From ad320fdf5dfd798a5864e651bc80b9994eb23d2b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Mar 2023 15:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/28xxx/CVE-2022-28491.json | 61 ++++++++++++++++-- 2022/28xxx/CVE-2022-28493.json | 56 ++++++++++++++-- 2022/47xxx/CVE-2022-47589.json | 113 +++++++++++++++++++++++++++++++-- 2023/1xxx/CVE-2023-1599.json | 18 ++++++ 2023/1xxx/CVE-2023-1600.json | 18 ++++++ 2023/22xxx/CVE-2023-22702.json | 113 +++++++++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23722.json | 113 +++++++++++++++++++++++++++++++-- 2023/23xxx/CVE-2023-23728.json | 113 +++++++++++++++++++++++++++++++-- 2023/27xxx/CVE-2023-27077.json | 56 ++++++++++++++-- 2023/27xxx/CVE-2023-27078.json | 56 ++++++++++++++-- 2023/27xxx/CVE-2023-27135.json | 56 ++++++++++++++-- 2023/28xxx/CVE-2023-28772.json | 77 ++++++++++++++++++++++ 12 files changed, 804 insertions(+), 46 deletions(-) create mode 100644 2023/1xxx/CVE-2023-1599.json create mode 100644 2023/1xxx/CVE-2023-1600.json create mode 100644 2023/28xxx/CVE-2023-28772.json diff --git a/2022/28xxx/CVE-2022-28491.json b/2022/28xxx/CVE-2022-28491.json index b466aab4ea1..b676b084d0d 100644 --- a/2022/28xxx/CVE-2022-28491.json +++ b/2022/28xxx/CVE-2022-28491.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28491", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28491", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/B2eFly/Router/blob/main/totolink/CP900/1/2.md", + "refsource": "MISC", + "name": "https://github.com/B2eFly/Router/blob/main/totolink/CP900/1/2.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/B2eFly/CVE/blob/main/totolink/CP900/2/2.md", + "url": "https://github.com/B2eFly/CVE/blob/main/totolink/CP900/2/2.md" } ] } diff --git a/2022/28xxx/CVE-2022-28493.json b/2022/28xxx/CVE-2022-28493.json index 9392487ca3b..6fcb832adae 100644 --- a/2022/28xxx/CVE-2022-28493.json +++ b/2022/28xxx/CVE-2022-28493.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28493", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28493", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/B2eFly/Router/blob/main/totolink/CP900/7/7.md", + "refsource": "MISC", + "name": "https://github.com/B2eFly/Router/blob/main/totolink/CP900/7/7.md" } ] } diff --git a/2022/47xxx/CVE-2022-47589.json b/2022/47xxx/CVE-2022-47589.json index bd85bcb216d..776d7bb4fcf 100644 --- a/2022/47xxx/CVE-2022-47589.json +++ b/2022/47xxx/CVE-2022-47589.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "this.functional", + "product": { + "product_data": [ + { + "product_name": "CTT Expresso para WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.2.12", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.2.11", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ctt-expresso-para-woocommerce/wordpress-ctt-expresso-para-woocommerce-plugin-3-2-11-cross-site-scripting-xss?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ctt-expresso-para-woocommerce/wordpress-ctt-expresso-para-woocommerce-plugin-3-2-11-cross-site-scripting-xss?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.2.12 or a higher version." + } + ], + "value": "Update to\u00a03.2.12 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "TEAM WEBoB of BoB 11th (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/1xxx/CVE-2023-1599.json b/2023/1xxx/CVE-2023-1599.json new file mode 100644 index 00000000000..a27adb11a18 --- /dev/null +++ b/2023/1xxx/CVE-2023-1599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1600.json b/2023/1xxx/CVE-2023-1600.json new file mode 100644 index 00000000000..6a3b801856e --- /dev/null +++ b/2023/1xxx/CVE-2023-1600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22702.json b/2023/22xxx/CVE-2023-22702.json index 49422b50575..a9e1cb4a45a 100644 --- a/2023/22xxx/CVE-2023-22702.json +++ b/2023/22xxx/CVE-2023-22702.