admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-13 08:00:42 +00:00
parent 8954d99faa
commit a0d99769dd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 162 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2023/1xxx/CVE-2023-1323.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
"value": "The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
@ -39,18 +39,9 @@
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "6.8.8"
}
],
"defaultStatus": "affected"
}
"version_affected": "<",
"version_name": "0",
"version_value": "6.8.9"
}
]
}

17
2023/2xxx/CVE-2023-2518.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
"value": "The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
]
},
@ -39,18 +39,9 @@
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "6.8.8"
}
],
"defaultStatus": "affected"
}
"version_affected": "<",
"version_name": "0",
"version_value": "6.8.9"
}
]
}

158
2023/2xxx/CVE-2023-2729.json
View File

@ -1,17 +1,167 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2729",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@synology.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Synology",
"product": {
"product_data": [
{
"product_name": "DiskStation Manager (DSM)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.2",
"status": "affected",
"lessThan": "7.2-64561",
"versionType": "semver"
},
{
"version": "7.1",
"status": "affected",
"lessThan": "*",
"versionType": "semver"
},
{
"version": "7.0",
"status": "affected",
"lessThan": "*",
"versionType": "semver"
},
{
"version": "6.2",
"status": "affected",
"lessThan": "*",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Unified Controller (DSMUC)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.1",
"status": "affected",
"lessThan": "*",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Synology Router Manager (SRM)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1.3",
"status": "affected",
"lessThan": "*",
"versionType": "semver"
},
{
"version": "1.2",
"status": "affected",
"lessThan": "*",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_07",
"refsource": "MISC",
"name": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_07"
},
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_08",
"refsource": "MISC",
"name": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_08"
}
]
},
"credits": [
{
"lang": "en",
"value": "Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}