diff --git a/2023/22xxx/CVE-2023-22098.json b/2023/22xxx/CVE-2023-22098.json index 51a4491cc51..2cf87e67129 100644 --- a/2023/22xxx/CVE-2023-22098.json +++ b/2023/22xxx/CVE-2023-22098.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." } ] } @@ -69,12 +69,12 @@ "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H", - "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.2, "baseSeverity": "HIGH" } ] diff --git a/2023/27xxx/CVE-2023-27171.json b/2023/27xxx/CVE-2023-27171.json index ab93ab76f1f..31958e65ead 100644 --- a/2023/27xxx/CVE-2023-27171.json +++ b/2023/27xxx/CVE-2023-27171.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-27171", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/34xxx/CVE-2023-34194.json b/2023/34xxx/CVE-2023-34194.json index 14af785b0d0..64536fb703c 100644 --- a/2023/34xxx/CVE-2023-34194.json +++ b/2023/34xxx/CVE-2023-34194.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34194", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34194", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\\0' located after whitespace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp", + "refsource": "MISC", + "name": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/sierra21-vulnerabilities", + "url": "https://www.forescout.com/resources/sierra21-vulnerabilities" } ] } diff --git a/2023/47xxx/CVE-2023-47320.json b/2023/47xxx/CVE-2023-47320.json index 76466e94383..d1e5dae3d93 100644 --- a/2023/47xxx/CVE-2023-47320.json +++ b/2023/47xxx/CVE-2023-47320.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47320", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47320", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in \"Maintenance Mode\" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320" } ] } diff --git a/2023/47xxx/CVE-2023-47321.json b/2023/47xxx/CVE-2023-47321.json index 3c4ec4b0767..8c3a3e22edf 100644 --- a/2023/47xxx/CVE-2023-47321.json +++ b/2023/47xxx/CVE-2023-47321.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47321", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47321", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the \"Porlet Deployer\" which allows administrators to deploy .WAR portlets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47321", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47321" } ] } diff --git a/2023/47xxx/CVE-2023-47322.json b/2023/47xxx/CVE-2023-47322.json index e1f2a45e0bf..83311203096 100644 --- a/2023/47xxx/CVE-2023-47322.json +++ b/2023/47xxx/CVE-2023-47322.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47322", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47322", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \"userModify\" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322" } ] } diff --git a/2023/47xxx/CVE-2023-47323.json b/2023/47xxx/CVE-2023-47323.json index f092b5403bb..c386ffcae65 100644 --- a/2023/47xxx/CVE-2023-47323.json +++ b/2023/47xxx/CVE-2023-47323.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47323", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47323", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47323", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47323" } ] } diff --git a/2023/47xxx/CVE-2023-47324.json b/2023/47xxx/CVE-2023-47324.json index 715b4247349..14ae1b3ada4 100644 --- a/2023/47xxx/CVE-2023-47324.json +++ b/2023/47xxx/CVE-2023-47324.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47324", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47324", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "url": "https://github.com/Silverpeas/Silverpeas-Core/pull/1298/commits", + "refsource": "MISC", + "name": "https://github.com/Silverpeas/Silverpeas-Core/pull/1298/commits" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324" } ] } diff --git a/2023/47xxx/CVE-2023-47325.json b/2023/47xxx/CVE-2023-47325.json index ab6e09eb176..2b011162246 100644 --- a/2023/47xxx/CVE-2023-47325.json +++ b/2023/47xxx/CVE-2023-47325.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47325", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47325", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverpeas Core 6.3.1 administrative \"Bin\" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47325", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47325" } ] } diff --git a/2023/47xxx/CVE-2023-47326.json b/2023/47xxx/CVE-2023-47326.json index c7aabdeb3ed..2039d1c297b 100644 --- a/2023/47xxx/CVE-2023-47326.json +++ b/2023/47xxx/CVE-2023-47326.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47326", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47326", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47326", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47326" } ] } diff --git a/2023/47xxx/CVE-2023-47327.json b/2023/47xxx/CVE-2023-47327.json index 25f3c865f92..7dee6c7468d 100644 --- a/2023/47xxx/CVE-2023-47327.json +++ b/2023/47xxx/CVE-2023-47327.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-47327", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-47327", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \"Create a Space\" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://silverpeas.com", + "refsource": "MISC", + "name": "http://silverpeas.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47327", + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47327" } ] } diff --git a/2023/6xxx/CVE-2023-6448.json b/2023/6xxx/CVE-2023-6448.json index ff0580cfd8c..28e75f53bbf 100644 --- a/2023/6xxx/CVE-2023-6448.json +++ b/2023/6xxx/CVE-2023-6448.json @@ -58,6 +58,11 @@ "url": "https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems", "refsource": "MISC", "name": "https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems" + }, + { + "url": "https://www.unitronicsplc.com/cyber_security_vision-samba/", + "refsource": "MISC", + "name": "https://www.unitronicsplc.com/cyber_security_vision-samba/" } ] }, diff --git a/2023/6xxx/CVE-2023-6758.json b/2023/6xxx/CVE-2023-6758.json index 1188697be33..a7654a8f1eb 100644 --- a/2023/6xxx/CVE-2023-6758.json +++ b/2023/6xxx/CVE-2023-6758.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Thecosy IceCMS 2.0.1 ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /adplanet/PlanetCommentList der Komponente API. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Thecosy", + "product": { + "product_data": [ + { + "product_name": "IceCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247886", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247886" + }, + { + "url": "https://vuldb.com/?ctiid.247886", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247886" + }, + { + "url": "http://124.71.147.32:8082/IceCMS4.html", + "refsource": "MISC", + "name": "http://124.71.147.32:8082/IceCMS4.html" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "YuJiu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2023/6xxx/CVE-2023-6759.json b/2023/6xxx/CVE-2023-6759.json index 2c7837823b4..390d9c99c0b 100644 --- a/2023/6xxx/CVE-2023-6759.json +++ b/2023/6xxx/CVE-2023-6759.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Thecosy IceCMS 2.0.1 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /WebResource/resource der Komponente Love Handler. Mit der Manipulation mit unbekannten Daten kann eine improper enforcement of a single, unique action-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-837 Improper Enforcement of a Single, Unique Action", + "cweId": "CWE-837" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Thecosy", + "product": { + "product_data": [ + { + "product_name": "IceCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247887", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247887" + }, + { + "url": "https://vuldb.com/?ctiid.247887", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247887" + }, + { + "url": "http://39.106.130.187/Icecms.html", + "refsource": "MISC", + "name": "http://39.106.130.187/Icecms.html" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Qson (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2023/6xxx/CVE-2023-6779.json b/2023/6xxx/CVE-2023-6779.json new file mode 100644 index 00000000000..3565d2cc4c4 --- /dev/null +++ b/2023/6xxx/CVE-2023-6779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6780.json b/2023/6xxx/CVE-2023-6780.json new file mode 100644 index 00000000000..4d0e51f329b --- /dev/null +++ b/2023/6xxx/CVE-2023-6780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6781.json b/2023/6xxx/CVE-2023-6781.json new file mode 100644 index 00000000000..388d4fcca7e --- /dev/null +++ b/2023/6xxx/CVE-2023-6781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file