diff --git a/2012/10xxx/CVE-2012-10013.json b/2012/10xxx/CVE-2012-10013.json index 1f902842b91..4702df83d61 100644 --- a/2012/10xxx/CVE-2012-10013.json +++ b/2012/10xxx/CVE-2012-10013.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2012-10013", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Kau-Boy Backend Localization Plugin bis 1.6.1 f\u00fcr WordPress ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei backend_localization.php. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 43dc96defd7944da12ff116476a6890acd7dd24b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kau-Boy", + "product": { + "product_data": [ + { + "product_name": "Backend Localization Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.6.0" + }, + { + "version_affected": "=", + "version_value": "1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.227231", + "refsource": "MISC", + "name": "https://vuldb.com/?id.227231" + }, + { + "url": "https://vuldb.com/?ctiid.227231", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.227231" + }, + { + "url": "https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/kau-boys-backend-localization/commit/43dc96defd7944da12ff116476a6890acd7dd24b" + }, + { + "url": "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2012/10xxx/CVE-2012-10014.json b/2012/10xxx/CVE-2012-10014.json index 609482d6283..e1b0a8c2602 100644 --- a/2012/10xxx/CVE-2012-10014.json +++ b/2012/10xxx/CVE-2012-10014.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2012-10014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Kau-Boy Backend Localization Plugin 2.0 f\u00fcr WordPress entdeckt. Es geht dabei um die Funktion backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend der Datei backend_localization.php. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 2.0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 36f457ee16dd114e510fd91a3ea9fbb3c1f87184 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kau-Boy", + "product": { + "product_data": [ + { + "product_name": "Backend Localization Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.227232", + "refsource": "MISC", + "name": "https://vuldb.com/?id.227232" + }, + { + "url": "https://vuldb.com/?ctiid.227232", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.227232" + }, + { + "url": "https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/kau-boys-backend-localization/commit/36f457ee16dd114e510fd91a3ea9fbb3c1f87184" + }, + { + "url": "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0.1", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/kau-boys-backend-localization/releases/tag/2.0.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/22xxx/CVE-2023-22918.json b/2023/22xxx/CVE-2023-22918.json index 20da3f226ef..9580e5fbc54 100644 --- a/2023/22xxx/CVE-2023-22918.json +++ b/2023/22xxx/CVE-2023-22918.json @@ -3,8 +3,9 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "PSIRT@zyxel.com.tw", - "ID": "CVE-2023-22918" + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2023-22918", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -13,7 +14,7 @@ "vendor_name": "Zyxel", "product": { "product_data": [ - { + { "product_name": "ATP series firmware", "version": { "version_data": [ @@ -23,7 +24,7 @@ ] } }, - { + { "product_name": "USG FLEX series firmware", "version": { "version_data": [ @@ -33,7 +34,7 @@ ] } }, - { + { "product_name": "USG FLEX 50(W) firmware", "version": { "version_data": [ @@ -43,7 +44,7 @@ ] } }, - { + { "product_name": "USG20(W)-VPN firmware", "version": { "version_data": [ @@ -53,7 +54,7 @@ ] } }, - { + { "product_name": "VPN series firmware", "version": { "version_data": [ @@ -63,7 +64,7 @@ ] } }, - { + { "product_name": "NWA110AX firmware", "version": { "version_data": [ @@ -73,7 +74,7 @@ ] } }, - { + { "product_name": "WAC500 firmware", "version": { "version_data": [ @@ -83,7 +84,7 @@ ] } }, - { + { "product_name": "WAX510D firmware", "version": { "version_data": [ @@ -93,7 +94,7 @@ ] } } - ] + ] } } ] @@ -135,4 +136,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2023/26xxx/CVE-2023-26059.json b/2023/26xxx/CVE-2023-26059.json index f2e0a9f7574..e042405857f 100644 --- a/2023/26xxx/CVE-2023-26059.json +++ b/2023/26xxx/CVE-2023-26059.