From 72496ce4bdb6f20a03100c27b35797b96647faa5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 20 Dec 2023 15:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/43xxx/CVE-2022-43450.json | 113 +++++++++++++++++++++++++++-- 2023/22xxx/CVE-2023-22518.json | 5 ++ 2023/34xxx/CVE-2023-34027.json | 85 ++++++++++++++++++++-- 2023/34xxx/CVE-2023-34382.json | 113 +++++++++++++++++++++++++++-- 2023/35xxx/CVE-2023-35883.json | 113 +++++++++++++++++++++++++++-- 2023/37xxx/CVE-2023-37390.json | 113 +++++++++++++++++++++++++++-- 2023/37xxx/CVE-2023-37982.json | 113 +++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38126.json | 68 ++++++++++++++++-- 2023/38xxx/CVE-2023-38478.json | 113 +++++++++++++++++++++++++++-- 2023/38xxx/CVE-2023-38481.json | 113 +++++++++++++++++++++++++++-- 2023/40xxx/CVE-2023-40602.json | 113 +++++++++++++++++++++++++++-- 2023/41xxx/CVE-2023-41648.json | 85 ++++++++++++++++++++-- 2023/42xxx/CVE-2023-42012.json | 89 +++++++++++++++++++++-- 2023/42xxx/CVE-2023-42013.json | 94 +++++++++++++++++++++++-- 2023/42xxx/CVE-2023-42015.json | 93 ++++++++++++++++++++++-- 2023/42xxx/CVE-2023-42883.json | 5 ++ 2023/42xxx/CVE-2023-42940.json | 59 ++++++++++++++-- 2023/43xxx/CVE-2023-43826.json | 125 +++++++++++++++++++++++++++++++-- 2023/45xxx/CVE-2023-45105.json | 113 +++++++++++++++++++++++++++-- 2023/45xxx/CVE-2023-45172.json | 83 ++++++++++++++++++++-- 2023/45xxx/CVE-2023-45887.json | 61 ++++++++++++++-- 2023/46xxx/CVE-2023-46115.json | 6 +- 2023/46xxx/CVE-2023-46624.json | 113 +++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47146.json | 83 ++++++++++++++++++++-- 2023/47xxx/CVE-2023-47161.json | 94 +++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47267.json | 56 +++++++++++++-- 2023/48xxx/CVE-2023-48327.json | 113 +++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48738.json | 113 +++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48741.json | 113 +++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48764.json | 113 +++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48795.json | 87 ++++++++++++++++++++++- 2023/49xxx/CVE-2023-49004.json | 56 +++++++++++++-- 2023/49xxx/CVE-2023-49147.json | 66 +++++++++++++++-- 2023/49xxx/CVE-2023-49164.json | 113 +++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49706.json | 69 ++++++++++++++++-- 2023/49xxx/CVE-2023-49750.json | 113 +++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49764.json | 113 +++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49797.json | 5 ++ 2023/49xxx/CVE-2023-49812.json | 85 ++++++++++++++++++++-- 2023/4xxx/CVE-2023-4486.json | 35 +++++++-- 2023/50xxx/CVE-2023-50272.json | 81 +++++++++++++++++++-- 2023/50xxx/CVE-2023-50466.json | 56 +++++++++++++-- 2023/50xxx/CVE-2023-50703.json | 97 +++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50704.json | 97 +++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50705.json | 97 +++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50706.json | 97 +++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50707.json | 97 +++++++++++++++++++++++-- 2023/50xxx/CVE-2023-50835.json | 85 ++++++++++++++++++++-- 2023/50xxx/CVE-2023-50917.json | 5 ++ 2023/51xxx/CVE-2023-51457.json | 18 +++++ 2023/51xxx/CVE-2023-51458.json | 18 +++++ 2023/51xxx/CVE-2023-51459.json | 18 +++++ 2023/51xxx/CVE-2023-51460.json | 18 +++++ 2023/51xxx/CVE-2023-51461.json | 18 +++++ 2023/51xxx/CVE-2023-51462.json | 18 +++++ 2023/51xxx/CVE-2023-51463.json | 18 +++++ 2023/51xxx/CVE-2023-51464.json | 18 +++++ 2023/51xxx/CVE-2023-51465.json | 18 +++++ 2023/51xxx/CVE-2023-51466.json | 18 +++++ 2023/5xxx/CVE-2023-5413.json | 80 +++++++++++++++++++-- 2023/6xxx/CVE-2023-6121.json | 18 +++++ 2023/6xxx/CVE-2023-6265.json | 2 +- 2023/6xxx/CVE-2023-6377.json | 5 ++ 2023/6xxx/CVE-2023-6478.json | 5 ++ 2023/6xxx/CVE-2023-6563.json | 2 +- 2023/6xxx/CVE-2023-6689.json | 97 +++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6856.json | 2 +- 2023/6xxx/CVE-2023-6858.json | 2 +- 2023/6xxx/CVE-2023-6860.json | 2 +- 2023/6xxx/CVE-2023-6861.json | 2 +- 2023/6xxx/CVE-2023-6862.json | 2 +- 2023/6xxx/CVE-2023-6863.json | 2 +- 2023/6xxx/CVE-2023-6865.json | 2 +- 2023/6xxx/CVE-2023-6869.json | 2 +- 2023/6xxx/CVE-2023-6928.json | 88 +++++++++++++++++++++-- 2023/6xxx/CVE-2023-6929.json | 88 +++++++++++++++++++++-- 2023/6xxx/CVE-2023-6930.json | 88 +++++++++++++++++++++-- 2023/6xxx/CVE-2023-6954.json | 18 +++++ 2023/6xxx/CVE-2023-6955.json | 18 +++++ 2023/6xxx/CVE-2023-6956.json | 18 +++++ 2023/6xxx/CVE-2023-6957.json | 18 +++++ 2023/6xxx/CVE-2023-6958.json | 18 +++++ 2023/6xxx/CVE-2023-6959.json | 18 +++++ 2023/6xxx/CVE-2023-6960.json | 18 +++++ 2023/6xxx/CVE-2023-6961.json | 18 +++++ 2023/6xxx/CVE-2023-6962.json | 18 +++++ 2023/6xxx/CVE-2023-6963.json | 18 +++++ 2023/6xxx/CVE-2023-6964.json | 18 +++++ 2023/6xxx/CVE-2023-6965.json | 18 +++++ 2023/6xxx/CVE-2023-6966.json | 18 +++++ 2023/6xxx/CVE-2023-6967.json | 18 +++++ 2023/6xxx/CVE-2023-6968.json | 18 +++++ 2023/6xxx/CVE-2023-6969.json | 18 +++++ 2023/6xxx/CVE-2023-6970.json | 18 +++++ 2023/6xxx/CVE-2023-6971.json | 18 +++++ 95 files changed, 4901 insertions(+), 219 deletions(-) create mode 100644 2023/51xxx/CVE-2023-51457.json create mode 100644 2023/51xxx/CVE-2023-51458.json create mode 100644 2023/51xxx/CVE-2023-51459.json create mode 100644 2023/51xxx/CVE-2023-51460.json create mode 100644 2023/51xxx/CVE-2023-51461.json create mode 100644 2023/51xxx/CVE-2023-51462.json create mode 100644 2023/51xxx/CVE-2023-51463.json create mode 100644 2023/51xxx/CVE-2023-51464.json create mode 100644 2023/51xxx/CVE-2023-51465.json create mode 100644 2023/51xxx/CVE-2023-51466.json create mode 100644 2023/6xxx/CVE-2023-6954.json create mode 100644 2023/6xxx/CVE-2023-6955.json create mode 100644 2023/6xxx/CVE-2023-6956.json create mode 100644 2023/6xxx/CVE-2023-6957.json create mode 100644 2023/6xxx/CVE-2023-6958.json create mode 100644 2023/6xxx/CVE-2023-6959.json create mode 100644 2023/6xxx/CVE-2023-6960.json create mode 100644 2023/6xxx/CVE-2023-6961.json create mode 100644 2023/6xxx/CVE-2023-6962.json create mode 100644 2023/6xxx/CVE-2023-6963.json create mode 100644 2023/6xxx/CVE-2023-6964.json create mode 100644 2023/6xxx/CVE-2023-6965.json create mode 100644 2023/6xxx/CVE-2023-6966.json create mode 100644 2023/6xxx/CVE-2023-6967.json create mode 100644 2023/6xxx/CVE-2023-6968.json create mode 100644 2023/6xxx/CVE-2023-6969.json create mode 100644 2023/6xxx/CVE-2023-6970.json create mode 100644 2023/6xxx/CVE-2023-6971.json diff --git a/2022/43xxx/CVE-2022-43450.json b/2022/43xxx/CVE-2022-43450.json index f985832e2eb..2151222bda1 100644 --- a/2022/43xxx/CVE-2022-43450.json +++ b/2022/43xxx/CVE-2022-43450.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "XWP", + "product": { + "product_data": [ + { + "product_name": "Stream", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.9.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.9.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/stream/wordpress-stream-plugin-3-9-2-auth-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/stream/wordpress-stream-plugin-3-9-2-auth-insecure-direct-object-references-idor-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.9.3 or a higher version." + } + ], + "value": "Update to\u00a03.9.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1 (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/22xxx/CVE-2023-22518.json b/2023/22xxx/CVE-2023-22518.json index 1bbfc8c61de..95b246b33ff 100644 --- a/2023/22xxx/CVE-2023-22518.json +++ b/2023/22xxx/CVE-2023-22518.json @@ -135,6 +135,11 @@ "url": "https://jira.atlassian.com/browse/CONFSERVER-93142", "refsource": "MISC", "name": "https://jira.atlassian.com/browse/CONFSERVER-93142" + }, + { + "url": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176264/Atlassian-Confluence-Improper-Authorization-Code-Execution.html" } ] }, diff --git a/2023/34xxx/CVE-2023-34027.json b/2023/34xxx/CVE-2023-34027.json index b071ac87693..5568b822634 100644 --- a/2023/34xxx/CVE-2023-34027.json +++ b/2023/34xxx/CVE-2023-34027.