diff --git a/2020/20xxx/CVE-2020-20808.json b/2020/20xxx/CVE-2020-20808.json index 435d4143967..c59af61aa94 100644 --- a/2020/20xxx/CVE-2020-20808.json +++ b/2020/20xxx/CVE-2020-20808.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20808", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20808", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alorfm/vuln/blob/master/qibosoft_cross_Site_Scripting.md", + "refsource": "MISC", + "name": "https://github.com/alorfm/vuln/blob/master/qibosoft_cross_Site_Scripting.md" } ] } diff --git a/2023/26xxx/CVE-2023-26979.json b/2023/26xxx/CVE-2023-26979.json index 28520cf6ef5..a61ac85e305 100644 --- a/2023/26xxx/CVE-2023-26979.json +++ b/2023/26xxx/CVE-2023-26979.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26979", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26979", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://bluetens.com", + "refsource": "MISC", + "name": "http://bluetens.com" + }, + { + "refsource": "MISC", + "name": "https://www.secura.com/blog/serious-safety-impact-found-in-bluetooth-low-energy-based-medical-devices", + "url": "https://www.secura.com/blog/serious-safety-impact-found-in-bluetooth-low-energy-based-medical-devices" } ] } diff --git a/2023/36xxx/CVE-2023-36212.json b/2023/36xxx/CVE-2023-36212.json index af6de14fa6d..86017cec0c2 100644 --- a/2023/36xxx/CVE-2023-36212.json +++ b/2023/36xxx/CVE-2023-36212.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36212", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36212", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/51500", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51500" + }, + { + "url": "https://packetstormsecurity.com/files/172687/Total-CMS-1.7.4-Shell-Upload.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/172687/Total-CMS-1.7.4-Shell-Upload.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/capture0x/Total-CMS-EXPLOIT/", + "url": "https://github.com/capture0x/Total-CMS-EXPLOIT/" } ] } diff --git a/2023/36xxx/CVE-2023-36255.json b/2023/36xxx/CVE-2023-36255.json index 371c6a6e9eb..7cf14bf7957 100644 --- a/2023/36xxx/CVE-2023-36255.json +++ b/2023/36xxx/CVE-2023-36255.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36255", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36255", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://eramba.com", + "refsource": "MISC", + "name": "http://eramba.com" + }, + { + "refsource": "MISC", + "name": "https://trovent.io/security-advisory-2303-01/", + "url": "https://trovent.io/security-advisory-2303-01/" } ] } diff --git a/2023/38xxx/CVE-2023-38954.json b/2023/38xxx/CVE-2023-38954.json index b69f08628a3..6c6198d92f3 100644 --- a/2023/38xxx/CVE-2023-38954.json +++ b/2023/38xxx/CVE-2023-38954.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://zkteco.com", + "refsource": "MISC", + "name": "http://zkteco.com" + }, + { + "refsource": "MISC", + "name": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38954", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38954" } ] } diff --git a/2023/38xxx/CVE-2023-38955.json b/2023/38xxx/CVE-2023-38955.json index e04e8375257..60964dc2975 100644 --- a/2023/38xxx/CVE-2023-38955.json +++ b/2023/38xxx/CVE-2023-38955.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38955", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38955", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://zkteco.com", + "refsource": "MISC", + "name": "http://zkteco.com" + }, + { + "refsource": "MISC", + "name": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38955", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38955" } ] } diff --git a/2023/38xxx/CVE-2023-38956.json b/2023/38xxx/CVE-2023-38956.json index c883afcf9b8..05a50deda55 100644 --- a/2023/38xxx/CVE-2023-38956.json +++ b/2023/38xxx/CVE-2023-38956.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38956", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38956", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://zkteco.com", + "refsource": "MISC", + "name": "http://zkteco.com" + }, + { + "refsource": "MISC", + "name": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38956", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38956" } ] } diff --git a/2023/38xxx/CVE-2023-38958.json b/2023/38xxx/CVE-2023-38958.json index d7a227df554..b936d538ee6 100644 --- a/2023/38xxx/CVE-2023-38958.json +++ b/2023/38xxx/CVE-2023-38958.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38958", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38958", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://zkteco.com", + "refsource": "MISC", + "name": "http://zkteco.com" + }, + { + "refsource": "MISC", + "name": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38958", + "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-38958" } ] } diff --git a/2023/4xxx/CVE-2023-4123.json b/2023/4xxx/CVE-2023-4123.json new file mode 100644 index 00000000000..93abe35a2cd --- /dev/null +++ b/2023/4xxx/CVE-2023-4123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file