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26059", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nokia.com", + "refsource": "MISC", + "name": "https://nokia.com" + }, + { + "refsource": "MISC", + "name": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-03/", + "url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-03/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:C/UI:R", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/26xxx/CVE-2023-26097.json b/2023/26xxx/CVE-2023-26097.json index a04dce50e50..88e63b7bb62 100644 --- a/2023/26xxx/CVE-2023-26097.json +++ b/2023/26xxx/CVE-2023-26097.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26097", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26097", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.telindus.lu/fr/produits/apsal", + "refsource": "MISC", + "name": "https://www.telindus.lu/fr/produits/apsal" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-26097", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-26097" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/26xxx/CVE-2023-26099.json b/2023/26xxx/CVE-2023-26099.json index 1537643a6ed..70d459f968e 100644 --- a/2023/26xxx/CVE-2023-26099.json +++ b/2023/26xxx/CVE-2023-26099.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26099", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26099", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.telindus.lu/fr/produits/apsal", + "refsource": "MISC", + "name": "https://www.telindus.lu/fr/produits/apsal" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-26099", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-26099" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:L/A:N/C:L/I:L/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/26xxx/CVE-2023-26865.json b/2023/26xxx/CVE-2023-26865.json index 36b443cafa0..e1b57936f95 100644 --- a/2023/26xxx/CVE-2023-26865.json +++ b/2023/26xxx/CVE-2023-26865.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26865", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26865", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bdroppy.com/dropshipping-apps-integrations-bdroppy/", + "refsource": "MISC", + "name": "https://bdroppy.com/dropshipping-apps-integrations-bdroppy/" + }, + { + "refsource": "MISC", + "name": "https://friends-of-presta.github.io/security-advisories/modules/2023/04/20/bdroppy.html", + "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/04/20/bdroppy.html" } ] } diff --git a/2023/27xxx/CVE-2023-27524.json b/2023/27xxx/CVE-2023-27524.json index a13f8784f14..bd4820a8ae1 100644 --- a/2023/27xxx/CVE-2023-27524.json +++ b/2023/27xxx/CVE-2023-27524.json @@ -59,6 +59,11 @@ "url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk", "refsource": "MISC", "name": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/04/24/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/04/24/2" } ] }, diff --git a/2023/27xxx/CVE-2023-27848.json b/2023/27xxx/CVE-2023-27848.json index 845ae57d63a..6d2c38ca357 100644 --- a/2023/27xxx/CVE-2023-27848.json +++ b/2023/27xxx/CVE-2023-27848.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27848", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27848", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/package/broccoli-compass", + "refsource": "MISC", + "name": "https://www.npmjs.com/package/broccoli-compass" + }, + { + "refsource": "MISC", + "name": "https://github.com/omnitaint/Vulnerability-Reports/blob/9d65add2bca71ed6d6b2e281ee6790a12504ff8e/reports/broccoli-compass/report.md", + "url": "https://github.com/omnitaint/Vulnerability-Reports/blob/9d65add2bca71ed6d6b2e281ee6790a12504ff8e/reports/broccoli-compass/report.md" } ] } diff --git a/2023/27xxx/CVE-2023-27849.json b/2023/27xxx/CVE-2023-27849.json index a8d303cd5e1..f1f5f2d61c1 100644 --- a/2023/27xxx/CVE-2023-27849.json +++ b/2023/27xxx/CVE-2023-27849.