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rajnish Arora", + "product": { + "product_data": [ + { + "product_name": "Recently Viewed Products", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34382.json b/2023/34xxx/CVE-2023-34382.json index 1ed75ad48dc..da6a7b1d4d9 100644 --- a/2023/34xxx/CVE-2023-34382.json +++ b/2023/34xxx/CVE-2023-34382.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in weDevs Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy.This issue affects Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "weDevs", + "product": { + "product_data": [ + { + "product_name": "Dokan \u2013 Best WooCommerce Multivendor Marketplace Solution \u2013 Build Your Own Amazon, eBay, Etsy", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.7.20", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.7.19", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-19-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/dokan-lite/wordpress-dokan-plugin-3-7-19-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.7.20 or a higher version." + } + ], + "value": "Update to\u00a03.7.20 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Theodoros Malachias (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/35xxx/CVE-2023-35883.json b/2023/35xxx/CVE-2023-35883.json index 23c6676ba8e..209a015afe8 100644 --- a/2023/35xxx/CVE-2023-35883.json +++ b/2023/35xxx/CVE-2023-35883.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Magazine3", + "product": { + "product_data": [ + { + "product_name": "Core Web Vitals & PageSpeed Booster", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.13", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.12", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/core-web-vitals-pagespeed-booster/wordpress-core-web-vitals-pagespeed-booster-plugin-1-0-12-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/core-web-vitals-pagespeed-booster/wordpress-core-web-vitals-pagespeed-booster-plugin-1-0-12-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.13 or a higher version." + } + ], + "value": "Update to\u00a01.0.13 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/37xxx/CVE-2023-37390.json b/2023/37xxx/CVE-2023-37390.json index 4cb616b6b9f..8cb0c376983 100644 --- a/2023/37xxx/CVE-2023-37390.json +++ b/2023/37xxx/CVE-2023-37390.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Themesflat", + "product": { + "product_data": [ + { + "product_name": "Themesflat Addons For Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.0.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.0.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/themesflat-addons-for-elementor/wordpress-themesflat-addons-for-elementor-plugin-2-0-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/themesflat-addons-for-elementor/wordpress-themesflat-addons-for-elementor-plugin-2-0-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.0.1 or a higher version." + } + ], + "value": "Update to\u00a02.0.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Robert Rowley (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/37xxx/CVE-2023-37982.json b/2023/37xxx/CVE-2023-37982.json index 6ae1d045016..d565aa0e981 100644 --- a/2023/37xxx/CVE-2023-37982.json +++ b/2023/37xxx/CVE-2023-37982.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CRM Perks", + "product": { + "product_data": [ + { + "product_name": "Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.3.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.3.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.3.4 or a higher version." + } + ], + "value": "Update to\u00a01.3.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38126.json b/2023/38xxx/CVE-2023-38126.json index b0383215208..b04a555d1a2 100644 --- a/2023/38xxx/CVE-2023-38126.json +++ b/2023/38xxx/CVE-2023-38126.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Softing", + "product": { + "product_data": [ + { + "product_name": "edgeAggregator", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.40" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1058/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-23-1058/" + } + ] + }, + "source": { + "lang": "en", + "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2023/38xxx/CVE-2023-38478.json b/2023/38xxx/CVE-2023-38478.json index f83561017f2..4a29c71b7ec 100644 --- a/2023/38xxx/CVE-2023-38478.json +++ b/2023/38xxx/CVE-2023-38478.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CRM Perks", + "product": { + "product_data": [ + { + "product_name": "Integration for WooCommerce and QuickBooks", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.2.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.2.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.2.4 or a higher version." + } + ], + "value": "Update to\u00a01.2.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Phd (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38481.json b/2023/38xxx/CVE-2023-38481.json index a670ee8749f..46fbe8ad2a3 100644 --- a/2023/38xxx/CVE-2023-38481.json +++ b/2023/38xxx/CVE-2023-38481.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CRM Perks", + "product": { + "product_data": [ + { + "product_name": "Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.3.7", + "status": "unaffected" + } + ], + "lessThan": "1.3.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.3.7 or a higher version." + } + ], + "value": "Update to\u00a01.3.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Phd (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40602.json b/2023/40xxx/CVE-2023-40602.json index 8eecd0866ce..8b7f9ac58ea 100644 --- a/2023/40xxx/CVE-2023-40602.json +++ b/2023/40xxx/CVE-2023-40602.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Doofinder", + "product": { + "product_data": [ + { + "product_name": "Doofinder WP & WooCommerce Search", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.0.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.5.49", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-for-woocommerce-plugin-1-5-49-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-for-woocommerce-plugin-1-5-49-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.0.0 or a higher version." + } + ], + "value": "Update to\u00a02.0.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "minhtuanact (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41648.json b/2023/41xxx/CVE-2023-41648.json index a54bad322c3..08716b359d9 100644 --- a/2023/41xxx/CVE-2023-41648.json +++ b/2023/41xxx/CVE-2023-41648.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Swapnil V. Patil", + "product": { + "product_data": [ + { + "product_name": "Login and Logout Redirect", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/login-and-logout-redirect/wordpress-login-and-logout-redirect-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/login-and-logout-redirect/wordpress-login-and-logout-redirect-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Phd (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42012.json b/2023/42xxx/CVE-2023-42012.json index 36efdcb95fd..cb894dec67f 100644 --- a/2023/42xxx/CVE-2023-42012.json +++ b/2023/42xxx/CVE-2023-42012.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42012", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "UrbanCode Deploy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2", + "version_value": "7.2.3.7" + }, + { + "version_affected": "<=", + "version_name": "7.3", + "version_value": "7.3.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7096548", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7096548" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265509", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265509" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42013.json b/2023/42xxx/CVE-2023-42013.json index e95af998da4..1da3f71af84 100644 --- a/2023/42xxx/CVE-2023-42013.json +++ b/2023/42xxx/CVE-2023-42013.