admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-07 09:00:32 +00:00
parent f9b0b9a573
commit 88faf20df3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 340 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

193
2021/24xxx/CVE-2021-24366.json
View File

@ -1,97 +1,102 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24366",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Admin Columns Free < 4.3 & Pro < 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) in Label"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AdminColumns",
"product": {
"product_data": [
{
"product_name": "Admin Columns",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "3.0",
"version_value": "3.0"
},
{
"version_affected": "<",
"version_name": "4.3",
"version_value": "4.3"
}
]
}
},
{
"product_name": "Admin Columns Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.5.1",
"version_value": "5.5.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field 'Label' parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/05427156-4d5c-4aeb-add8-1c574fda5c28",
"name": "https://wpscan.com/vulnerability/05427156-4d5c-4aeb-add8-1c574fda5c28"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24366",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24366"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-24366",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Admin Columns",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0",
"version_value": "4.3"
}
]
}
},
{
"product_name": "Admin Columns Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/05427156-4d5c-4aeb-add8-1c574fda5c28",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/05427156-4d5c-4aeb-add8-1c574fda5c28"
},
{
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24366",
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24366"
},
{
"url": "https://github.com/codepress/admin-columns/commit/b45571ed21d574d13687213a5002e0c68e4442c7",
"refsource": "MISC",
"name": "https://github.com/codepress/admin-columns/commit/b45571ed21d574d13687213a5002e0c68e4442c7"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Daniel Elkabes of WhiteSource"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Elkabes of WhiteSource"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}

56
2023/43xxx/CVE-2023-43885.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-43885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.rtlcopymemory.com/tenda-rx9-pro/",
"url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
}
]
}

56
2023/43xxx/CVE-2023-43886.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43886",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-43886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.rtlcopymemory.com/tenda-rx9-pro/",
"url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
}
]
}

92
2023/46xxx/CVE-2023-46851.json
View File

@ -1,18 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.\u00a0 Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution.\n\nThis issue affects Apache Allura from 1.0.1 through 1.15.0.\n\nUsers are recommended to upgrade to version 1.16.0, which fixes the issue.\u00a0 If you are unable to upgrade, set \"disable_entry_points.allura.importers = forge-tracker, forge-discussion\" in your .ini config file.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-73 External Control of File Name or Path",
"cweId": "CWE-73"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Allura",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.1",
"version_value": "1.15.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://allura.apache.org/posts/2023-allura-1.16.0.html",
"refsource": "MISC",
"name": "https://allura.apache.org/posts/2023-allura-1.16.0.html"
},
{
"url": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/hqk0vltl7qgrq215zgwjfoj0khbov0gx"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Stefan Schiller (Sonar)"
}
]
}

18
2023/5xxx/CVE-2023-5981.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5982.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5983.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}