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27849", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27849", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/package/rails-routes-to-json", + "refsource": "MISC", + "name": "https://www.npmjs.com/package/rails-routes-to-json" + }, + { + "refsource": "MISC", + "name": "https://github.com/omnitaint/Vulnerability-Reports/blob/2211ea4712f24d20b7f223fb737910fdfb041edb/reports/rails-routes-to-json/report.md", + "url": "https://github.com/omnitaint/Vulnerability-Reports/blob/2211ea4712f24d20b7f223fb737910fdfb041edb/reports/rails-routes-to-json/report.md" } ] } diff --git a/2023/27xxx/CVE-2023-27990.json b/2023/27xxx/CVE-2023-27990.json index b1563ac9728..c069f53267e 100644 --- a/2023/27xxx/CVE-2023-27990.json +++ b/2023/27xxx/CVE-2023-27990.json @@ -3,8 +3,9 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "PSIRT@zyxel.com.tw", - "ID": "CVE-2023-27990" + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2023-27990", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -13,7 +14,7 @@ "vendor_name": "Zyxel", "product": { "product_data": [ - { + { "product_name": "ATP series firmware", "version": { "version_data": [ @@ -23,7 +24,7 @@ ] } }, - { + { "product_name": "USG FLEX series firmware", "version": { "version_data": [ @@ -33,7 +34,7 @@ ] } }, - { + { "product_name": "USG FLEX 50(W) firmware", "version": { "version_data": [ @@ -43,7 +44,7 @@ ] } }, - { + { "product_name": "USG20(W)-VPN firmware", "version": { "version_data": [ @@ -53,7 +54,7 @@ ] } }, - { + { "product_name": "VPN series firmware", "version": { "version_data": [ @@ -63,7 +64,7 @@ ] } } - ] + ] } } ] @@ -105,4 +106,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2023/27xxx/CVE-2023-27991.json b/2023/27xxx/CVE-2023-27991.json index b99769b061e..0ff55564457 100644 --- a/2023/27xxx/CVE-2023-27991.json +++ b/2023/27xxx/CVE-2023-27991.json @@ -3,8 +3,9 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "PSIRT@zyxel.com.tw", - "ID": "CVE-2023-27991" + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2023-27991", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -13,7 +14,7 @@ "vendor_name": "Zyxel", "product": { "product_data": [ - { + { "product_name": "ATP series firmware", "version": { "version_data": [ @@ -23,7 +24,7 @@ ] } }, - { + { "product_name": "USG FLEX series firmware", "version": { "version_data": [ @@ -33,7 +34,7 @@ ] } }, - { + { "product_name": "USG FLEX 50(W) firmware", "version": { "version_data": [ @@ -43,7 +44,7 @@ ] } }, - { + { "product_name": "USG20(W)-VPN firmware", "version": { "version_data": [ @@ -53,7 +54,7 @@ ] } }, - { + { "product_name": "VPN series firmware", "version": { "version_data": [ @@ -63,7 +64,7 @@ ] } } - ] + ] } } ] @@ -105,4 +106,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29566.json b/2023/29xxx/CVE-2023-29566.json index f5be2827303..6a058a43fab 100644 --- a/2023/29xxx/CVE-2023-29566.json +++ b/2023/29xxx/CVE-2023-29566.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-29566", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-29566", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/package/dawnsparks-node-tesseract", + "refsource": "MISC", + "name": "https://www.npmjs.com/package/dawnsparks-node-tesseract" + }, + { + "url": "https://github.com/rona-dinihari/dawnsparks-node-tesseract", + "refsource": "MISC", + "name": "https://github.com/rona-dinihari/dawnsparks-node-tesseract" + }, + { + "url": "https://github.com/rona-dinihari/dawnsparks-node-tesseract/commit/81d1664f0b9fe521534acfae1d5b9c40127b36c1", + "refsource": "MISC", + "name": "https://github.com/rona-dinihari/dawnsparks-node-tesseract/commit/81d1664f0b9fe521534acfae1d5b9c40127b36c1" + }, + { + "refsource": "MISC", + "name": "https://github.com/omnitaint/Vulnerability-Reports/blob/ec3645003c7f8996459b5b24c722474adc2d599f/reports/dawnsparks-node-tesseract/report.md", + "url": "https://github.com/omnitaint/Vulnerability-Reports/blob/ec3645003c7f8996459b5b24c722474adc2d599f/reports/dawnsparks-node-tesseract/report.md" } ] } diff --git a/2023/30xxx/CVE-2023-30776.json b/2023/30xxx/CVE-2023-30776.json index 4cc4658f630..1a6dbb2dd4a 100644 --- a/2023/30xxx/CVE-2023-30776.json +++ b/2023/30xxx/CVE-2023-30776.json @@ -59,6 +59,11 @@ "url": "https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz", "refsource": "MISC", "name": "https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/04/24/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/04/24/3" } ] }, diff --git a/2023/31xxx/CVE-2023-31122.json b/2023/31xxx/CVE-2023-31122.json new file mode 100644 index 00000000000..0ce94baa682 --- /dev/null +++ b/2023/31xxx/CVE-2023-31122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-31122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file