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42013", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "UrbanCode Deploy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.1", + "version_value": "7.1.2.14" + }, + { + "version_affected": "<=", + "version_name": "7.2", + "version_value": "7.2.3.7" + }, + { + "version_affected": "<=", + "version_name": "7.3", + "version_value": "7.3.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7096547", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7096547" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265510", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265510" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42015.json b/2023/42xxx/CVE-2023-42015.json index 13cbaa76cbf..539eab2dbba 100644 --- a/2023/42xxx/CVE-2023-42015.json +++ b/2023/42xxx/CVE-2023-42015.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "UrbanCode Deploy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.1", + "version_value": "7.1.2.14" + }, + { + "version_affected": "<=", + "version_name": "7.2", + "version_value": "7.2.3.7" + }, + { + "version_affected": "<=", + "version_name": "7.3", + "version_value": "7.3.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7096546", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7096546" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265512", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265512" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/42xxx/CVE-2023-42883.json b/2023/42xxx/CVE-2023-42883.json index 73f634d7a8c..f1b5eddddfc 100644 --- a/2023/42xxx/CVE-2023-42883.json +++ b/2023/42xxx/CVE-2023-42883.json @@ -166,6 +166,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/18/1", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/12/18/1" + }, + { + "url": "https://www.debian.org/security/2023/dsa-5580", + "refsource": "MISC", + "name": "https://www.debian.org/security/2023/dsa-5580" } ] } diff --git a/2023/42xxx/CVE-2023-42940.json b/2023/42xxx/CVE-2023-42940.json index cdc6251da58..027c8923ab3 100644 --- a/2023/42xxx/CVE-2023-42940.json +++ b/2023/42xxx/CVE-2023-42940.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user who shares their screen may unintentionally share the incorrect content" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "14.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT214048", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT214048" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Dec/20", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2023/Dec/20" } ] } diff --git a/2023/43xxx/CVE-2023-43826.json b/2023/43xxx/CVE-2023-43826.json index f1df1ab961b..f5eeef96df8 100644 --- a/2023/43xxx/CVE-2023-43826.json +++ b/2023/43xxx/CVE-2023-43826.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43826", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Guacamole", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/19/4" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "GUACAMOLE-1867" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Joseph Surin (Elttam)" + }, + { + "lang": "en", + "value": "Matt Jones (Elttam)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 0, + "baseSeverity": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45105.json b/2023/45xxx/CVE-2023-45105.json index 28011d7aec9..fde46d233e6 100644 --- a/2023/45xxx/CVE-2023-45105.json +++ b/2023/45xxx/CVE-2023-45105.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n/a through 3.3.9.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SERVIT Software Solutions", + "product": { + "product_data": [ + { + "product_name": "affiliate-toolkit \u2013 WordPress Affiliate Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.4.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.3.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-wordpress-affiliate-plugin-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-wordpress-affiliate-plugin-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.4.0 or a higher version." + } + ], + "value": "Update to\u00a03.4.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "minhtuanact (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45172.json b/2023/45xxx/CVE-2023-45172.json index d79f0d12c0e..4b9b5656169 100644 --- a/2023/45xxx/CVE-2023-45172.json +++ b/2023/45xxx/CVE-2023-45172.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "AIX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.2, 7.3, VIOS 3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7099314", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7099314" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267970", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267970" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45887.json b/2023/45xxx/CVE-2023-45887.json index c782c055258..0b4e52f11c7 100644 --- a/2023/45xxx/CVE-2023-45887.json +++ b/2023/45xxx/CVE-2023-45887.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45887", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45887", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MikeIsAStar/DS-Wireless-Communication-Remote-Code-Execution", + "refsource": "MISC", + "name": "https://github.com/MikeIsAStar/DS-Wireless-Communication-Remote-Code-Execution" + }, + { + "refsource": "MISC", + "name": "https://pastebin.com/ukRzztv0", + "url": "https://pastebin.com/ukRzztv0" } ] } diff --git a/2023/46xxx/CVE-2023-46115.json b/2023/46xxx/CVE-2023-46115.json index 901baf8025e..39e338e81a3 100644 --- a/2023/46xxx/CVE-2023-46115.json +++ b/2023/46xxx/CVE-2023-46115.json @@ -50,7 +50,11 @@ "version_data": [ { "version_affected": "=", - "version_value": "< 2.0.0-alpha.16" + "version_value": ">= 2.0.0-alpha.0, < 2.0.0-alpha.16" + }, + { + "version_affected": "=", + "version_value": ">= 1.0.0, < 1.5.6" } ] } diff --git a/2023/46xxx/CVE-2023-46624.json b/2023/46xxx/CVE-2023-46624.json index 7e4168df149..9d021bc0ccd 100644 --- a/2023/46xxx/CVE-2023-46624.json +++ b/2023/46xxx/CVE-2023-46624.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Parcel Pro", + "product": { + "product_data": [ + { + "product_name": "Parcel Pro", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.6.12", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.6.11", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-parcel-pro/wordpress-parcel-pro-plugin-1-6-3-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/woo-parcel-pro/wordpress-parcel-pro-plugin-1-6-3-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.6.12 or a higher version." + } + ], + "value": "Update to\u00a01.6.12 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Nguyen Xuan Chien (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47146.json b/2023/47xxx/CVE-2023-47146.json index bf5e516a4db..e948ded27a5 100644 --- a/2023/47xxx/CVE-2023-47146.json +++ b/2023/47xxx/CVE-2023-47146.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.ibm.com/support/pages/node/7099297", + "refsource": "MISC", + "name": "https://https://www.ibm.com/support/pages/node/7099297" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270372", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270372" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47161.json b/2023/47xxx/CVE-2023-47161.json index 8267fd41e72..e9ab054bbdf 100644 --- a/2023/47xxx/CVE-2023-47161.json +++ b/2023/47xxx/CVE-2023-47161.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "UrbanCode Deploy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2", + "version_value": "7.2.3.7" + }, + { + "version_affected": "<=", + "version_name": "7.3", + "version_value": "7.3.2.2" + }, + { + "version_affected": "<=", + "version_name": "7.1", + "version_value": "7.1.2.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7096552", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7096552" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270799", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270799" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47267.json b/2023/47xxx/CVE-2023-47267.json index 195575d5cf3..cf9dfb9dbfd 100644 --- a/2023/47xxx/CVE-2023-47267.json +++ b/2023/47xxx/CVE-2023-47267.