diff --git a/2022/4xxx/CVE-2022-4297.json b/2022/4xxx/CVE-2022-4297.json index 3a85b16f86e..20262471142 100644 --- a/2022/4xxx/CVE-2022-4297.json +++ b/2022/4xxx/CVE-2022-4297.json @@ -39,8 +39,18 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "custom", + "version": "0", + "lessThanOrEqual": "1.0.4" + } + ], + "defaultStatus": "affected" + } } ] } @@ -57,6 +67,11 @@ "url": "https://wpscan.com/vulnerability/e2dcc76c-65ac-4cd6-a5c9-6d813b5ac26d", "refsource": "MISC", "name": "https://wpscan.com/vulnerability/e2dcc76c-65ac-4cd6-a5c9-6d813b5ac26d" + }, + { + "url": "http://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21670.json b/2023/21xxx/CVE-2023-21670.json index b47b09a6731..16de1b97d8f 100644 --- a/2023/21xxx/CVE-2023-21670.json +++ b/2023/21xxx/CVE-2023-21670.json @@ -773,6 +773,11 @@ "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin", "refsource": "MISC", "name": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin" + }, + { + "url": "http://packetstormsecurity.com/files/173296/Qualcomm-Adreno-KGSL-Insecure-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173296/Qualcomm-Adreno-KGSL-Insecure-Execution.html" } ] }, diff --git a/2023/24xxx/CVE-2023-24078.json b/2023/24xxx/CVE-2023-24078.json index 28e9b56c1e0..65ad47cb1a7 100644 --- a/2023/24xxx/CVE-2023-24078.json +++ b/2023/24xxx/CVE-2023-24078.json @@ -56,6 +56,11 @@ "url": "https://github.com/ojan2021/Fuguhub-8.1-RCE", "refsource": "MISC", "name": "https://github.com/ojan2021/Fuguhub-8.1-RCE" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173279/FuguHub-8.1-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/173279/FuguHub-8.1-Remote-Code-Execution.html" } ] } diff --git a/2023/31xxx/CVE-2023-31999.json b/2023/31xxx/CVE-2023-31999.json index 65df588d6de..c65fb41a914 100644 --- a/2023/31xxx/CVE-2023-31999.json +++ b/2023/31xxx/CVE-2023-31999.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it.\r\n\r\nv7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "npm", + "product": { + "product_data": [ + { + "product_name": "@fastify/oauth2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "v7.2.0", + "version_value": "v7.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/2020418", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2020418" + }, + { + "url": "https://auth0.com/docs/secure/attack-protection/state-parameters", + "refsource": "MISC", + "name": "https://auth0.com/docs/secure/attack-protection/state-parameters" + }, + { + "url": "https://github.com/fastify/fastify-oauth2/releases/tag/v7.2.0", + "refsource": "MISC", + "name": "https://github.com/fastify/fastify-oauth2/releases/tag/v7.2.0" } ] } diff --git a/2023/36xxx/CVE-2023-36346.json b/2023/36xxx/CVE-2023-36346.json index ebfb8e6ed10..aec41f207ec 100644 --- a/2023/36xxx/CVE-2023-36346.json +++ b/2023/36xxx/CVE-2023-36346.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://yuyudhn.github.io/pos-codekop-vulnerability/", "url": "https://yuyudhn.github.io/pos-codekop-vulnerability/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.html" } ] } diff --git a/2023/36xxx/CVE-2023-36348.json b/2023/36xxx/CVE-2023-36348.json index 5ce2b1e6011..b93588715e9 100644 --- a/2023/36xxx/CVE-2023-36348.json +++ b/2023/36xxx/CVE-2023-36348.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://yuyudhn.github.io/pos-codekop-vulnerability/", "url": "https://yuyudhn.github.io/pos-codekop-vulnerability/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.html" } ] } diff --git a/2023/36xxx/CVE-2023-36355.json b/2023/36xxx/CVE-2023-36355.json index 268b854c731..0041509a288 100644 --- a/2023/36xxx/CVE-2023-36355.json +++ b/2023/36xxx/CVE-2023-36355.json @@ -56,6 +56,11 @@ "url": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/9/TP-Link%20TL-WR940N%20wireless%20router%20userRpmWanDynamicIpV6CfgRpm%20buffer%20write%20out-of-bounds%20vulnerability.md", "refsource": "MISC", "name": "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/9/TP-Link%20TL-WR940N%20wireless%20router%20userRpmWanDynamicIpV6CfgRpm%20buffer%20write%20out-of-bounds%20vulnerability.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/173294/TP-Link-TL-WR940N-4-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/173294/TP-Link-TL-WR940N-4-Buffer-Overflow.html" } ] }