From 9343ca8aa3124a3360774372e8c156b7d1bec333 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 1 Jun 2023 23:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/10xxx/CVE-2015-10110.json | 128 +++++++++++++++++++++++++++++++- 2016/15xxx/CVE-2016-15032.json | 129 ++++++++++++++++++++++++++++++++- 2023/3xxx/CVE-2023-3044.json | 18 +++++ 3 files changed, 267 insertions(+), 8 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3044.json diff --git a/2015/10xxx/CVE-2015-10110.json b/2015/10xxx/CVE-2015-10110.json index 1e8b8abfb2c..44280cc762e 100644 --- a/2015/10xxx/CVE-2015-10110.json +++ b/2015/10xxx/CVE-2015-10110.json @@ -1,17 +1,137 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-10110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392." + }, + { + "lang": "deu", + "value": "In ruddernation TinyChat Room Spy Plugin bis 1.2.8 f\u00fcr WordPress wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion wp_show_room_spy der Datei room-spy.php. Durch Manipulieren des Arguments room mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.2.9 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ab72627a963d61fb3bc31018e3855b08dc94a979 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ruddernation", + "product": { + "product_data": [ + { + "product_name": "TinyChat Room Spy Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0" + }, + { + "version_affected": "=", + "version_value": "1.2.1" + }, + { + "version_affected": "=", + "version_value": "1.2.2" + }, + { + "version_affected": "=", + "version_value": "1.2.3" + }, + { + "version_affected": "=", + "version_value": "1.2.4" + }, + { + "version_affected": "=", + "version_value": "1.2.5" + }, + { + "version_affected": "=", + "version_value": "1.2.6" + }, + { + "version_affected": "=", + "version_value": "1.2.7" + }, + { + "version_affected": "=", + "version_value": "1.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.230392", + "refsource": "MISC", + "name": "https://vuldb.com/?id.230392" + }, + { + "url": "https://vuldb.com/?ctiid.230392", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.230392" + }, + { + "url": "https://github.com/wp-plugins/tinychat-roomspy/commit/ab72627a963d61fb3bc31018e3855b08dc94a979", + "refsource": "MISC", + "name": "https://github.com/wp-plugins/tinychat-roomspy/commit/ab72627a963d61fb3bc31018e3855b08dc94a979" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2016/15xxx/CVE-2016-15032.json b/2016/15xxx/CVE-2016-15032.json index bfbdc4b2b47..a3f84b16eb2 100644 --- a/2016/15xxx/CVE-2016-15032.json +++ b/2016/15xxx/CVE-2016-15032.json @@ -1,17 +1,138 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2016-15032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine Schwachstelle in mback2k mh_httpbl Extension bis 1.1.7 f\u00fcr TYPO3 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion stopOutput der Datei class.tx_mhhttpbl.php. Durch das Manipulieren des Arguments $_SERVER['REMOTE_ADDR'] mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.1.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a754bf306a433a8c18b55e25595593e8f19b9463 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mback2k", + "product": { + "product_data": [ + { + "product_name": "mh_httpbl Extension", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + }, + { + "version_affected": "=", + "version_value": "1.1.1" + }, + { + "version_affected": "=", + "version_value": "1.1.2" + }, + { + "version_affected": "=", + "version_value": "1.1.3" + }, + { + "version_affected": "=", + "version_value": "1.1.4" + }, + { + "version_affected": "=", + "version_value": "1.1.5" + }, + { + "version_affected": "=", + "version_value": "1.1.6" + }, + { + "version_affected": "=", + "version_value": "1.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.230391", + "refsource": "MISC", + "name": "https://vuldb.com/?id.230391" + }, + { + "url": "https://vuldb.com/?ctiid.230391", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.230391" + }, + { + "url": "https://github.com/mback2k/mh_httpbl/commit/a754bf306a433a8c18b55e25595593e8f19b9463", + "refsource": "MISC", + "name": "https://github.com/mback2k/mh_httpbl/commit/a754bf306a433a8c18b55e25595593e8f19b9463" + }, + { + "url": "https://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_security", + "refsource": "MISC", + "name": "https://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_security" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3044.json b/2023/3xxx/CVE-2023-3044.json new file mode 100644 index 00000000000..56c0ab93c03 --- /dev/null +++ b/2023/3xxx/CVE-2023-3044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file