diff --git a/2021/3xxx/CVE-2021-3610.json b/2021/3xxx/CVE-2021-3610.json index e7e1a4f64ac..4936b9d1c4d 100644 --- a/2021/3xxx/CVE-2021-3610.json +++ b/2021/3xxx/CVE-2021-3610.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3", "url": "https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230529 Update CVE-2021-3610: ImageMagick", + "url": "http://www.openwall.com/lists/oss-security/2023/05/29/4" } ] }, diff --git a/2022/24xxx/CVE-2022-24627.json b/2022/24xxx/CVE-2022-24627.json index 1be5a1ce940..912e7ed507b 100644 --- a/2022/24xxx/CVE-2022-24627.json +++ b/2022/24xxx/CVE-2022-24627.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24627", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24627", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Feb/12", + "url": "http://seclists.org/fulldisclosure/2023/Feb/12" } ] } diff --git a/2022/24xxx/CVE-2022-24628.json b/2022/24xxx/CVE-2022-24628.json index d0d8dfcc841..407692d26c6 100644 --- a/2022/24xxx/CVE-2022-24628.json +++ b/2022/24xxx/CVE-2022-24628.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24628", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24628", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Feb/12", + "url": "http://seclists.org/fulldisclosure/2023/Feb/12" } ] } diff --git a/2022/24xxx/CVE-2022-24629.json b/2022/24xxx/CVE-2022-24629.json index 0f31f3d15a2..788e56e421d 100644 --- a/2022/24xxx/CVE-2022-24629.json +++ b/2022/24xxx/CVE-2022-24629.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24629", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24629", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Feb/12", + "url": "http://seclists.org/fulldisclosure/2023/Feb/12" } ] } diff --git a/2022/24xxx/CVE-2022-24630.json b/2022/24xxx/CVE-2022-24630.json index 94e30fbd3fb..727da000487 100644 --- a/2022/24xxx/CVE-2022-24630.json +++ b/2022/24xxx/CVE-2022-24630.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24630", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24630", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Feb/12", + "url": "http://seclists.org/fulldisclosure/2023/Feb/12" } ] } diff --git a/2022/24xxx/CVE-2022-24631.json b/2022/24xxx/CVE-2022-24631.json index ef173a59c24..2e5464bdfc9 100644 --- a/2022/24xxx/CVE-2022-24631.json +++ b/2022/24xxx/CVE-2022-24631.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Feb/12", + "url": "http://seclists.org/fulldisclosure/2023/Feb/12" } ] } diff --git a/2022/24xxx/CVE-2022-24632.json b/2022/24xxx/CVE-2022-24632.json index 5516a36e153..6305d67df9a 100644 --- a/2022/24xxx/CVE-2022-24632.json +++ b/2022/24xxx/CVE-2022-24632.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-24632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-24632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Feb/12", + "url": "http://seclists.org/fulldisclosure/2023/Feb/12" } ] } diff --git a/2022/41xxx/CVE-2022-41766.json b/2022/41xxx/CVE-2022-41766.json index 59f59ed8653..d6f83e998ca 100644 --- a/2022/41xxx/CVE-2022-41766.json +++ b/2022/41xxx/CVE-2022-41766.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41766", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41766", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T307278", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T307278" } ] } diff --git a/2023/30xxx/CVE-2023-30253.json b/2023/30xxx/CVE-2023-30253.json index e5889b2593b..a4a8d1c659e 100644 --- a/2023/30xxx/CVE-2023-30253.json +++ b/2023/30xxx/CVE-2023-30253.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-30253", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-30253", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: = 14.8, < 14.8-3" + }, + { + "version_affected": "=", + "version_value": "Enterprise Edition < 14.7-7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6prc-j58r-fmjq", + "refsource": "MISC", + "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6prc-j58r-fmjq" + }, + { + "url": "https://github.com/Enalean/tuleap/commit/6840529def97f564844e810e5a7c5bf837cf58d5", + "refsource": "MISC", + "name": "https://github.com/Enalean/tuleap/commit/6840529def97f564844e810e5a7c5bf837cf58d5" + }, + { + "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=6840529def97f564844e810e5a7c5bf837cf58d5", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=6840529def97f564844e810e5a7c5bf837cf58d5" + }, + { + "url": "https://tuleap.net/plugins/tracker/?aid=31929", + "refsource": "MISC", + "name": "https://tuleap.net/plugins/tracker/?aid=31929" + } + ] + }, + "source": { + "advisory": "GHSA-6prc-j58r-fmjq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32687.json b/2023/32xxx/CVE-2023-32687.json index 095b3bffce3..2a0792d6110 100644 --- a/2023/32xxx/CVE-2023-32687.json +++ b/2023/32xxx/CVE-2023-32687.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tgstation", + "product": { + "product_data": [ + { + "product_name": "tgstation-server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.7.0, < 5.12.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rv76-495p-g7cp", + "refsource": "MISC", + "name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rv76-495p-g7cp" + }, + { + "url": "https://github.com/tgstation/tgstation-server/pull/1487", + "refsource": "MISC", + "name": "https://github.com/tgstation/tgstation-server/pull/1487" + }, + { + "url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.1", + "refsource": "MISC", + "name": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.1" + } + ] + }, + "source": { + "advisory": "GHSA-rv76-495p-g7cp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] }