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47267", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47267", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093", + "url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-16093" } ] } diff --git a/2023/48xxx/CVE-2023-48327.json b/2023/48xxx/CVE-2023-48327.json index f38a8be6eb1..629c7606d2b 100644 --- a/2023/48xxx/CVE-2023-48327.json +++ b/2023/48xxx/CVE-2023-48327.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48327", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors \u2013 WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors \u2013 WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WC Vendors", + "product": { + "product_data": [ + { + "product_name": "WC Vendors \u2013 WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.4.7.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.4.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wc-vendors/wordpress-wc-vendors-marketplace-plugin-2-4-7-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wc-vendors/wordpress-wc-vendors-marketplace-plugin-2-4-7-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.4.7.1 or a higher version." + } + ], + "value": "Update to\u00a02.4.7.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "LEE SE HYOUNG (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48738.json b/2023/48xxx/CVE-2023-48738.json index 5bfbe9a3ecb..ffd55872516 100644 --- a/2023/48xxx/CVE-2023-48738.json +++ b/2023/48xxx/CVE-2023-48738.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Porto Theme", + "product": { + "product_data": [ + { + "product_name": "Porto Theme - Functionality", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.12.1", + "status": "unaffected" + } + ], + "lessThan": "2.12.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/porto-functionality/wordpress-porto-theme-functionality-plugin-2-11-1-unauthenticated-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/porto-functionality/wordpress-porto-theme-functionality-plugin-2-11-1-unauthenticated-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.12.1 or a higher version." + } + ], + "value": "Update to\u00a02.12.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48741.json b/2023/48xxx/CVE-2023-48741.json index dae851c0495..fbda70811fd 100644 --- a/2023/48xxx/CVE-2023-48741.json +++ b/2023/48xxx/CVE-2023-48741.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QuantumCloud", + "product": { + "product_data": [ + { + "product_name": "AI ChatBot", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.7.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.7.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.7.9 or a higher version." + } + ], + "value": "Update to\u00a04.7.9 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48764.json b/2023/48xxx/CVE-2023-48764.json index 36f45fddafd..169f23cf1e4 100644 --- a/2023/48xxx/CVE-2023-48764.json +++ b/2023/48xxx/CVE-2023-48764.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection \u2013 Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection \u2013 Stop Brute Force Attacks: from n/a through 2.2.5.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GuardGiant Brute Force Protection", + "product": { + "product_data": [ + { + "product_name": "WordPress Brute Force Protection \u2013 Stop Brute Force Attacks", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.2.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/guardgiant/wordpress-wordpress-brute-force-protection-stop-brute-force-attacks-plugin-2-2-5-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/guardgiant/wordpress-wordpress-brute-force-protection-stop-brute-force-attacks-plugin-2-2-5-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2.6 or a higher version." + } + ], + "value": "Update to\u00a02.2.6 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48795.json b/2023/48xxx/CVE-2023-48795.json index aa63dc95330..add8ba1746d 100644 --- a/2023/48xxx/CVE-2023-48795.json +++ b/2023/48xxx/CVE-2023-48795.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31." + "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31." } ] }, @@ -62,6 +62,21 @@ "name": "https://matt.ucc.asn.au/dropbear/CHANGES", "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, + { + "refsource": "MISC", + "name": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", + "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" + }, + { + "refsource": "MISC", + "name": "https://www.netsarang.com/en/xshell-update-history/", + "url": "https://www.netsarang.com/en/xshell-update-history/" + }, + { + "refsource": "MISC", + "name": "https://www.paramiko.org/changelog.html", + "url": "https://www.paramiko.org/changelog.html" + }, { "url": "https://www.openssh.com/openbsd.html", "refsource": "MISC", @@ -261,6 +276,76 @@ "refsource": "MISC", "name": "https://github.com/libssh2/libssh2/pull/1291", "url": "https://github.com/libssh2/libssh2/pull/1291" + }, + { + "refsource": "MISC", + "name": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", + "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" + }, + { + "refsource": "MISC", + "name": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", + "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" + }, + { + "refsource": "MISC", + "name": "https://github.com/rapier1/hpn-ssh/releases", + "url": "https://github.com/rapier1/hpn-ssh/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/proftpd/proftpd/issues/456", + "url": "https://github.com/proftpd/proftpd/issues/456" + }, + { + "refsource": "MISC", + "name": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", + "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" + }, + { + "refsource": "MISC", + "name": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", + "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" + }, + { + "refsource": "MISC", + "name": "https://oryx-embedded.com/download/#changelog", + "url": "https://oryx-embedded.com/download/#changelog" + }, + { + "refsource": "MISC", + "name": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", + "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" + }, + { + "refsource": "MISC", + "name": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", + "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" + }, + { + "refsource": "MISC", + "name": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", + "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" + }, + { + "refsource": "MISC", + "name": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", + "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" + }, + { + "refsource": "MISC", + "name": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", + "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" + }, + { + "refsource": "MISC", + "name": "https://crates.io/crates/thrussh/versions", + "url": "https://crates.io/crates/thrussh/versions" + }, + { + "refsource": "MISC", + "name": "https://github.com/NixOS/nixpkgs/pull/275249", + "url": "https://github.com/NixOS/nixpkgs/pull/275249" } ] } diff --git a/2023/49xxx/CVE-2023-49004.json b/2023/49xxx/CVE-2023-49004.json index f3c03284ea0..e9d7f617699 100644 --- a/2023/49xxx/CVE-2023-49004.json +++ b/2023/49xxx/CVE-2023-49004.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49004", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49004", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md", + "url": "https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md" } ] } diff --git a/2023/49xxx/CVE-2023-49147.json b/2023/49xxx/CVE-2023-49147.json index 18b930d5b5f..f687d1de5dd 100644 --- a/2023/49xxx/CVE-2023-49147.json +++ b/2023/49xxx/CVE-2023-49147.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20231212 SEC Consult SA-20231211-0 :: Local Privilege Escalation via MSI installer in PDF24 Creator", + "url": "http://seclists.org/fulldisclosure/2023/Dec/18" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176206/PDF24-Creator-11.15.1-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/176206/PDF24-Creator-11.15.1-Local-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-pdf24-creator-geek-software-gmbh/", + "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-pdf24-creator-geek-software-gmbh/" } ] } diff --git a/2023/49xxx/CVE-2023-49164.json b/2023/49xxx/CVE-2023-49164.json index cb15b90ed5b..00654cfc5df 100644 --- a/2023/49xxx/CVE-2023-49164.json +++ b/2023/49xxx/CVE-2023-49164.