From 87f7a5ea6bf5c1cf3d11fa97f84488fb266c971c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 13 Mar 2023 13:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0628.json | 2 +- 2023/1xxx/CVE-2023-1372.json | 94 ++++++++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1373.json | 18 +++++++ 2023/1xxx/CVE-2023-1374.json | 90 ++++++++++++++++++++++++++++++++ 2023/24xxx/CVE-2023-24577.json | 61 +++++++++++++++++++--- 2023/24xxx/CVE-2023-24578.json | 61 +++++++++++++++++++--- 2023/24xxx/CVE-2023-24579.json | 61 +++++++++++++++++++--- 2023/26xxx/CVE-2023-26074.json | 80 ++++++++++++++++++++++++++--- 2023/28xxx/CVE-2023-28159.json | 18 +++++++ 2023/28xxx/CVE-2023-28160.json | 18 +++++++ 2023/28xxx/CVE-2023-28161.json | 18 +++++++ 2023/28xxx/CVE-2023-28162.json | 18 +++++++ 2023/28xxx/CVE-2023-28163.json | 18 +++++++ 2023/28xxx/CVE-2023-28164.json | 18 +++++++ 14 files changed, 550 insertions(+), 25 deletions(-) create mode 100644 2023/1xxx/CVE-2023-1372.json create mode 100644 2023/1xxx/CVE-2023-1373.json create mode 100644 2023/1xxx/CVE-2023-1374.json create mode 100644 2023/28xxx/CVE-2023-28159.json create mode 100644 2023/28xxx/CVE-2023-28160.json create mode 100644 2023/28xxx/CVE-2023-28161.json create mode 100644 2023/28xxx/CVE-2023-28162.json create mode 100644 2023/28xxx/CVE-2023-28163.json create mode 100644 2023/28xxx/CVE-2023-28164.json diff --git a/2023/0xxx/CVE-2023-0628.json b/2023/0xxx/CVE-2023-0628.json index c5a396d8cd4..abdac32abd4 100644 --- a/2023/0xxx/CVE-2023-0628.json +++ b/2023/0xxx/CVE-2023-0628.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL." + "value": "Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL." } ] }, diff --git a/2023/1xxx/CVE-2023-1372.json b/2023/1xxx/CVE-2023-1372.json new file mode 100644 index 00000000000..10d2188141a --- /dev/null +++ b/2023/1xxx/CVE-2023-1372.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1372", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "webhostings", + "product": { + "product_data": [ + { + "product_name": "WH Testimonials", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6fe5f1a-787e-4662-915f-c6f04961e194", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6fe5f1a-787e-4662-915f-c6f04961e194" + }, + { + "url": "https://danielkelley.me/wh-testimonials-reflected-xss-vulnerability-via-wh-homepage-parameter-in-version-3-0-0-and-below/", + "refsource": "MISC", + "name": "https://danielkelley.me/wh-testimonials-reflected-xss-vulnerability-via-wh-homepage-parameter-in-version-3-0-0-and-below/" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wh-testimonials/trunk/wh-testimonials.php#L177", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wh-testimonials/trunk/wh-testimonials.php#L177" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Kelley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1373.json b/2023/1xxx/CVE-2023-1373.json new file mode 100644 index 00000000000..2cc6ff9d7f1 --- /dev/null +++ b/2023/1xxx/CVE-2023-1373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1374.json b/2023/1xxx/CVE-2023-1374.json new file mode 100644 index 00000000000..01aaeb7aef3 --- /dev/null +++ b/2023/1xxx/CVE-2023-1374.json @@ -0,0 +1,90 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1374", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "solidres", + "product": { + "product_data": [ + { + "product_name": "Solidres \u2013 Hotel booking plugin for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "0.9.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4" + }, + { + "url": "https://danielkelley.me/solidres-hotel-booking-plugin-for-wordpress-post-based-xss-vulnerability-in-add-new-currency-feature/", + "refsource": "MISC", + "name": "https://danielkelley.me/solidres-hotel-booking-plugin-for-wordpress-post-based-xss-vulnerability-in-add-new-currency-feature/" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/solidres/trunk/admin/currencies/edit.php#L15", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/solidres/trunk/admin/currencies/edit.php#L15" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Kelley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24577.json b/2023/24xxx/CVE-2023-24577.json index dcf1c57c9d2..77968fdd3be 100644 --- a/2023/24xxx/CVE-2023-24577.json +++ b/2023/24xxx/CVE-2023-24577.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24577", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24577", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html", + "refsource": "MISC", + "name": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html" + }, + { + "refsource": "MISC", + "name": "https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view", + "url": "https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view" } ] } diff --git a/2023/24xxx/CVE-2023-24578.json b/2023/24xxx/CVE-2023-24578.json index a6c054b2b7c..29727183f7c 100644 --- a/2023/24xxx/CVE-2023-24578.json +++ b/2023/24xxx/CVE-2023-24578.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24578", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24578", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html", + "refsource": "MISC", + "name": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html" + }, + { + "refsource": "MISC", + "name": "https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view", + "url": "https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view" } ] } diff --git a/2023/24xxx/CVE-2023-24579.json b/2023/24xxx/CVE-2023-24579.json index 8a1b5f51c17..fe3fff2771e 100644 --- a/2023/24xxx/CVE-2023-24579.json +++ b/2023/24xxx/CVE-2023-24579.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24579", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24579", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html", + "refsource": "MISC", + "name": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html" + }, + { + "refsource": "MISC", + "name": "https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view", + "url": "https://www.mcafee.com/support/?articleId=TS103397&page=shell&shell=article-view" } ] } diff --git a/2023/26xxx/CVE-2023-26074.json b/2023/26xxx/CVE-2023-26074.json index 6680f7862f5..18f47ed59cb 100644 --- a/2023/26xxx/CVE-2023-26074.json +++ b/2023/26xxx/CVE-2023-26074.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26074", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding operator-defined access category definitions." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://semiconductor.samsung.com/processor/modem/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/processor/modem/" + }, + { + "url": "https://semiconductor.samsung.com/processor/mobile-processor/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/processor/mobile-processor/" + }, + { + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:L/I:L/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28159.json b/2023/28xxx/CVE-2023-28159.json new file mode 100644 index 00000000000..f56f2b53168 --- /dev/null +++ b/2023/28xxx/CVE-2023-28159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28160.json b/2023/28xxx/CVE-2023-28160.json new file mode 100644 index 00000000000..e8a1b383300 --- /dev/null +++ b/2023/28xxx/CVE-2023-28160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28161.json b/2023/28xxx/CVE-2023-28161.json new file mode 100644 index 00000000000..02c8d3fef1d --- /dev/null +++ b/2023/28xxx/CVE-2023-28161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28162.json b/2023/28xxx/CVE-2023-28162.json new file mode 100644 index 00000000000..51bdc047003 --- /dev/null +++ b/2023/28xxx/CVE-2023-28162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28163.json b/2023/28xxx/CVE-2023-28163.json new file mode 100644 index 00000000000..69df68b9f79 --- /dev/null +++ b/2023/28xxx/CVE-2023-28163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28164.json b/2023/28xxx/CVE-2023-28164.json new file mode 100644 index 00000000000..2331e841692 --- /dev/null +++ b/2023/28xxx/CVE-2023-28164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-28164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file