admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-19 13:00:38 +00:00
parent 60ccf2b50a
commit 7632d0e3f8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 509 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/30xxx/CVE-2022-30256.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-cdce244fb8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230619 [SECURITY] [DLA 3457-1] maradns security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html"
}
]
}

113
2022/46xxx/CVE-2022-46850.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46850",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <=\u00a00.1.3 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nabil Lemsieh",
"product": {
"product_data": [
{
"product_name": "Easy Media Replace",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "0.2.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "0.1.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/easy-media-replace/wordpress-easy-media-replace-plugin-0-1-3-arbitrary-file-deletion?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/easy-media-replace/wordpress-easy-media-replace-plugin-0-1-3-arbitrary-file-deletion?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;0.2.0 or a higher version."
}
],
"value": "Update to\u00a00.2.0 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Jeong Seong Ho (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
]
}

89
2023/2xxx/CVE-2023-2907.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Marksoft",
"product": {
"product_data": [
{
"product_name": "Marksoft",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "Mobile:v.7.1.7 ; Login:1.4 ; API:20230605"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0363",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-23-0363"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "TR-23-0363",
"defect": [
"TR-23-0363"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Alican OZDEMIR"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2023/31xxx/CVE-2023-31137.json
View File

@ -78,6 +78,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/06/msg00019.html"
}
]
},

85
2023/33xxx/CVE-2023-33213.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33213",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields \u2013 wpView plugin <=\u00a01.3.0 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gVectors",
"product": {
"product_data": [
{
"product_name": "Display Custom Fields \u2013 wpView",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wpview/wordpress-wpview-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wpview/wordpress-wpview-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Bae Song Hyun (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/34xxx/CVE-2023-34373.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <=\u00a03.3.93 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dylan James",
"product": {
"product_data": [
{
"product_name": "Zephyr Project Manager",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.3.94",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.3.93",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-93-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-93-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;3.3.94 or a higher version."
}
],
"value": "Update to\u00a03.3.94 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Theodoros Malachias (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

9
2023/3xxx/CVE-2023-3047.json
View File

@ -59,6 +59,11 @@
"url": "https://www.usom.gov.tr/bildirim/tr-23-0345",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-23-0345"
},
{
"url": "https://fordefence.com/cve-2023-3047-tmt-lockcell-sql-injection/",
"refsource": "MISC",
"name": "https://fordefence.com/cve-2023-3047-tmt-lockcell-sql-injection/"
}
]
},
@ -88,11 +93,11 @@
"credits": [
{
"lang": "en",
"value": "Omer YILMAZ"
"value": "Efe OZEL"
},
{
"lang": "en",
"value": "Efe OZEL"
"value": "Omer YILMAZ"
},
{
"lang": "en",

9
2023/3xxx/CVE-2023-3048.json
View File

@ -59,6 +59,11 @@
"url": "https://www.usom.gov.tr/bildirim/tr-23-0345",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-23-0345"
},
{
"url": "https://fordefence.com/cve-2023-3048-authorization-bypass-through-user-controlled-key-vulnerability-allows-authentication-abuse-authentication-bypass/",
"refsource": "MISC",
"name": "https://fordefence.com/cve-2023-3048-authorization-bypass-through-user-controlled-key-vulnerability-allows-authentication-abuse-authentication-bypass/"
}
]
},
@ -88,11 +93,11 @@
"credits": [
{
"lang": "en",
"value": "Omer YILMAZ"
"value": "Efe OZEL"
},
{
"lang": "en",
"value": "Efe OZEL"
"value": "Omer YILMAZ"
},
{
"lang": "en",

9
2023/3xxx/CVE-2023-3049.json
View File

@ -59,6 +59,11 @@
"url": "https://www.usom.gov.tr/bildirim/tr-23-0345",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-23-0345"
},
{
"url": "https://fordefence.com/cve-2023-3049-unrestricted-upload-of-file-with-dangerous-type-vulnerability-allows-command-injection/",
"refsource": "MISC",
"name": "https://fordefence.com/cve-2023-3049-unrestricted-upload-of-file-with-dangerous-type-vulnerability-allows-command-injection/"
}
]
},
@ -88,11 +93,11 @@
"credits": [
{
"lang": "en",
"value": "Omer YILMAZ"
"value": "Efe OZEL"
},
{
"lang": "en",
"value": "Efe OZEL"
"value": "Omer YILMAZ"
},
{
"lang": "en",

9
2023/3xxx/CVE-2023-3050.json
View File

@ -59,6 +59,11 @@
"url": "https://www.usom.gov.tr/bildirim/tr-23-0345",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-23-0345"
},
{
"url": "https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/",
"refsource": "MISC",
"name": "https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/"
}
]
},
@ -88,11 +93,11 @@
"credits": [
{
"lang": "en",
"value": "Omer YILMAZ"
"value": "Efe OZEL"
},
{
"lang": "en",
"value": "Efe OZEL"
"value": "Omer YILMAZ"
},
{
"lang": "en",

91
2023/3xxx/CVE-2023-3318.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3318",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231937 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Resort Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Mit der Manipulation des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Resort Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.231937",
"refsource": "MISC",
"name": "https://vuldb.com/?id.231937"
},
{
"url": "https://vuldb.com/?ctiid.231937",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.231937"
}
]
},
"credits": [
{
"lang": "en",
"value": "kr1shna4garwal (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}