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49164", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OceanWP", + "product": { + "product_data": [ + { + "product_name": "Ocean Extra", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.2.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ocean-extra/wordpress-ocean-extra-plugin-2-2-2-csrf-leading-to-arbitrary-plugin-activation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ocean-extra/wordpress-ocean-extra-plugin-2-2-2-csrf-leading-to-arbitrary-plugin-activation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2.3 or a higher version." + } + ], + "value": "Update to\u00a02.2.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49706.json b/2023/49xxx/CVE-2023-49706.json index 7a9944dee0e..cf4b9d68b67 100644 --- a/2023/49xxx/CVE-2023-49706.json +++ b/2023/49xxx/CVE-2023-49706.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49706", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49706", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.linotp.org/news.html", + "refsource": "MISC", + "name": "https://www.linotp.org/news.html" + }, + { + "refsource": "MISC", + "name": "https://linotp.org/CVE-2023-49706.txt", + "url": "https://linotp.org/CVE-2023-49706.txt" + }, + { + "refsource": "MISC", + "name": "https://linotp.org/security-update-linotp3-selfservice.html", + "url": "https://linotp.org/security-update-linotp3-selfservice.html" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2023/49xxx/CVE-2023-49750.json b/2023/49xxx/CVE-2023-49750.json index 735a3c47ce9..26137a1d1c6 100644 --- a/2023/49xxx/CVE-2023-49750.json +++ b/2023/49xxx/CVE-2023-49750.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spoonthemes", + "product": { + "product_data": [ + { + "product_name": "Couponis - Affiliate & Submitting Coupons WordPress Theme", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2", + "status": "unaffected" + } + ], + "lessThan": "2.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/couponis/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/couponis/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2 or a higher version." + } + ], + "value": "Update to\u00a02.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "FearZzZz (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49764.json b/2023/49xxx/CVE-2023-49764.json index f416eaaf1f4..9bf15c7d0d4 100644 --- a/2023/49xxx/CVE-2023-49764.json +++ b/2023/49xxx/CVE-2023-49764.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Younes JFR.", + "product": { + "product_data": [ + { + "product_name": "Advanced Database Cleaner", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.1.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-database-cleaner/wordpress-advanced-database-cleaner-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/advanced-database-cleaner/wordpress-advanced-database-cleaner-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.1.3 or a higher version." + } + ], + "value": "Update to\u00a03.1.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49797.json b/2023/49xxx/CVE-2023-49797.json index 9e7e8ccd94e..3a9d85c5ff6 100644 --- a/2023/49xxx/CVE-2023-49797.json +++ b/2023/49xxx/CVE-2023-49797.json @@ -77,6 +77,11 @@ "url": "https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623", "refsource": "MISC", "name": "https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRWT34FAF23PUOLVZ7RVWBZMWPDR5U7/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRWT34FAF23PUOLVZ7RVWBZMWPDR5U7/" } ] }, diff --git a/2023/49xxx/CVE-2023-49812.json b/2023/49xxx/CVE-2023-49812.json index fb974aa1a3c..2225a0f255d 100644 --- a/2023/49xxx/CVE-2023-49812.json +++ b/2023/49xxx/CVE-2023-49812.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "J.N. Breetvelt a.k.a. OpaJaap", + "product": { + "product_data": [ + { + "product_name": "WP Photo Album Plus", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "8.5.02.005" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-insecure-direct-object-references-idor-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Kyle Sanchez (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4486.json b/2023/4xxx/CVE-2023-4486.json index eeeac0b7910..06eb2f88fef 100644 --- a/2023/4xxx/CVE-2023-4486.json +++ b/2023/4xxx/CVE-2023-4486.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.\n\n" + "value": "Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to \n\nversions 11.0.6 and 12.0.4\n\n and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.\n\n" } ] }, @@ -41,8 +41,13 @@ "version_data": [ { "version_affected": "<", - "version_name": "0", + "version_name": "12.0", "version_value": "12.0.4" + }, + { + "version_affected": "<", + "version_name": "11.0", + "version_value": "11.0.6" } ] } @@ -53,8 +58,13 @@ "version_data": [ { "version_affected": "<", - "version_name": "0", + "version_name": "12.0", "version_value": "12.0.4" + }, + { + "version_affected": "<", + "version_name": "11.0", + "version_value": "11.0.6" } ] } @@ -103,10 +113,10 @@ { "base64": false, "type": "text/html", - "value": "Update Facility Explorer F4-SNC engine to version 11.0.6.
" + "value": "Update Metasys NAE55, SNE, and SNC engines to version 11.0.6.\n\n
" } ], - "value": "Update Facility Explorer F4-SNC engine to version 11.0.6.\n" + "value": "Update Metasys NAE55, SNE, and SNC engines to version 11.0.6.\n\n\n" }, { "lang": "en", @@ -125,10 +135,21 @@ { "base64": false, "type": "text/html", - "value": "For more information, contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS).
" + "value": "\n\n\n\nUpdate Facility Explorer F4-SNC engine to version 11.0.6.  \n\n\n\n
" } ], - "value": "For more information, contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS).\n" + "value": "\n\n\nUpdate Facility Explorer F4-SNC engine to version 11.0.6. \u00a0\n\n\n\n\n" + }, + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nFor more information, contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS).\n\n
" + } + ], + "value": "\nFor more information, contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS).\n\n\n" } ], "impact": { diff --git a/2023/50xxx/CVE-2023-50272.json b/2023/50xxx/CVE-2023-50272.json index 4fe62ac7002..533c3a99c18 100644 --- a/2023/50xxx/CVE-2023-50272.json +++ b/2023/50xxx/CVE-2023-50272.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Integrated Lights-out 5 (iLO 5), HPE Integrated Lights-out 6 (iLO 6), ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "iLO 5 - v2.63 through versions prior to v3.00" + }, + { + "version_affected": "=", + "version_value": "iLO 6 - v1.05 through versions prior to v1.55" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04584en_us" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50466.json b/2023/50xxx/CVE-2023-50466.json index 399b7ca4a11..ef8b05d9d53 100644 --- a/2023/50xxx/CVE-2023-50466.json +++ b/2023/50xxx/CVE-2023-50466.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50466", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50466", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://literate-bakery-10b.notion.site/Weintek-EasyWeb-cMT-Reports-3fc0b10798b54f51a61d719395c408da?pvs=4", + "refsource": "MISC", + "name": "https://literate-bakery-10b.notion.site/Weintek-EasyWeb-cMT-Reports-3fc0b10798b54f51a61d719395c408da?pvs=4" } ] } diff --git a/2023/50xxx/CVE-2023-50703.json b/2023/50xxx/CVE-2023-50703.json index f18cfd9af51..2009d79bf7e 100644 --- a/2023/50xxx/CVE-2023-50703.json +++ b/2023/50xxx/CVE-2023-50703.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EFACEC", + "product": { + "product_data": [ + { + "product_name": "UC 500E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "version 10.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