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App \u2014 Android and iOS Mobile Application plugin <= 11.13 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPMobile.App", + "product": { + "product_data": [ + { + "product_name": "WPMobile.App \u2014 Android and iOS Mobile Application", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "11.14", + "status": "unaffected" + } + ], + "lessThanOrEqual": "11.13", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-13-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-13-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 11.14 or a higher version." + } + ], + "value": "Update to\u00a011.14 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Lana Codes (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23722.json b/2023/23xxx/CVE-2023-23722.json index fdf532008c4..e1ba60cf5ab 100644 --- a/2023/23xxx/CVE-2023-23722.json +++ b/2023/23xxx/CVE-2023-23722.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Winwar Media", + "product": { + "product_data": [ + { + "product_name": "WP eBay Product Feeds", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.3.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ebay-feeds-for-wordpress/wordpress-wp-ebay-product-feeds-plugin-3-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ebay-feeds-for-wordpress/wordpress-wp-ebay-product-feeds-plugin-3-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.4 or a higher version." + } + ], + "value": "Update to\u00a03.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "yuyudhn (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/23xxx/CVE-2023-23728.json b/2023/23xxx/CVE-2023-23728.json index 28af68c6e78..3fe4df0abb0 100644 --- a/2023/23xxx/CVE-2023-23728.json +++ b/2023/23xxx/CVE-2023-23728.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Winwar Media", + "product": { + "product_data": [ + { + "product_name": "WP Flipclock", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.7.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-flipclock/wordpress-wp-flipclock-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-flipclock/wordpress-wp-flipclock-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.8 or a higher version." + } + ], + "value": "Update to\u00a01.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "yuyudhn (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27077.json b/2023/27xxx/CVE-2023-27077.json index 8a905d35fd8..e9ea0cb0b1a 100644 --- a/2023/27xxx/CVE-2023-27077.json +++ b/2023/27xxx/CVE-2023-27077.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27077", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27077", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/B2eFly/Router/blob/main/360/360D901.md", + "refsource": "MISC", + "name": "https://github.com/B2eFly/Router/blob/main/360/360D901.md" } ] } diff --git a/2023/27xxx/CVE-2023-27078.json b/2023/27xxx/CVE-2023-27078.json index 214fe10694f..6352d50f762 100644 --- a/2023/27xxx/CVE-2023-27078.json +++ b/2023/27xxx/CVE-2023-27078.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27078", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/B2eFly/Router/blob/main/TPLINK/MR3020/1.md", + "refsource": "MISC", + "name": "https://github.com/B2eFly/Router/blob/main/TPLINK/MR3020/1.md" } ] } diff --git a/2023/27xxx/CVE-2023-27135.json b/2023/27xxx/CVE-2023-27135.json index 1b79832f792..8cd6068611e 100644 --- a/2023/27xxx/CVE-2023-27135.json +++ b/2023/27xxx/CVE-2023-27135.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27135", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27135", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Am1ngl/ttt/tree/main/29", + "refsource": "MISC", + "name": "https://github.com/Am1ngl/ttt/tree/main/29" } ] } diff --git a/2023/28xxx/CVE-2023-28772.json b/2023/28xxx/CVE-2023-28772.json new file mode 100644 index 00000000000..0b25fc1d23a --- /dev/null +++ b/2023/28xxx/CVE-2023-28772.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-28772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3" + }, + { + "url": "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7" + }, + { + "url": "https://lore.kernel.org/lkml/20210625122453.5e2fe304@oasis.local.home/", + "refsource": "MISC", + "name": "https://lore.kernel.org/lkml/20210625122453.5e2fe304@oasis.local.home/" + }, + { + "url": "https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou@windriver.com", + "refsource": "MISC", + "name": "https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou@windriver.com" + } + ] + } +} \ No newline at end of file