diff --git a/2015/1xxx/CVE-2015-1390.json b/2015/1xxx/CVE-2015-1390.json index 0e1b0d87456..83fa8ae09de 100644 --- a/2015/1xxx/CVE-2015-1390.json +++ b/2015/1xxx/CVE-2015-1390.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1390", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt" } ] } diff --git a/2015/1xxx/CVE-2015-1391.json b/2015/1xxx/CVE-2015-1391.json index 19c561dc857..264474a52c2 100644 --- a/2015/1xxx/CVE-2015-1391.json +++ b/2015/1xxx/CVE-2015-1391.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1391", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt" } ] } diff --git a/2015/2xxx/CVE-2015-2201.json b/2015/2xxx/CVE-2015-2201.json index 19b714e959f..38f2097a0c4 100644 --- a/2015/2xxx/CVE-2015-2201.json +++ b/2015/2xxx/CVE-2015-2201.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2201", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt" } ] } diff --git a/2015/2xxx/CVE-2015-2202.json b/2015/2xxx/CVE-2015-2202.json index c0a84a84020..a29065114e3 100644 --- a/2015/2xxx/CVE-2015-2202.json +++ b/2015/2xxx/CVE-2015-2202.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt" } ] } diff --git a/2017/9xxx/CVE-2017-9453.json b/2017/9xxx/CVE-2017-9453.json index 0d9509cdbca..89702e535ec 100644 --- a/2017/9xxx/CVE-2017-9453.json +++ b/2017/9xxx/CVE-2017-9453.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9453", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html", + "refsource": "MISC", + "name": "https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31242.json b/2023/31xxx/CVE-2023-31242.json index e415872a4a2..bc2d7e25944 100644 --- a/2023/31xxx/CVE-2023-31242.json +++ b/2023/31xxx/CVE-2023-31242.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769" } ] }, diff --git a/2023/32xxx/CVE-2023-32271.json b/2023/32xxx/CVE-2023-32271.json index b0013298896..ea5660e23bb 100644 --- a/2023/32xxx/CVE-2023-32271.json +++ b/2023/32xxx/CVE-2023-32271.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774" } ] }, diff --git a/2023/32xxx/CVE-2023-32615.json b/2023/32xxx/CVE-2023-32615.json index 47f59728628..a16fc1d30f2 100644 --- a/2023/32xxx/CVE-2023-32615.json +++ b/2023/32xxx/CVE-2023-32615.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771" } ] }, diff --git a/2023/34xxx/CVE-2023-34317.json b/2023/34xxx/CVE-2023-34317.json index 1cc5c03faba..606bc96cb5c 100644 --- a/2023/34xxx/CVE-2023-34317.json +++ b/2023/34xxx/CVE-2023-34317.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772" } ] }, diff --git a/2023/34xxx/CVE-2023-34353.json b/2023/34xxx/CVE-2023-34353.json index 4eec681e713..c787a6029f4 100644 --- a/2023/34xxx/CVE-2023-34353.json +++ b/2023/34xxx/CVE-2023-34353.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776" } ] }, diff --git a/2023/34xxx/CVE-2023-34994.json b/2023/34xxx/CVE-2023-34994.json index 7097cb3ed2f..57841273e8e 100644 --- a/2023/34xxx/CVE-2023-34994.json +++ b/2023/34xxx/CVE-2023-34994.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773" } ] }, diff --git a/2023/34xxx/CVE-2023-34998.json b/2023/34xxx/CVE-2023-34998.json index 002fb31c639..92239b03598 100644 --- a/2023/34xxx/CVE-2023-34998.json +++ b/2023/34xxx/CVE-2023-34998.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770" } ] }, diff --git a/2023/35xxx/CVE-2023-35065.json b/2023/35xxx/CVE-2023-35065.json index 28de3254164..519f995a381 100644 --- a/2023/35xxx/CVE-2023-35065.json +++ b/2023/35xxx/CVE-2023-35065.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Osoft", + "product": { + "product_data": [ + { + "product_name": "Paint Production Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0490", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0490" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0490", + "defect": [ + "TR-23-0490" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Gokhan UYGAN" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/35xxx/CVE-2023-35068.json b/2023/35xxx/CVE-2023-35068.json index f537b017188..a70b9cc49b7 100644 --- a/2023/35xxx/CVE-2023-35068.json +++ b/2023/35xxx/CVE-2023-35068.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BMA", + "product": { + "product_data": [ + { + "product_name": "Personnel Tracking System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "20230904" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0491", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0491" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0491", + "defect": [ + "TR-23-0491" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Gokhan UYGAN" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/35xxx/CVE-2023-35072.json b/2023/35xxx/CVE-2023-35072.json index 382c8a6b9dc..15c4992ddeb 100644 --- a/2023/35xxx/CVE-2023-35072.json +++ b/2023/35xxx/CVE-2023-35072.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35072", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 .\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Coyav Travel", + "product": { + "product_data": [ + { + "product_name": "Proagent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "20230904 " + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0492", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0492" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0492", + "defect": [ + "TR-23-0492" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Resul Melih MACIT" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/35xxx/CVE-2023-35124.json b/2023/35xxx/CVE-2023-35124.json index 232fa720356..05ca0d71cca 100644 --- a/2023/35xxx/CVE-2023-35124.json +++ b/2023/35xxx/CVE-2023-35124.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775", + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775" } ] }, diff --git a/2023/39xxx/CVE-2023-39598.json b/2023/39xxx/CVE-2023-39598.json index 58e411b6759..b6bfa155481 100644 --- a/2023/39xxx/CVE-2023-39598.json +++ b/2023/39xxx/CVE-2023-39598.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39598", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39598", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c", + "url": "https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c" } ] } diff --git a/2023/39xxx/CVE-2023-39681.json b/2023/39xxx/CVE-2023-39681.json index 55b7dcab1c9..98448efdb2c 100644 --- a/2023/39xxx/CVE-2023-39681.json +++ b/2023/39xxx/CVE-2023-39681.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39681", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39681", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yanbochen97/CuppaCMS_RCE", + "refsource": "MISC", + "name": "https://github.com/yanbochen97/CuppaCMS_RCE" } ] } diff --git a/2023/3xxx/CVE-2023-3616.json b/2023/3xxx/CVE-2023-3616.json index 9d94273b886..0cb03180ba9 100644 --- a/2023/3xxx/CVE-2023-3616.json +++ b/2023/3xxx/CVE-2023-3616.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mava Software", + "product": { + "product_data": [ + { + "product_name": "Hotel Management System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0493", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-23-0493" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-23-0493", + "defect": [ + "TR-23-0493" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Resul Melih MACIT" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40918.json b/2023/40xxx/CVE-2023-40918.json index 25ec0bb6d75..415b426ca5e 100644 --- a/2023/40xxx/CVE-2023-40918.json +++ b/2023/40xxx/CVE-2023-40918.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-40918", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-40918", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/didi/KnowStreaming/issues/1128", + "refsource": "MISC", + "name": "https://github.com/didi/KnowStreaming/issues/1128" } ] }