EFACEC has released UC 500E version 10.1.1.

For more information, contact EFACEC support.

\n\n
" + } + ], + "value": "\nEFACEC has released UC 500E version 10.1.1.\n\nFor more information, contact EFACEC support https://www.efacec.pt/en/contacts/ .\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50704.json b/2023/50xxx/CVE-2023-50704.json index 598e11b1a6c..39db7c290a8 100644 --- a/2023/50xxx/CVE-2023-50704.json +++ b/2023/50xxx/CVE-2023-50704.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\nAn attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EFACEC", + "product": { + "product_data": [ + { + "product_name": "UC 500E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "version 10.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

EFACEC has released UC 500E version 10.1.1.

For more information, contact EFACEC support.

\n\n
" + } + ], + "value": "\nEFACEC has released UC 500E version 10.1.1.\n\nFor more information, contact EFACEC support https://www.efacec.pt/en/contacts/ .\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50705.json b/2023/50xxx/CVE-2023-50705.json index 166c9ae898b..03f9772c9af 100644 --- a/2023/50xxx/CVE-2023-50705.json +++ b/2023/50xxx/CVE-2023-50705.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\n\n\n\n\nAn attacker could create malicious requests to obtain sensitive information about the web server.\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EFACEC", + "product": { + "product_data": [ + { + "product_name": "UC 500E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "version 10.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

EFACEC has released UC 500E version 10.1.1.

For more information, contact EFACEC support.

\n\n
" + } + ], + "value": "\nEFACEC has released UC 500E version 10.1.1.\n\nFor more information, contact EFACEC support https://www.efacec.pt/en/contacts/ .\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50706.json b/2023/50xxx/CVE-2023-50706.json index 0bbf3fbac29..ed35c5c3426 100644 --- a/2023/50xxx/CVE-2023-50706.json +++ b/2023/50xxx/CVE-2023-50706.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EFACEC", + "product": { + "product_data": [ + { + "product_name": "UC 500E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "version 10.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

EFACEC has released UC 500E version 10.1.1.

For more information, contact EFACEC support.

\n\n
" + } + ], + "value": "\nEFACEC has released UC 500E version 10.1.1.\n\nFor more information, contact EFACEC support https://www.efacec.pt/en/contacts/ .\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "LOW", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50707.json b/2023/50xxx/CVE-2023-50707.json index c3053997f21..0c664fa3e50 100644 --- a/2023/50xxx/CVE-2023-50707.json +++ b/2023/50xxx/CVE-2023-50707.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nThrough the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EFACEC", + "product": { + "product_data": [ + { + "product_name": "BCU 500", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "version 4.07" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

EFACEC released BCU 500 versions 4.08 to mitigate this vulnerability.

For more information, contact EFACEC support.

