From ae18702b6a2dc89c6f082a2ea4e8bd6e64814ee5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 29 Mar 2023 14:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0149.json | 7 +-- 2023/0xxx/CVE-2023-0336.json | 17 ++----- 2023/1xxx/CVE-2023-1663.json | 90 ++++++++++++++++++++++++++++++++-- 2023/27xxx/CVE-2023-27247.json | 2 +- 4 files changed, 95 insertions(+), 21 deletions(-) diff --git a/2023/0xxx/CVE-2023-0149.json b/2023/0xxx/CVE-2023-0149.json index c407d89e358..02a99c96633 100644 --- a/2023/0xxx/CVE-2023-0149.json +++ b/2023/0xxx/CVE-2023-0149.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" + "value": "The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" } ] }, @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_value": "0", - "version_affected": "=" + "version_affected": "<", + "version_name": "0", + "version_value": "0.9" } ] } diff --git a/2023/0xxx/CVE-2023-0336.json b/2023/0xxx/CVE-2023-0336.json index 14f3227ffc1..32f587c0edc 100644 --- a/2023/0xxx/CVE-2023-0336.json +++ b/2023/0xxx/CVE-2023-0336.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The OoohBoi Steroids for Elementor WordPress plugin through 2.1.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment." + "value": "The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment." } ] }, @@ -47,18 +47,9 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "versionType": "custom", - "version": "0", - "lessThanOrEqual": "2.1.3" - } - ], - "defaultStatus": "affected" - } + "version_affected": "<", + "version_name": "0", + "version_value": "2.1.5" } ] } diff --git a/2023/1xxx/CVE-2023-1663.json b/2023/1xxx/CVE-2023-1663.json index 4a9547bdeca..1fc666d7b6f 100644 --- a/2023/1xxx/CVE-2023-1663.json +++ b/2023/1xxx/CVE-2023-1663.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-425 Direct Request ('Forced Browsing')", + "cweId": "CWE-425" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Synopsys", + "product": { + "product_data": [ + { + "product_name": "Coverity", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2023.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform", + "refsource": "MISC", + "name": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform" + }, + { + "url": "https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663", + "refsource": "MISC", + "name": "https://community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Juha Leivo" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27247.json b/2023/27xxx/CVE-2023-27247.json index 125749e8c01..753d3e11b70 100644 --- a/2023/27xxx/CVE-2023-27247.json +++ b/2023/27xxx/CVE-2023-27247.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions via disabling process privilege tokens." + "value": "Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege tokens." } ] },