022/45xxx/CVE-2022-45170.json +++ b/2022/45xxx/CVE-2022-45170.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45170", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45170", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2022/45xxx/CVE-2022-45173.json b/2022/45xxx/CVE-2022-45173.json index 2a7ec53e447..0995d8b0a93 100644 --- a/2022/45xxx/CVE-2022-45173.json +++ b/2022/45xxx/CVE-2022-45173.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45173", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45173", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2022/45xxx/CVE-2022-45174.json b/2022/45xxx/CVE-2022-45174.json index 224f2d57d8f..a9e102254d8 100644 --- a/2022/45xxx/CVE-2022-45174.json +++ b/2022/45xxx/CVE-2022-45174.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45174", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45174", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2022/45xxx/CVE-2022-45175.json b/2022/45xxx/CVE-2022-45175.json index 44fe735a544..86edb016fd8 100644 --- a/2022/45xxx/CVE-2022-45175.json +++ b/2022/45xxx/CVE-2022-45175.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45175", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45175", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2022/45xxx/CVE-2022-45178.json b/2022/45xxx/CVE-2022-45178.json index db894be6d9b..fdd36bbb532 100644 --- a/2022/45xxx/CVE-2022-45178.json +++ b/2022/45xxx/CVE-2022-45178.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45178", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45178", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2022/45xxx/CVE-2022-45180.json b/2022/45xxx/CVE-2022-45180.json index 7026d8a537e..c6df07723eb 100644 --- a/2022/45xxx/CVE-2022-45180.json +++ b/2022/45xxx/CVE-2022-45180.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45180", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45180", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "refsource": "MISC", + "name": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2023/1xxx/CVE-2023-1803.json b/2023/1xxx/CVE-2023-1803.json index 7533d6f1a94..b228f8e01db 100644 --- a/2023/1xxx/CVE-2023-1803.json +++ b/2023/1xxx/CVE-2023-1803.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " CWE-289 Authentication Bypass by Alternate Name", + "cweId": "CWE-289" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DTS Electronics", + "product": { + "product_data": [ + { + "product_name": "Redline Router", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "7.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0227", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0227" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0227", + "defect": [ + "TR-23-0227" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Berat KIRMAZ" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1833.json b/2023/1xxx/CVE-2023-1833.json index 7f9b195255f..0876261245a 100644 --- a/2023/1xxx/CVE-2023-1833.json +++ b/2023/1xxx/CVE-2023-1833.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-305 Authentication Bypass by Primary Weakness", + "cweId": "CWE-305" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DTS Electronics", + "product": { + "product_data": [ + { + "product_name": "Redline Router", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "7.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0227", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0227" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0227", + "defect": [ + "TR-23-0227" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Alican OZDEMIR" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/22xxx/CVE-2023-22949.json b/2023/22xxx/CVE-2023-22949.json index 79a150b5cfc..ab86b8f5842 100644 --- a/2023/22xxx/CVE-2023-22949.json +++ b/2023/22xxx/CVE-2023-22949.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-22949", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-22949", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dev.tigergraph.com/forum/c/tg-community/announcements/35", + "refsource": "MISC", + "name": "https://dev.tigergraph.com/forum/c/tg-community/announcements/35" + }, + { + "refsource": "MISC", + "name": "https://neo4j.com/security/cve-2023-22949/", + "url": "https://neo4j.com/security/cve-2023-22949/" } ] } diff --git a/2023/29xxx/CVE-2023-29798.json b/2023/29xxx/CVE-2023-29798.json index 64eee8189cd..de4c752729e 100644 --- a/2023/29xxx/CVE-2023-29798.json +++ b/2023/29xxx/CVE-2023-29798.