\n\n
" + } + ], + "value": "\nEFACEC released BCU 500 versions 4.08 to mitigate this vulnerability.\n\nFor more information, contact EFACEC support https://www.efacec.pt/en/contacts/ .\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50835.json b/2023/50xxx/CVE-2023-50835.json index 4595d098c84..f1349cb2951 100644 --- a/2023/50xxx/CVE-2023-50835.json +++ b/2023/50xxx/CVE-2023-50835.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a through 0.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Praveen Goswami", + "product": { + "product_data": [ + { + "product_name": "Advanced Category Template", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-category-template/wordpress-advanced-category-template-plugin-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/advanced-category-template/wordpress-advanced-category-template-plugin-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Skalucy (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50917.json b/2023/50xxx/CVE-2023-50917.json index c8fc4068d02..ae13f67c463 100644 --- a/2023/50xxx/CVE-2023-50917.json +++ b/2023/50xxx/CVE-2023-50917.json @@ -61,6 +61,11 @@ "url": "https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac", "refsource": "MISC", "name": "https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac" + }, + { + "refsource": "FULLDISC", + "name": "20231219 Disclosure of CVE-2023-50917: RCE Vulnerability in MajorDoM", + "url": "http://seclists.org/fulldisclosure/2023/Dec/19" } ] } diff --git a/2023/51xxx/CVE-2023-51457.json b/2023/51xxx/CVE-2023-51457.json new file mode 100644 index 00000000000..e2140dc1600 --- /dev/null +++ b/2023/51xxx/CVE-2023-51457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51458.json b/2023/51xxx/CVE-2023-51458.json new file mode 100644 index 00000000000..a4dc83bf8bd --- /dev/null +++ b/2023/51xxx/CVE-2023-51458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51459.json b/2023/51xxx/CVE-2023-51459.json new file mode 100644 index 00000000000..222cee7a60e --- /dev/null +++ b/2023/51xxx/CVE-2023-51459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51460.json b/2023/51xxx/CVE-2023-51460.json new file mode 100644 index 00000000000..a022d871bd8 --- /dev/null +++ b/2023/51xxx/CVE-2023-51460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51461.json b/2023/51xxx/CVE-2023-51461.json new file mode 100644 index 00000000000..0ad720f54cb --- /dev/null +++ b/2023/51xxx/CVE-2023-51461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51462.json b/2023/51xxx/CVE-2023-51462.json new file mode 100644 index 00000000000..cb32b682bc1 --- /dev/null +++ b/2023/51xxx/CVE-2023-51462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51463.json b/2023/51xxx/CVE-2023-51463.json new file mode 100644 index 00000000000..9225a1797f3 --- /dev/null +++ b/2023/51xxx/CVE-2023-51463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51464.json b/2023/51xxx/CVE-2023-51464.json new file mode 100644 index 00000000000..15cb086989c --- /dev/null +++ b/2023/51xxx/CVE-2023-51464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51465.json b/2023/51xxx/CVE-2023-51465.json new file mode 100644 index 00000000000..8702d6ff1e5 --- /dev/null +++ b/2023/51xxx/CVE-2023-51465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51466.json b/2023/51xxx/CVE-2023-51466.json new file mode 100644 index 00000000000..f54b7760526 --- /dev/null +++ b/2023/51xxx/CVE-2023-51466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5413.json b/2023/5xxx/CVE-2023-5413.json index 1db9b432619..a2ebaf3d08c 100644 --- a/2023/5xxx/CVE-2023-5413.json +++ b/2023/5xxx/CVE-2023-5413.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gopiplus", + "product": { + "product_data": [ + { + "product_name": "Image horizontal reel scroll slideshow", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "13.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28ba6f91-c696-4019-ae87-28ebfbe464cf?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28ba6f91-c696-4019-ae87-28ebfbe464cf?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/image-horizontal-reel-scroll-slideshow/trunk/image-horizontal-reel-scroll-slideshow.php#L212", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/image-horizontal-reel-scroll-slideshow/trunk/image-horizontal-reel-scroll-slideshow.php#L212" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3010834/image-horizontal-reel-scroll-slideshow", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3010834/image-horizontal-reel-scroll-slideshow" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6121.json b/2023/6xxx/CVE-2023-6121.json index 5b6c703b90b..ec082f4dcca 100644 --- a/2023/6xxx/CVE-2023-6121.json +++ b/2023/6xxx/CVE-2023-6121.json @@ -35,6 +35,24 @@ "vendor_name": "n/a", "product": { "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7-rc3", + "status": "unaffected" + } + ] + } + } + ] + } + }, { "product_name": "kernel", "version": { diff --git a/2023/6xxx/CVE-2023-6265.json b/2023/6xxx/CVE-2023-6265.json index 9dfb594694a..bf68cf59b79 100644 --- a/2023/6xxx/CVE-2023-6265.json +++ b/2023/6xxx/CVE-2023-6265.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** UNSUPPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported." } ] }, diff --git a/2023/6xxx/CVE-2023-6377.json b/2023/6xxx/CVE-2023-6377.json index ab3f35b82ce..05855baf28e 100644 --- a/2023/6xxx/CVE-2023-6377.json +++ b/2023/6xxx/CVE-2023-6377.json @@ -244,6 +244,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/" } ] }, diff --git a/2023/6xxx/CVE-2023-6478.json b/2023/6xxx/CVE-2023-6478.json index 492a9672b76..bcde9dc88b5 100644 --- a/2023/6xxx/CVE-2023-6478.json +++ b/2023/6xxx/CVE-2023-6478.json @@ -239,6 +239,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/" } ] }, diff --git a/2023/6xxx/CVE-2023-6563.json b/2023/6xxx/CVE-2023-6563.json index 99c33944e42..f5669d636a4 100644 --- a/2023/6xxx/CVE-2023-6563.json +++ b/2023/6xxx/CVE-2023-6563.json @@ -178,7 +178,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] diff --git a/2023/6xxx/CVE-2023-6689.json b/2023/6xxx/CVE-2023-6689.json index c81aee5d7a7..2bb08569197 100644 --- a/2023/6xxx/CVE-2023-6689.json +++ b/2023/6xxx/CVE-2023-6689.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\nA successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EFACEC", + "product": { + "product_data": [ + { + "product_name": "BCU 500", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "version 4.07" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

EFACEC released BCU 500 versions 4.08 to mitigate this vulnerability.

For more information, contact EFACEC support.

