From a97cc84c2ebb7721982fa2096d41751a548f496a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 7 Aug 2023 13:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/18xxx/CVE-2018-18307.json | 17 ++++- 2023/38xxx/CVE-2023-38392.json | 113 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39917.json | 18 ++++++ 2023/39xxx/CVE-2023-39918.json | 18 ++++++ 2023/39xxx/CVE-2023-39919.json | 18 ++++++ 2023/39xxx/CVE-2023-39920.json | 18 ++++++ 2023/39xxx/CVE-2023-39921.json | 18 ++++++ 2023/39xxx/CVE-2023-39922.json | 18 ++++++ 2023/39xxx/CVE-2023-39923.json | 18 ++++++ 2023/39xxx/CVE-2023-39924.json | 18 ++++++ 2023/39xxx/CVE-2023-39925.json | 18 ++++++ 2023/39xxx/CVE-2023-39926.json | 18 ++++++ 2023/3xxx/CVE-2023-3896.json | 90 ++++++++++++++++++++++++-- 13 files changed, 391 insertions(+), 9 deletions(-) create mode 100644 2023/39xxx/CVE-2023-39917.json create mode 100644 2023/39xxx/CVE-2023-39918.json create mode 100644 2023/39xxx/CVE-2023-39919.json create mode 100644 2023/39xxx/CVE-2023-39920.json create mode 100644 2023/39xxx/CVE-2023-39921.json create mode 100644 2023/39xxx/CVE-2023-39922.json create mode 100644 2023/39xxx/CVE-2023-39923.json create mode 100644 2023/39xxx/CVE-2023-39924.json create mode 100644 2023/39xxx/CVE-2023-39925.json create mode 100644 2023/39xxx/CVE-2023-39926.json diff --git a/2018/18xxx/CVE-2018-18307.json b/2018/18xxx/CVE-2018-18307.json index cebe1706100..d3f1a461e11 100644 --- a/2018/18xxx/CVE-2018-18307.json +++ b/2018/18xxx/CVE-2018-18307.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field." + "value": "** DISPUTED ** A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: \"The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized.\"" } ] }, @@ -56,6 +56,21 @@ "name": "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/pictures_controller.rb#L5", + "url": "https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/pictures_controller.rb#L5" + }, + { + "refsource": "MISC", + "name": "https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/resources_controller.rb#L21", + "url": "https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/resources_controller.rb#L21" + }, + { + "refsource": "MISC", + "name": "https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/base_controller.rb#L15", + "url": "https://github.com/AlchemyCMS/alchemy_cms/blob/4.1-stable/app/controllers/alchemy/admin/base_controller.rb#L15" } ] } diff --git a/2023/38xxx/CVE-2023-38392.json b/2023/38xxx/CVE-2023-38392.json index addaa82bf26..a3833fb1b4a 100644 --- a/2023/38xxx/CVE-2023-38392.json +++ b/2023/38xxx/CVE-2023-38392.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <=\u00a02.5.9 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hiroaki Miyashita", + "product": { + "product_data": [ + { + "product_name": "Custom Field Template", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.6.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.5.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.6.0 or a higher version." + } + ], + "value": "Update to\u00a02.6.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Phd (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39917.json b/2023/39xxx/CVE-2023-39917.json new file mode 100644 index 00000000000..5b4318d5c91 --- /dev/null +++ b/2023/39xxx/CVE-2023-39917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39918.json b/2023/39xxx/CVE-2023-39918.json new file mode 100644 index 00000000000..180f347f801 --- /dev/null +++ b/2023/39xxx/CVE-2023-39918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39919.json b/2023/39xxx/CVE-2023-39919.json new file mode 100644 index 00000000000..bc8106869e1 --- /dev/null +++ b/2023/39xxx/CVE-2023-39919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39920.json b/2023/39xxx/CVE-2023-39920.json new file mode 100644 index 00000000000..ae195eb149d --- /dev/null +++ b/2023/39xxx/CVE-2023-39920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39921.json b/2023/39xxx/CVE-2023-39921.json new file mode 100644 index 00000000000..849d0f330c5 --- /dev/null +++ b/2023/39xxx/CVE-2023-39921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39922.json b/2023/39xxx/CVE-2023-39922.json new file mode 100644 index 00000000000..a0107bf4ca2 --- /dev/null +++ b/2023/39xxx/CVE-2023-39922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39923.json b/2023/39xxx/CVE-2023-39923.json new file mode 100644 index 00000000000..ba550b195a7 --- /dev/null +++ b/2023/39xxx/CVE-2023-39923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39924.json b/2023/39xxx/CVE-2023-39924.json new file mode 100644 index 00000000000..682d6da2d3b --- /dev/null +++ b/2023/39xxx/CVE-2023-39924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39925.json b/2023/39xxx/CVE-2023-39925.json new file mode 100644 index 00000000000..11da55080d5 --- /dev/null +++ b/2023/39xxx/CVE-2023-39925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39926.json b/2023/39xxx/CVE-2023-39926.json new file mode 100644 index 00000000000..0e182e8897b --- /dev/null +++ b/2023/39xxx/CVE-2023-39926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3896.json b/2023/3xxx/CVE-2023-3896.json index a1a3b499aa2..b5b83eb3544 100644 --- a/2023/3xxx/CVE-2023-3896.json +++ b/2023/3xxx/CVE-2023-3896.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opencloudos.tech", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Divide By Zero in vim/vim from\u00a09.0.1367-1 to\u00a09.0.1367-3\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369 Divide By Zero", + "cweId": "CWE-369" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenCloudOS", + "product": { + "product_data": [ + { + "product_name": "OpenCloudOS Stream", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "9.0.1367-1", + "version_value": "9.0.1367-3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vim/vim/issues/12528", + "refsource": "MISC", + "name": "https://github.com/vim/vim/issues/12528" + }, + { + "url": "https://github.com/vim/vim/pull/12540", + "refsource": "MISC", + "name": "https://github.com/vim/vim/pull/12540" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "fullwaywang (Tencent Yunding Lab)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] }