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29798", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29798", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/Command-Injection-4-ea4969f635f54fe5b2f575e93443a4e0", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/Command-Injection-4-ea4969f635f54fe5b2f575e93443a4e0" } ] } diff --git a/2023/29xxx/CVE-2023-29799.json b/2023/29xxx/CVE-2023-29799.json index 051ecd8974d..29d3cbb1ec7 100644 --- a/2023/29xxx/CVE-2023-29799.json +++ b/2023/29xxx/CVE-2023-29799.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29799", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29799", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/Command-Inject-6-3ee0faa243134ae2bc20e6670d80bada", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/Command-Inject-6-3ee0faa243134ae2bc20e6670d80bada" } ] } diff --git a/2023/29xxx/CVE-2023-29800.json b/2023/29xxx/CVE-2023-29800.json index bd87684f546..6feb519911c 100644 --- a/2023/29xxx/CVE-2023-29800.json +++ b/2023/29xxx/CVE-2023-29800.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29800", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29800", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/Command-Injection-5-e88b72309a3c4e20b7469b3679c0c7d9", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/Command-Injection-5-e88b72309a3c4e20b7469b3679c0c7d9" } ] } diff --git a/2023/29xxx/CVE-2023-29801.json b/2023/29xxx/CVE-2023-29801.json index 0534c23c418..3904543a141 100644 --- a/2023/29xxx/CVE-2023-29801.json +++ b/2023/29xxx/CVE-2023-29801.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29801", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29801", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/Command-Injection-2-af41252fe96244209589d4e6da9aa7b7", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/Command-Injection-2-af41252fe96244209589d4e6da9aa7b7" } ] } diff --git a/2023/29xxx/CVE-2023-29802.json b/2023/29xxx/CVE-2023-29802.json index fb524ad4510..db9f5fd32f3 100644 --- a/2023/29xxx/CVE-2023-29802.json +++ b/2023/29xxx/CVE-2023-29802.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29802", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29802", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/Command-Injection-3-8eb94b608bcd48f8aa4e983d2d1c4526", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/Command-Injection-3-8eb94b608bcd48f8aa4e983d2d1c4526" } ] } diff --git a/2023/29xxx/CVE-2023-29803.json b/2023/29xxx/CVE-2023-29803.json index cc4e145b94d..c4e3fdf3d27 100644 --- a/2023/29xxx/CVE-2023-29803.json +++ b/2023/29xxx/CVE-2023-29803.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29803", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29803", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/Command-Inject-1-4a37b0679f69478285d1ba640e5f0897", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/Command-Inject-1-4a37b0679f69478285d1ba640e5f0897" } ] } diff --git a/2023/29xxx/CVE-2023-29804.json b/2023/29xxx/CVE-2023-29804.json index 13100ad9d31..0855bd4b58e 100644 --- a/2023/29xxx/CVE-2023-29804.json +++ b/2023/29xxx/CVE-2023-29804.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29804", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29804", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/command-injection-WFS-SR03-7cddf0ac85e54f8ba81d9b26b00ca5cd", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/command-injection-WFS-SR03-7cddf0ac85e54f8ba81d9b26b00ca5cd" } ] } diff --git a/2023/29xxx/CVE-2023-29805.json b/2023/29xxx/CVE-2023-29805.json index 3d8030d1cd1..3e52eb2515f 100644 --- a/2023/29xxx/CVE-2023-29805.json +++ b/2023/29xxx/CVE-2023-29805.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29805", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29805", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sore-pail-31b.notion.site/Command-Injection-2-WFS-SR03-436d09790c2f4e31b197c39711e17775", + "refsource": "MISC", + "name": "https://sore-pail-31b.notion.site/Command-Injection-2-WFS-SR03-436d09790c2f4e31b197c39711e17775" } ] } diff --git a/2023/29xxx/CVE-2023-29847.json b/2023/29xxx/CVE-2023-29847.json index 6e7b71aba74..c173da422f7 100644 --- a/2023/29xxx/CVE-2023-29847.json +++ b/2023/29xxx/CVE-2023-29847.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29847", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29847", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MegaTKC/AeroCMS/issues/11", + "refsource": "MISC", + "name": "https://github.com/MegaTKC/AeroCMS/issues/11" } ] } diff --git a/2023/29xxx/CVE-2023-29850.json b/2023/29xxx/CVE-2023-29850.json index 28e21a732e1..a0a63b96f28 100644 --- a/2023/29xxx/CVE-2023-29850.json +++ b/2023/29xxx/CVE-2023-29850.