\n\n
" + } + ], + "value": "\nEFACEC released BCU 500 versions 4.08 to mitigate this vulnerability.\n\nFor more information, contact EFACEC support https://www.efacec.pt/en/contacts/ .\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6856.json b/2023/6xxx/CVE-2023-6856.json index ede6267c469..a5e9bc39db0 100644 --- a/2023/6xxx/CVE-2023-6856.json +++ b/2023/6xxx/CVE-2023-6856.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap-buffer-overflow affecting WebGL `DrawElementsInstanced` method with Mesa VM driver" + "value": "Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver" } ] } diff --git a/2023/6xxx/CVE-2023-6858.json b/2023/6xxx/CVE-2023-6858.json index 8914bf858ae..2740100886f 100644 --- a/2023/6xxx/CVE-2023-6858.json +++ b/2023/6xxx/CVE-2023-6858.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap buffer overflow in `nsTextFragment`" + "value": "Heap buffer overflow in nsTextFragment" } ] } diff --git a/2023/6xxx/CVE-2023-6860.json b/2023/6xxx/CVE-2023-6860.json index f960f338761..1645b0a854a 100644 --- a/2023/6xxx/CVE-2023-6860.json +++ b/2023/6xxx/CVE-2023-6860.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Potential sandbox escape due to `VideoBridge` lack of texture validation" + "value": "Potential sandbox escape due to VideoBridge lack of texture validation" } ] } diff --git a/2023/6xxx/CVE-2023-6861.json b/2023/6xxx/CVE-2023-6861.json index 8c27e33c777..ba29bee84d0 100644 --- a/2023/6xxx/CVE-2023-6861.json +++ b/2023/6xxx/CVE-2023-6861.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap buffer overflow affected `nsWindow::PickerOpen(void)` in headless mode" + "value": "Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode" } ] } diff --git a/2023/6xxx/CVE-2023-6862.json b/2023/6xxx/CVE-2023-6862.json index c54cb3ad005..af7a29b762b 100644 --- a/2023/6xxx/CVE-2023-6862.json +++ b/2023/6xxx/CVE-2023-6862.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Use-after-free in `nsDNSService`" + "value": "Use-after-free in nsDNSService" } ] } diff --git a/2023/6xxx/CVE-2023-6863.json b/2023/6xxx/CVE-2023-6863.json index 2c500aac380..8f7c26c7a71 100644 --- a/2023/6xxx/CVE-2023-6863.json +++ b/2023/6xxx/CVE-2023-6863.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Undefined behavior in `ShutdownObserver()`" + "value": "Undefined behavior in ShutdownObserver()" } ] } diff --git a/2023/6xxx/CVE-2023-6865.json b/2023/6xxx/CVE-2023-6865.json index d7c0d03294d..57cb653bc87 100644 --- a/2023/6xxx/CVE-2023-6865.json +++ b/2023/6xxx/CVE-2023-6865.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Potential exposure of uninitialized data in `EncryptingOutputStream`" + "value": "Potential exposure of uninitialized data in EncryptingOutputStream" } ] } diff --git a/2023/6xxx/CVE-2023-6869.json b/2023/6xxx/CVE-2023-6869.json index 84c3ba819c0..cd15414618a 100644 --- a/2023/6xxx/CVE-2023-6869.json +++ b/2023/6xxx/CVE-2023-6869.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A `` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121." + "value": "A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121." } ] }, diff --git a/2023/6xxx/CVE-2023-6928.json b/2023/6xxx/CVE-2023-6928.json index b15b4b15ea4..881cec32a9f 100644 --- a/2023/6xxx/CVE-2023-6928.json +++ b/2023/6xxx/CVE-2023-6928.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nEuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts", + "cweId": "CWE-307" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EuroTel", + "product": { + "product_data": [ + { + "product_name": "ETL3100", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v01c01" + }, + { + "version_affected": "=", + "version_value": "v01x37" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Gjoko Krstic" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6929.json b/2023/6xxx/CVE-2023-6929.json index 4485b275304..354787ba050 100644 --- a/2023/6xxx/CVE-2023-6929.json +++ b/2023/6xxx/CVE-2023-6929.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\nEuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EuroTel", + "product": { + "product_data": [ + { + "product_name": "ETL3100", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v01c01" + }, + { + "version_affected": "=", + "version_value": "v01x37" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Gjoko Krstic" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6930.json b/2023/6xxx/CVE-2023-6930.json index 3c57b4eb41e..0f50148482e 100644 --- a/2023/6xxx/CVE-2023-6930.json +++ b/2023/6xxx/CVE-2023-6930.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\n\n\n\n\n\n\nEuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.\n\n\n\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " CWE-284 Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EuroTel", + "product": { + "product_data": [ + { + "product_name": "ETL3100", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v01c01" + }, + { + "version_affected": "=", + "version_value": "v01x37" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Gjoko Krstic" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6954.json b/2023/6xxx/CVE-2023-6954.json new file mode 100644 index 00000000000..230f633296e --- /dev/null +++ b/2023/6xxx/CVE-2023-6954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6955.json b/2023/6xxx/CVE-2023-6955.json new file mode 100644 index 00000000000..1c13fa28527 --- /dev/null +++ b/2023/6xxx/CVE-2023-6955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6956.json b/2023/6xxx/CVE-2023-6956.json new file mode 100644 index 00000000000..dc9fa90b149 --- /dev/null +++ b/2023/6xxx/CVE-2023-6956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6957.json b/2023/6xxx/CVE-2023-6957.json new file mode 100644 index 00000000000..132e783628c --- /dev/null +++ b/2023/6xxx/CVE-2023-6957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6958.json b/2023/6xxx/CVE-2023-6958.json new file mode 100644 index 00000000000..6d805b29698 --- /dev/null +++ b/2023/6xxx/CVE-2023-6958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6959.json b/2023/6xxx/CVE-2023-6959.json new file mode 100644 index 00000000000..32998a10fd5 --- /dev/null +++ b/2023/6xxx/CVE-2023-6959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6960.json b/2023/6xxx/CVE-2023-6960.json new file mode 100644 index 00000000000..0d6404a105a --- /dev/null +++ b/2023/6xxx/CVE-2023-6960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6961.json b/2023/6xxx/CVE-2023-6961.json new file mode 100644 index 00000000000..d84ac7c1c0d --- /dev/null +++ b/2023/6xxx/CVE-2023-6961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6962.json b/2023/6xxx/CVE-2023-6962.json new file mode 100644 index 00000000000..b7ff4b025b2 --- /dev/null +++ b/2023/6xxx/CVE-2023-6962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6963.json b/2023/6xxx/CVE-2023-6963.json new file mode 100644 index 00000000000..367cb7156bc --- /dev/null +++ b/2023/6xxx/CVE-2023-6963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6964.json b/2023/6xxx/CVE-2023-6964.json new file mode 100644 index 00000000000..15cb9784774 --- /dev/null +++ b/2023/6xxx/CVE-2023-6964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6965.json b/2023/6xxx/CVE-2023-6965.json new file mode 100644 index 00000000000..119473aa017 --- /dev/null +++ b/2023/6xxx/CVE-2023-6965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6966.json b/2023/6xxx/CVE-2023-6966.json new file mode 100644 index 00000000000..fb1ab0d73ec --- /dev/null +++ b/2023/6xxx/CVE-2023-6966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6967.json b/2023/6xxx/CVE-2023-6967.json new file mode 100644 index 00000000000..20d5c6d195c --- /dev/null +++ b/2023/6xxx/CVE-2023-6967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6968.json b/2023/6xxx/CVE-2023-6968.json new file mode 100644 index 00000000000..bbe452bc6fe --- /dev/null +++ b/2023/6xxx/CVE-2023-6968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6969.json b/2023/6xxx/CVE-2023-6969.json new file mode 100644 index 00000000000..1c99e28bd05 --- /dev/null +++ b/2023/6xxx/CVE-2023-6969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6970.json b/2023/6xxx/CVE-2023-6970.json new file mode 100644 index 00000000000..d0190107c9c --- /dev/null +++ b/2023/6xxx/CVE-2023-6970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6971.json b/2023/6xxx/CVE-2023-6971.json new file mode 100644 index 00000000000..cc3c5e1a31a --- /dev/null +++ b/2023/6xxx/CVE-2023-6971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file