From 6ab1769c14f80b2a3a876a1f11b22064fd08ccc7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 May 2023 12:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/45xxx/CVE-2022-45846.json | 113 +++++++++++++++++++++++++++++++-- 2023/1xxx/CVE-2023-1732.json | 94 +++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2626.json | 18 ++++++ 2023/32xxx/CVE-2023-32594.json | 18 ++++++ 2023/32xxx/CVE-2023-32595.json | 18 ++++++ 2023/32xxx/CVE-2023-32596.json | 18 ++++++ 2023/32xxx/CVE-2023-32597.json | 18 ++++++ 2023/32xxx/CVE-2023-32598.json | 18 ++++++ 2023/32xxx/CVE-2023-32599.json | 18 ++++++ 2023/32xxx/CVE-2023-32600.json | 18 ++++++ 2023/32xxx/CVE-2023-32601.json | 18 ++++++ 2023/32xxx/CVE-2023-32602.json | 18 ++++++ 2023/32xxx/CVE-2023-32603.json | 18 ++++++ 13 files changed, 397 insertions(+), 8 deletions(-) create mode 100644 2023/2xxx/CVE-2023-2626.json create mode 100644 2023/32xxx/CVE-2023-32594.json create mode 100644 2023/32xxx/CVE-2023-32595.json create mode 100644 2023/32xxx/CVE-2023-32596.json create mode 100644 2023/32xxx/CVE-2023-32597.json create mode 100644 2023/32xxx/CVE-2023-32598.json create mode 100644 2023/32xxx/CVE-2023-32599.json create mode 100644 2023/32xxx/CVE-2023-32600.json create mode 100644 2023/32xxx/CVE-2023-32601.json create mode 100644 2023/32xxx/CVE-2023-32602.json create mode 100644 2023/32xxx/CVE-2023-32603.json diff --git a/2022/45xxx/CVE-2022-45846.json b/2022/45xxx/CVE-2022-45846.json index d4fe369dc69..8c05347b282 100644 --- a/2022/45xxx/CVE-2022-45846.json +++ b/2022/45xxx/CVE-2022-45846.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin <\u00a05.6.9 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nickys", + "product": { + "product_data": [ + { + "product_name": "Image Map Pro for WordPress - Interactive SVG Image Map Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.6.9", + "status": "unaffected" + } + ], + "lessThan": "5.6.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/image-map-pro-wordpress/wordpress-image-map-pro-premium-plugin-5-5-0-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/image-map-pro-wordpress/wordpress-image-map-pro-premium-plugin-5-5-0-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 5.6.9 or a higher version." + } + ], + "value": "Update to\u00a05.6.9 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1732.json b/2023/1xxx/CVE-2023-1732.json index b826b5857fa..b3f10120d44 100644 --- a/2023/1xxx/CVE-2023-1732.json +++ b/2023/1xxx/CVE-2023-1732.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@cloudflare.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read()\u00a0returns an error. In rare deployment cases (error thrown by the Read()\u00a0function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-755 Improper Handling of Exceptional Conditions", + "cweId": "CWE-755" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cloudflare", + "product": { + "product_data": [ + { + "product_name": "CIRCL", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "<1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x", + "refsource": "MISC", + "name": "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Tom Thorogood" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2626.json b/2023/2xxx/CVE-2023-2626.json new file mode 100644 index 00000000000..ad356369455 --- /dev/null +++ b/2023/2xxx/CVE-2023-2626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32594.json b/2023/32xxx/CVE-2023-32594.json new file mode 100644 index 00000000000..b1905604f59 --- /dev/null +++ b/2023/32xxx/CVE-2023-32594.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32594", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32595.json b/2023/32xxx/CVE-2023-32595.json new file mode 100644 index 00000000000..03a040d47fc --- /dev/null +++ b/2023/32xxx/CVE-2023-32595.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32595", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32596.json b/2023/32xxx/CVE-2023-32596.json new file mode 100644 index 00000000000..9531b7dc668 --- /dev/null +++ b/2023/32xxx/CVE-2023-32596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32597.json b/2023/32xxx/CVE-2023-32597.json new file mode 100644 index 00000000000..568fec69ed4 --- /dev/null +++ b/2023/32xxx/CVE-2023-32597.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32597", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32598.json b/2023/32xxx/CVE-2023-32598.json new file mode 100644 index 00000000000..62835cd207b --- /dev/null +++ b/2023/32xxx/CVE-2023-32598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32599.json b/2023/32xxx/CVE-2023-32599.json new file mode 100644 index 00000000000..d33e93cf9cc --- /dev/null +++ b/2023/32xxx/CVE-2023-32599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32600.json b/2023/32xxx/CVE-2023-32600.json new file mode 100644 index 00000000000..5c01f1454e6 --- /dev/null +++ b/2023/32xxx/CVE-2023-32600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32601.json b/2023/32xxx/CVE-2023-32601.json new file mode 100644 index 00000000000..4dbafbb264b --- /dev/null +++ b/2023/32xxx/CVE-2023-32601.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32602.json b/2023/32xxx/CVE-2023-32602.json new file mode 100644 index 00000000000..c966261c907 --- /dev/null +++ b/2023/32xxx/CVE-2023-32602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32603.json b/2023/32xxx/CVE-2023-32603.json new file mode 100644 index 00000000000..b3cb51dbbe3 --- /dev/null +++ b/2023/32xxx/CVE-2023-32603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-32603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file