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29850", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29850", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/slims/slims9_bulian/issues/186", + "refsource": "MISC", + "name": "https://github.com/slims/slims9_bulian/issues/186" } ] } diff --git a/2023/2xxx/CVE-2023-2056.json b/2023/2xxx/CVE-2023-2056.json index a2133f1295d..dd5cdc53d98 100644 --- a/2023/2xxx/CVE-2023-2056.json +++ b/2023/2xxx/CVE-2023-2056.json @@ -1,17 +1,457 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2056", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in DedeCMS bis 5.7.87 gefunden. Es geht hierbei um die Funktion GetSystemFile der Datei module_main.php. Dank Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "DedeCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.0" + }, + { + "version_affected": "=", + "version_value": "5.7.1" + }, + { + "version_affected": "=", + "version_value": "5.7.2" + }, + { + "version_affected": "=", + "version_value": "5.7.3" + }, + { + "version_affected": "=", + "version_value": "5.7.4" + }, + { + "version_affected": "=", + "version_value": "5.7.5" + }, + { + "version_affected": "=", + "version_value": "5.7.6" + }, + { + "version_affected": "=", + "version_value": "5.7.7" + }, + { + "version_affected": "=", + "version_value": "5.7.8" + }, + { + "version_affected": "=", + "version_value": "5.7.9" + }, + { + "version_affected": "=", + "version_value": "5.7.10" + }, + { + "version_affected": "=", + "version_value": "5.7.11" + }, + { + "version_affected": "=", + "version_value": "5.7.12" + }, + { + "version_affected": "=", + "version_value": "5.7.13" + }, + { + "version_affected": "=", + "version_value": "5.7.14" + }, + { + "version_affected": "=", + "version_value": "5.7.15" + }, + { + "version_affected": "=", + "version_value": "5.7.16" + }, + { + "version_affected": "=", + "version_value": "5.7.17" + }, + { + "version_affected": "=", + "version_value": "5.7.18" + }, + { + "version_affected": "=", + "version_value": "5.7.19" + }, + { + "version_affected": "=", + "version_value": "5.7.20" + }, + { + "version_affected": "=", + "version_value": "5.7.21" + }, + { + "version_affected": "=", + "version_value": "5.7.22" + }, + { + "version_affected": "=", + "version_value": "5.7.23" + }, + { + "version_affected": "=", + "version_value": "5.7.24" + }, + { + "version_affected": "=", + "version_value": "5.7.25" + }, + { + "version_affected": "=", + "version_value": "5.7.26" + }, + { + "version_affected": "=", + "version_value": "5.7.27" + }, + { + "version_affected": "=", + "version_value": "5.7.28" + }, + { + "version_affected": "=", + "version_value": "5.7.29" + }, + { + "version_affected": "=", + "version_value": "5.7.30" + }, + { + "version_affected": "=", + "version_value": "5.7.31" + }, + { + "version_affected": "=", + "version_value": "5.7.32" + }, + { + "version_affected": "=", + "version_value": "5.7.33" + }, + { + "version_affected": "=", + "version_value": "5.7.34" + }, + { + "version_affected": "=", + "version_value": "5.7.35" + }, + { + "version_affected": "=", + "version_value": "5.7.36" + }, + { + "version_affected": "=", + "version_value": "5.7.37" + }, + { + "version_affected": "=", + "version_value": "5.7.38" + }, + { + "version_affected": "=", + "version_value": "5.7.39" + }, + { + "version_affected": "=", + "version_value": "5.7.40" + }, + { + "version_affected": "=", + "version_value": "5.7.41" + }, + { + "version_affected": "=", + "version_value": "5.7.42" + }, + { + "version_affected": "=", + "version_value": "5.7.43" + }, + { + "version_affected": "=", + "version_value": "5.7.44" + }, + { + "version_affected": "=", + "version_value": "5.7.45" + }, + { + "version_affected": "=", + "version_value": "5.7.46" + }, + { + "version_affected": "=", + "version_value": "5.7.47" + }, + { + "version_affected": "=", + "version_value": "5.7.48" + }, + { + "version_affected": "=", + "version_value": "5.7.49" + }, + { + "version_affected": "=", + "version_value": "5.7.50" + }, + { + "version_affected": "=", + "version_value": "5.7.51" + }, + { + "version_affected": "=", + "version_value": "5.7.52" + }, + { + "version_affected": "=", + "version_value": "5.7.53" + }, + { + "version_affected": "=", + "version_value": "5.7.54" + }, + { + "version_affected": "=", + "version_value": "5.7.55" + }, + { + "version_affected": "=", + "version_value": "5.7.56" + }, + { + "version_affected": "=", + "version_value": "5.7.57" + }, + { + "version_affected": "=", + "version_value": "5.7.58" + }, + { + "version_affected": "=", + "version_value": "5.7.59" + }, + { + "version_affected": "=", + "version_value": "5.7.60" + }, + { + "version_affected": "=", + "version_value": "5.7.61" + }, + { + "version_affected": "=", + "version_value": "5.7.62" + }, + { + "version_affected": "=", + "version_value": "5.7.63" + }, + { + "version_affected": "=", + "version_value": "5.7.64" + }, + { + "version_affected": "=", + "version_value": "5.7.65" + }, + { + "version_affected": "=", + "version_value": "5.7.66" + }, + { + "version_affected": "=", + "version_value": "5.7.67" + }, + { + "version_affected": "=", + "version_value": "5.7.68" + }, + { + "version_affected": "=", + "version_value": "5.7.69" + }, + { + "version_affected": "=", + "version_value": "5.7.70" + }, + { + "version_affected": "=", + "version_value": "5.7.71" + }, + { + "version_affected": "=", + "version_value": "5.7.72" + }, + { + "version_affected": "=", + "version_value": "5.7.73" + }, + { + "version_affected": "=", + "version_value": "5.7.74" + }, + { + "version_affected": "=", + "version_value": "5.7.75" + }, + { + "version_affected": "=", + "version_value": "5.7.76" + }, + { + "version_affected": "=", + "version_value": "5.7.77" + }, + { + "version_affected": "=", + "version_value": "5.7.78" + }, + { + "version_affected": "=", + "version_value": "5.7.79" + }, + { + "version_affected": "=", + "version_value": "5.7.80" + }, + { + "version_affected": "=", + "version_value": "5.7.81" + }, + { + "version_affected": "=", + "version_value": "5.7.82" + }, + { + "version_affected": "=", + "version_value": "5.7.83" + }, + { + "version_affected": "=", + "version_value": "5.7.84" + }, + { + "version_affected": "=", + "version_value": "5.7.85" + }, + { + "version_affected": "=", + "version_value": "5.7.86" + }, + { + "version_affected": "=", + "version_value": "5.7.87" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.225941", + "refsource": "MISC", + "name": "https://vuldb.com/?id.225941" + }, + { + "url": "https://vuldb.com/?ctiid.225941", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.225941" + }, + { + "url": "https://gitee.com/ashe-king/cve/blob/master/dedecms%20rce2.md", + "refsource": "MISC", + "name": "https://gitee.com/ashe-king/cve/blob/master/dedecms%20rce2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "asheking (VulDB User)" + }, + { + "lang": "en", + "value": "ashekingVulDB Gitee Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/2xxx/CVE-2023-2057.json b/2023/2xxx/CVE-2023-2057.json index f66e376b1c9..4f03a01bad9 100644 --- a/2023/2xxx/CVE-2023-2057.json +++ b/2023/2xxx/CVE-2023-2057.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in EyouCms 1.5.4 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei login.php?m=admin&c=Arctype&a=edit der Komponente New Picture Handler. Mit der Manipulation des Arguments litpic_loca mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EyouCms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.225942", + "refsource": "MISC", + "name": "https://vuldb.com/?id.225942" + }, + { + "url": "https://vuldb.com/?ctiid.225942", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.225942" + }, + { + "url": "https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md", + "refsource": "MISC", + "name": "https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "WWesleywww (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseSeverity": "LOW" } ] } diff --git a/2023/2xxx/CVE-2023-2058.json b/2023/2xxx/CVE-2023-2058.json index 062b48edb27..06dfdde6e75 100644 --- a/2023/2xxx/CVE-2023-2058.json +++ b/2023/2xxx/CVE-2023-2058.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943." + }, + { + "lang": "deu", + "value": "In EyouCms bis 1.6.2 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 der Komponente HTTP POST Request Handler. Durch die Manipulation des Arguments web_ico mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EyouCms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.6.0" + }, + { + "version_affected": "=", + "version_value": "1.6.1" + }, + { + "version_affected": "=", + "version_value": "1.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.225943", + "refsource": "MISC", + "name": "https://vuldb.com/?id.225943" + }, + { + "url": "https://vuldb.com/?ctiid.225943", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.225943" + }, + { + "url": "https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md", + "refsource": "MISC", + "name": "https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "WWesleywww (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseSeverity": "LOW" } ] } diff --git a/2023/2xxx/CVE-2023-2066.json b/2023/2xxx/CVE-2023-2066.json new file mode 100644 index 00000000000..1bcbdb3ad97 --- /dev/null +++ b/2023/2xxx/CVE-2023-2066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2067.json b/2023/2xxx/CVE-2023-2067.json new file mode 100644 index 00000000000..201599f2182 --- /dev/null +++ b/2023/2xxx/CVE-2023-2067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file